I'm trying to use Microsoft's "LiveKD" utility. My understanding is that it's an alternative to having to use WinDbg and KD via a serial connection to debug the kernel 'live' (and the system doesn't have to be booted in debug mode). I'm using Windows 10; however, until I enable debug option and reboot it doesn't work.
Any help is welcome.
livekd.exe -w
LiveKd v5.63 - Execute kd/windbg on a live system
Sysinternals - www.sysinternals.com
Copyright (C) 2000-2020 Mark Russinovich and Ken Johnson
Launching C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe:
no debugger:
Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\livekd.dmp]
Kernel Complete Dump File: Full address space is available
Comment: 'LiveKD live system view'
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\Symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
Unable to read PsLoadedModuleList
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
KdDebuggerData.KernBase < SystemRangeStart
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Machine Name:
Kernel base = 0x00000000`00000000 PsLoadedModuleList = 0xfffff807`2a2460f0
Debug session time: Tue Oct 27 21:47:47.703 2020 (UTC)
System Uptime: not available
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
Unable to read PsLoadedModuleList
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
KdDebuggerData.KernBase < SystemRangeStart
Loading Kernel Symbols
Unable to read PsLoadedModuleList
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 0.)
GetContextState failed, 0xD0000147
CS descriptor lookup failed
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
For analysis of this file, run !analyze -v
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Related
I am running "Vagrant up --provision", it seems to be ok but at the end, I got an error shown below. Please help me to solve this problem as I tried many times with VPN and without VPN but getting error "Failed to start MariaDB 10.3.31 database server."
default: An error occurred while setting the password for the MariaDB administrative
default: user. This may have happened because the account already has a password, or
default: because of a communication problem with the MariaDB server.
default: You should check the account's password after the package installation.
default: Please read the /usr/share/doc/mariadb-server-10.3/README.Debian file for
default: more information.
default: Job for mariadb.service failed because the control process exited with error code.
default: See "systemctl status mariadb.service" and "journalctl -xe" for details.
default: invoke-rc.d: initscript mysql, action "start" failed.
default: ● mariadb.service - MariaDB 10.3.31 database server
default: Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
default: Drop-In: /etc/systemd/system/mariadb.service.d
default: └─migrated-from-my.cnf-settings.conf
default: Active: failed (Result: exit-code) since Sun 2021-11-07 17:38:01 UTC; 12ms ago
default: Docs: man:mysqld(8)
default: https://mariadb.com/kb/en/library/systemd/
default: Process: 6548 ExecStart=/usr/sbin/mysqld $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=1/FAILURE)
default: Process: 6404 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=`cd /usr/bin/..; /usr/bin/galera_recovery`; [ $? -eq 0 ] && systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1 (code=exited, status=0/SUCCESS)
default: Process: 6398 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
default: Process: 6387 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
default: Main PID: 6548 (code=exited, status=1/FAILURE)
default:
default: Nov 07 17:38:01 vvv mysqld[6548]: 2021-11-07 17:38:01 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
default: Nov 07 17:38:01 vvv mysqld[6548]: 2021-11-07 17:38:01 0 [Note] Crash recovery finished.
default: Nov 07 17:38:01 vvv mysqld[6548]: 2021-11-07 17:38:01 6 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1017: Can't find file: './mysql/' (errno: 2 "No such file or directory")
default: Nov 07 17:38:01 vvv mysqld[6548]: 2021-11-07 17:38:01 0 [Note] InnoDB: Buffer pool(s) load completed at 211107 17:38:01
default: Nov 07 17:38:01 vvv mysqld[6548]: 2021-11-07 17:38:01 0 [ERROR] Can't open and lock privilege tables: Table 'mysql.servers' doesn't exist
default: Nov 07 17:38:01 vvv mysqld[6548]: 2021-11-07 17:38:01 0 [Note] Server socket created on IP: '127.0.0.1'.
default: Nov 07 17:38:01 vvv mysqld[6548]: 2021-11-07 17:38:01 0 [ERROR] Fatal error: Can't open and lock privilege tables: Table 'mysql.user' doesn't exist
default: Nov 07 17:38:01 vvv systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
default: Nov 07 17:38:01 vvv systemd[1]: mariadb.service: Failed with result 'exit-code'.
default: Nov 07 17:38:01 vvv systemd[1]: Failed to start MariaDB 10.3.31 database server.
default: dpkg: error processing package mariadb-server-10.3 (--configure):
default: installed mariadb-server-10.3 package post-installation script subprocess returned error exit status 1
default: dpkg: dependency problems prevent configuration of mariadb-server:
default: mariadb-server depends on mariadb-server-10.3 (>= 1:10.3.31+maria~bionic); however:
default: Package mariadb-server-10.3 is not configured yet.
default:
default: dpkg: error processing package mariadb-server (--configure):
default: dependency problems - leaving unconfigured
default: No apport report written because the error message indicates its a followup error from a previous failure.
default: E: Sub-process /usr/bin/dpkg returned an error code (1)
default: Installing apt-get packages returned a failure code, cleaning up apt caches then exiting
default: Main packages check and install failed, halting provision
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.```
Try to set the database username and password in the .env file of your project. Something like this:
Then execute this command: vagrant reload --provision.
I am using HeidiSQL that lets me see and edit data and structures from my VM running one of the database systems MariaDB, MySQL etc.
Hope this answer helps you.
whenever I try to splitData using
mahout splitDataset --input /mini_datasets1/wimmer-mini_obesity_data2.csv --output mini_datasets1/wimmer-mini_obesity_data2split --trainingPercentage 0.7 --probePercentage 0.3
on hadoop I get the error below
Job job_1634335400729_0001 failed with state FAILED due to: Application application_1634335400729_0001 failed 2 times due to AM Container for appattempt_1634335400729_0001_000002 exited with exitCode: 1
Failing this attempt.Diagnostics: [2021-10-15 18:05:06.026]Exception from container-launch.
Container id: container_1634335400729_0001_02_000001
Exit code: 1
pls does anyone know how to resolve the error?? I already configured yarn-site.xml
I have a job defined on Rundeck with a step that has a remote command. This command calls PSExec that calls a .cmd that executes DTSXExec.
After I running the job, I got an error on Rundeck. Altough, the DTSXExec runs smoothly.
Here is the log:
PsExec v2.2 - Execute processes remotely
14:39:11 Copyright (C) 2001-2016 Mark Russinovich
14:39:11 Sysinternals - www.sysinternals.com
14:39:11
14:39:11
14:39:11 C:\Windows\system32>D:
14:39:11
14:39:11 D:\>cd D:\DTEXEC
14:39:11
14:39:11 D:\DTEXEC\DTSXExec.exe 32 CAR_ESTRUTURA_HIER
14:39:25
14:39:25 25-02-2019 14:39:10 - >>>>>>>>>>>>>>>>>>>>> BEGIN LOG <<<<<<<<<<<<<<<<<<<<<
14:39:25
14:39:25 25-02-2019 14:39:10 - CAR_ESTRUTURA_HIER - CAR_ESTRUTURA_HIER 32 bits execution.
14:39:25
14:39:25 25-02-2019 14:39:25 - Microsoft (R) SQL Server Execute Package Utility
14:39:25 Version 11.0.7001.0 for 32-bit
14:39:25 Copyright (C) Microsoft Corporation. All rights reserved.
14:39:25
14:39:25 DTExec: The package execution returned DTSER_SUCCESS (0).
14:39:25 Started: 14:39:10
14:39:25 Finished: 14:39:25
14:39:25 Elapsed: 14.867 seconds
14:39:25
14:39:25
14:39:25 25-02-2019 14:39:25 - RETURN CODE: 0.
14:39:25
14:39:25 25-02-2019 14:39:25 - RETURN CODE: 0. No errors.
14:39:25
14:39:25 25-02-2019 14:39:25 - >>>>>>>>>>>>>>>>>>>>> END LOG <<<<<<<<<<<<<<<<<<<<<
14:39:25
14:39:25 Connecting to localhost...
14:39:25 Starting PSEXESVC service on localhost...
14:39:25 Connecting with PsExec service on localhost...
14:39:25 Starting D:\teste3.cmd on localhost...
14:39:25 D:\teste3.cmd exited on localhost with error code 0.
14:39:25 Execution finished with the following error:
14:39:25 Failed: NonZeroResultCode: [WinRMPython] Result code: 1
Thanks in advance.
Check the service.log file (usually on /var/log/rundeck/service.log) for more clues. But in most cases that error is because exists a conflict with python libraries on your operating system (usually urllib3 or pywinrm), you can see your Python libs executing 'pip list' and install with 'pip install '.
Check that:
https://github.com/rundeck-plugins/py-winrm-plugin/issues/6
And that for PIP reference:
https://pip.pypa.io/en/stable/reference/pip/
Question Explaination
I am trying to running a program using cgal4.6.1, boost1.58.0, qt4.8.5 on my win32 PC with VS2010 ultimate. But when I build the solutions, there are errors happen as showing below. I've deploy the cgal etc well. I wondering how to solve this problem? I will appreciate for your solutions
Error Output
1>------ Build started: Project: qmat, Configuration: Debug Win32 ------
1>Build started 7/31/2015 4:07:00 PM.
1>InitializeBuildStatus:
1> Creating "Debug\qmat.unsuccessfulbuild" because "AlwaysCreate" was specified.
1>CustomBuild:
1> Moc'ing GLWidget.h...
1> The device is not ready.
1> Moc'ing medialaxissimplification3d.h...
1> The device is not ready.
1> Uic'ing medial_axis.ui...
1> The device is not ready.
1> Rcc'ing medial_axis.qrc...
1> The device is not ready.
1>C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.CppCommon.targets(151,5): error MSB6006: "cmd.exe" exited with code 21.
1>
1>Build FAILED.
1>
1>Time Elapsed 00:00:00.40
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
I'm debugging some random crash bugs, but actually very difficult to go deep into. Because when i open crash dump, only find one error:
0:000> .exr -1
ExceptionAddress: 00000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
Actually i haven't set any hard-code breakpoint in code, so i search about this exception in google, some people said this exception may be caused by heap corruption.
So my question is,
Is there any other reason why cause this exception, except hard-code breakpoint, manual breakpoint while debugging, heap corruption?
Another question is, i try to use Application Verifier to check heap corruption, i understand how does it work, app verifier will trigger break instruction exception while heap corruption. But currently, i run without app verifier, who will raise the break instruction exception?
Additional info: call stack for current thread.
*0:000> k
ChildEBP RetAddr
0012f96c 7c827d19 ntdll!KiFastSystemCallRet
0012f970 77e6202c ntdll!NtWaitForMultipleObjects+0xc
0012fa18 7739bbd1 kernel32!WaitForMultipleObjectsEx+0x11a
0012fa74 3b288523 user32!RealMsgWaitForMultipleObjectsEx+0x141
0012fab8 3b32b9bd msenv!EnvironmentMsgLoop+0x1ea
0012fae4 3b32b94d msenv!CMsoCMHandler::FPushMessageLoop+0x86
0012fb0c 3b32b8e9 msenv!SCM::FPushMessageLoop+0xb7
0012fb28 3b32b8b8 msenv!SCM_MsoCompMgr::FPushMessageLoop+0x28
0012fb48 3b32be4e msenv!CMsoComponent::PushMsgLoop+0x28
0012fbe0 3b327561 msenv!VStudioMainLogged+0x482
0012fc0c 3000a4a6 msenv!VStudioMain+0xc1
0012fc38 30007301 devenv!util_CallVsMain+0xff
0012ff14 3000760c devenv!CDevEnvAppId::Run+0x91f
0012ff30 30007680 devenv!WinMain+0x74
0012ffc0 77e6f23b devenv!License::GetPID+0x258
0012fff0 00000000 kernel32!BaseProcessStart+0x23*
Our application is a Visual Studio Package.
Below is the result from !analyze -v
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*************************************************************************
FAULTING_IP:
+0
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00001f1c
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: devenv.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK:
SP IP Function
0012E584 09C8A903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure(Int32, Int32[])+0x3b
0012E590 09C8C604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged(UInt32, System.Object, System.Object)+0x144
StackTraceString: <none>
HResult: 80004005
EXCEPTION_OBJECT: !pe 3115d464
Exception object: 3115d464
Exception type: System.Runtime.InteropServices.COMException
Message: Error HRESULT E_FAIL has been returned from a call to a COM component.
InnerException: <none>
StackTrace (generated):
SP IP Function
0012E584 09C8A903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure(Int32, Int32[])+0x3b
0012E590 09C8C604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged(UInt32, System.Object, System.Object)+0x144
StackTraceString: <none>
HResult: 80004005
MANAGED_OBJECT: !dumpobj 3201988
Name: System.String
MethodTable: 79330a00
EEClass: 790ed64c
Size: 158(0x9e) bytes
(C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: Error HRESULT E_FAIL has been returned from a call to a COM component.
Fields:
MT Field Offset Type VT Attr Value Name
79332c4c 4000096 4 System.Int32 1 instance 71 m_arrayLength
79332c4c 4000097 8 System.Int32 1 instance 70 m_stringLength
793316e0 4000098 c System.Char 1 instance 45 m_firstChar
79330a00 4000099 10 System.String 0 shared static Empty
>> Domain:Value 00219c28:03031198 <<
79331630 400009a 14 System.Char[] 0 shared static WhitespaceChars
>> Domain:Value 00219c28:03031798 <<
EXCEPTION_MESSAGE: Error HRESULT E_FAIL has been returned from a call to a COM component.
MANAGED_OBJECT_NAME: System.Runtime.InteropServices.COMException
LAST_CONTROL_TRANSFER: from 7c827d19 to 7c82860c
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
STACK_TEXT:
09c8a903 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure
09c8c604 Microsoft_VisualStudio_Design!Microsoft.VisualStudio.Design.VSDesignSurfaceManager.Microsoft.VisualStudio.Shell.Interop.IVsSelectionEvents.OnElementValueChanged
STACK_COMMAND: dds 12e584 ; kb
FOLLOWUP_IP:
+9c8a903
09c8a903 8bc6 mov eax,esi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure+9c8a903
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Microsoft_VisualStudio_Design
IMAGE_NAME: Microsoft.VisualStudio.Design.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_Microsoft.VisualStudio.Design.dll!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure
BUCKET_ID: APPLICATION_FAULT_STATUS_BREAKPOINT_Microsoft_VisualStudio_Design!Microsoft.VisualStudio.NativeMethods.ThrowOnFailure+9c8a903
Followup: MachineOwner
...
In the managed stack, there is a explicit error,Microsoft.VisualStudio.NativeMethods.ThrowOnFailure..
But that means the com exception cause the break instruction exception?
!analyze seems just dump the managed level, the com exception maybe the last error in the managed level.
I also search something about interrupt and exception from google, Normally, the break instruction exception can be triggered in following conditions:
1. Hardcode interrupt request, like: __asm int 3 (ASM), System.Diagnostics.Debugger.Break (C#), DebugBreak() (WinAPI).
2. OS enable memory runtime check, like Application Verifier can trigger after heap corruption, memory overrun.
3. Compiler can have some configuration to enble what should be filled for the uninitialized memory block and end of function(blank area, after retun..). For example, Microsoft VC complier can fill 0xCC if enable /GZ. 0xCC is actually a opcode of __asm int 3. So if some error cause the application run into such block, will trigger a break point.
Correct?
If that, I think Application Verifier should be best choice to find the root cause.
For future reference, the Your debugger is not using the correct symbols warning is caused because you need to add Windows symbols to the Windbg symbols path. Here is how to do that:
Set Microsoft symbol server path automatically:
0:000> .symfix
Optionally you can specify an additional location where to download symbol from, e.g.:
0:000> .sympath+ c:\myproject
Check current symbol search path:
0:000> .sympath
You should see something like this:
SRV**http://msdl.microsoft.com/download/symbols
Reload symbols:
0:000> .reload
Then, you will be able to see information about the current exception using this command:
0:000> !analyze -v
You should see a line similar to the following:
ExceptionCode: c0000005 (Access violation)
Good luck fixing bugs!
The command to use to find the exception that caused the crash dump is .ecxr. The outpt you got from .exr -1 is incorrect as the ExceptionAddress is zero.