I'm trying to get log of activity of my application with WinDbg. At the moment I'm on Win10 Pro x64. The entry point of my application is 0x10004D7EC. After start of WinDbg I press Ctrl+E to select my app. I input the next command
bp 10004D7EC
then hit F5 but WinDbg says that ERROR_PARTIAL_COPY has been occured (0x12B) so it seems that loading logexts is a bad idea because there is no garanty that information will be correct. So, how to fix this or maybe I do something wrong?
I believe that you're getting the error because you are putting your breakpoint on an invalid memory location. Check in the memory/disassembly window in windbg what is at this memory location - you'll probably find nothing there.
I guess that 10004D7EC is the address of your entry point on the disk - which might be different from the entry point address at runtime. You can search for the entry point with: x <your module name>!*<your entry point name>* (i.e. x myApp!*main*)
Related
I'd like to use Ollydbg2 to debug FLTLDR.EXE, which is spawned when my document is opened in Microsoft Word. I can't run FLTLDR.EXE manually I don't think, it seems to need to be run or hosted by Word.
I have ticked the "Debug child processes" in Olly and tried to debug Word, but an exception is raised before I can even open the document.
Any ideas?
Many thanks
For this you have to create a registry key to tell the OS that you want your app, FLTLDR.EXE, to be started with a debugger attached to it.
Follow the steps in the link:
https://msdn.microsoft.com/en-us/library/a329t4ed(v=vs.100).aspx
After setting the registry key just launch Word application. The execution of FLTLDR.EXE causes the ollydbg to start automatically. From this point you can continue debugging.
side note: receiving exceptions while attaching to some application with the debugger is normal. Most of the time Shift+F9 solves the problem and you can continue but if it's happening several times on a same address you can save the exception address and then Shift+F9...
Is there an easy way of generating the memory dump for the crashed application?
I have a situation in which the customer received the code which is generating the crash, as the code itself has no signal handlers for the backtrace generation on abort I was wondering if there is an easy way of telling windows to generate the memory dump of the crashing application.
Ideal solution wouldn't involve the installation of the debug tools (or the code modification) but if this is not possible, it would be really helpful to know.
One simple way to dump memory when application crashes is by using windows taskmanager.
When ever an exception or an application error occurs windows pops up an memory dialog and shows the address location which was causing a crash.Before you click ok on the message box open Task Manger and right click on the crashed application and select Create Dump file.Take a look at the screen shot below.
Select the file
2)Another way of generating user mode dumps is by adding the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting >\LocalDumps\application.exe
application.exe should be replaced by the application name which is under scanner.
under this key following values can be added
DumpFolder
The path where the dump files are to be stored. If you do not use the default path, then make sure that the folder contains ACLs that allow the crashing process to write data to the folder.
For service crashes, the dump is written to service specific profile folders depending on the service account used. For example, the profile folder for System services is %WINDIR%\System32\Config\SystemProfile. For Network and Local Services, the folder is %WINDIR%\ServiceProfiles.
DumpCount
The maximum number of dump files in the folder. When the maximum value is exceeded, the oldest dump file in the folder will be replaced with the new dump file.
DumpType
Specify one of the following dump types:
0: Custom dump
1: Mini dump
2: Full dump
CustomDumpFlags
The custom dump options to be used. This value is used only when DumpType is set to 0.
The options are a bitwise combination of the MINIDUMP_TYPE enumeration values.
I have found the answer myself, the msdn specifies the debug registery in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error\LocalDumps
The following values need to be set:
DumpFolder
DumpCount
DumpType
CustomDumpFlags
The extensive documentation is available here.
If the registers do not exist it is possible to create them manually and windows will pick it up.
Also this is possible without directly modifying the registry with following steps:
Click Start, and then click Control Panel.
Double-click System, and then click Advanced system settings.
Click the Advanced tab, and then click Settings under Startup and Recovery.
In the Write debugging information list, click Small memory dump (64k).
Where XCode generate error for application crash ?
I'm crazyng ! My application when open second file xib with webview then it crash. But I don't know why ? how can i Know where is error ?
You need to learn how to use the debugger in Xcode.
Run your app under the debugger then instead if simply getting a stack trace Xcode will stop at the line the fault occurs and show you your code and variables. You can then examine the contents of your variables, the call tree, etc. and hunt down the problem.
Once you know the general area of the problem you can place breakpoints to pause your application before the problem occurs and check whether your variables have the values expected etc. Then you can run till the next breakpoint, or step through your code a line at a time.
You can add code, such as NSAssert's and NSLog's to your app to check progress and display information without stopping the run, etc.
It's a process, and some problems will be harder to track down, but you'll get quicker at it with practice.
The Xcode documentation will tell you all about the debugger.
HTH
For some reason as soon as I login into my PC, I get this error in Windows 7 Ultimate:
http://i51.tinypic.com/b9go6g.png
Any ideas how to get rid of this error and why is it poppoing up?
Find where this application came from (looking at the contents of files in c:\process and in the control panel will help, if not, you can search for that XXXX thing in the registry using regedit).
Then repair or reinstall it. Or uninstall it completely.
Or, if you're brave enough, debug it. For that you should start looking at the contents of the Windows event log and what Process Monitor(separate, downloadable tool) shows -- see what errors you get there for this process, they may give you some clues. Finally, you may even run it under a debugger (e.g. WinDbg, also separate from Windows and downloadable).
I want to set a break point and wants it to be triggered when a piece memory (begin address and length are known) are changed. I am working on Windows Server 2003 x64 platform. Either solution in Windbg or solution in Visual Studio are fine. My purpose is to monitor when the memory content is change.
thanks in advance,
George
Try setting a data breakpoint.
In Visual Studio:
Go to Debug >> New Breakpoint >> New Data Breakpoint
Enter the address you want to watch (or an expression that evaluates to an address; such as &foo)
Enter the number of bytes to watch at that address
Click OK, run your program in the debugger, and wait!
This can be done in GDB also. In GDB, this is a watch on a specific address (I've had success setting watches on the address of C++ object members in this way).
Not sure about VS, but with windbg you can use the following command
ba w size address
Replace size with the length of the memory and address with the start address of the memory.
You can set a data breakpoint but you'll need to know the address of the memory location you're interesting in before you can set such a breakpoint. Typically, I either set a breakpoint at the beginning of my program or have the debugger suspend on attach so I can find the memory address of the variable I want to monitor, then set the data breakpoint.