Recently started using Windbg, as I have heard it is a great tool for debugging purpose.
There is a lot of help online on how to use windbg and the different extensions available. During my learning I constantly come across the below failure on Windbg while I am running some particular workload.
Failure:
MIL FAILURE: Unexpected HRESULT 0x8000ffff in caller: CDwmAppHost::OnUnhandledException
I tried finding help online from Google and MSDN. Maybe, I missed out something, hence could not get any help on it.
So, please, can someone help me in
-> understanding what this error message means?
-> How do I debug it? are there any extensions or other tools available to debug it?
P.S: English is not my native language, so please apologies if there are any grammatical or speling mistakes.
-> understanding what this error message means?
I don't think this message is something related to WINDBG. This is being spewed from the code that you are running. Basically when running under the debugger - if you code spews any debug messages that will get shown in WINDBG.
So to know more about what this error message means, search through your code for text displayed.
-> How do I debug it? are there any extensions or other tools available to debug it?
Like i said above, start with text search in your code to see where this message comes from - that would be your starting point !
Happy Debugging :)
The message looks like a debug message, not an exception. Debug messages can be sent by the programmer using the OutputDebugString() method (MSDN).
To check if that's really the case, you can use SysInternals DebugView. If the message shows up there when not using WinDbg, then it's true.
Since the text of a debug message is specified by the programmer, the text can be more or less meaningful. It can also be a message of a library (DLL) used by the program.
If you want to see the callstack when the message is printed, you can issue the command
sxe out
WinDbg should then stop whenever debug output is written. I'm not so sure what could be interesting at that point, here are some tries:
k; *** Callstack
!gle; *** Get last error
g; *** Go (wait for next debug output)
Related
recently I encountered a problem. Every time when I make some changes in page after I debug it on device when going to said page the app minimizes (crashes) and after about 30-50 seconds in output window I get
The program 'XXX' has exited with code -1073741819 (0xc0000005) 'Access violation'.
But when I uninstall and then debug again It works. I already tied reseting phone. Is it something with my debbuger or more likely with my code?
Edit:
Right now sometimes it occurs and sometime it doesnt ... I'll need to inspect code more. Is there a way to obtain more debug info with Access violation information?
I'll post as answer so others can see it easily.
You can see the dump of debug on the test device, Follow this
link.
Basically the link explains how to turn on "Save Information option" from Feedback application inside Settings of your device. After that when you debug the app, you will find dump file of your application inside,Phone -> Documents ->Debug.
Please post a sample of your code. I had similar problems when I tried using {unsafe code} and included pointers. They are extremely useful, but often lead you to memory problems (reading from a NULL pointer or something like that), so check if that's your problem.
Good luck
I'm using Visual Studio 2008 to compile and debug a plugin for an application that runs under Windows.
The plugin has some problem and it crashes. I have been running VS in Debug mode but when the application crashes VS stack trace has nothing from my code. It is possibly the application itself that crashes. So I though I could try to figure out which part of my code does something the host application doesn't like by sprinkling a few print statements here and there in my code. That generally works as expected on *nix systems but in Windows I can't find where the output of those print goes. Can anybody point me in the right direction?
Also, if using prints do debug is too 1970's and somebody knows a better way to figure out where too look when the stack trace doesn't reveal anything interesting please let me know.
If i know correctly, debug.print is only executed when a debugger is attached, otherwise it is lost. (this applies to c# and vb.net).
You can use a logger to log your problems to some database or text file. A like NLOG to do the simple "log to a txt file" job. Additionally, you do not need to remove your logging code when shipping your addon -simply supress logmessages with low debug level.
Also, you could log to the windows event log, but is cluttered ny boatloads of junk, so you might have a hard time to differentiate that output.
Eventlog: http://support.microsoft.com/kb/301279
I have a customer who is getting a 100% reproduceable crash that I can't replicate in my program compiled in Visual Studio 2005. I sent them a debug build of my program and kept all the PDB and DLL files handy. They sent me the minidump file, but when I open it I get:
"Unhandled exception at 0x00000000 in MiniDump.dmp: 0xC0000005: Access violation reading location 0x00000000."
Then the call stack shows only "0x00000000()" and the disassembly shows me a dump of the memory at 0x0. I've set up the symbol server, loaded my PDB symbols, etc. But I can't see any way of knowing which of the many DLLs actually caused the jump to null. This is a large project with many dependencies, and some of them are binaries that I don't have the source or PDBs for, as I am using an API as a 3rd party.
So how on earth is this minidump useful? How do I see which DLL caused the crash? I've never really used minidumps for debugging before, but all the tutorials I have read seem to at least display a function name or something else that gives you a clue in the call stack. I just get the one line pointing to null.
I also tried using "Depends" to see if there was some DLL dependency that was unresolved; however on my three test machines with various Windows OS's, I seem to get three different sets of OS DLL dependencies (and yet can't replicate the crash); so this doesn't seem a particularly reliable method either to diagnose the problem.
What other methods are available to determine the cause of this problem? Is there some way to step back one instruction to see which DLL jumped to null?
Well it looks like the answer in this instance was "Use WinDbg instead of Visual Studio for debugging minidumps". I couldn't get any useful info out of VS, but WinDbg gave me a wealth of info on the chain of function calls that led to the crash.
In this instance it still didn't help solve my problem, as all of the functions were in the 3rd party library I am using, so it looks like the only definitive answer to my specific problem is to use log files to trace the state of my application that leads to the crash.
I guess if anyone else sees a similar problem with an unhelpful call stack when debugging a minidump, the best practice is to open it with WinDgb rather than Visual Studio. Seems odd that the best tool for the job is the free Microsoft product, not the commerical one.
The other lesson here is probably "any program that uses a third party library needs to write a log file".
The whole idea behind all 'simple' ways of post mortem debugging is the capture of a stack trace. If your application overwrites the stack there is no way for such analysis. Only very sophisticated methods, that record the whole program execution in dedicated hardware could help.
The way to go in such a case are log files. Spread some log statements very wide around the area where the fault occurs and transmit that version to the customer. After the crash you'll see the last log statement in your log file. Add more log statements between that point and the next log statement that has not been recorded in the log file, ship that version again. Repeat until you found the line causing the problem.
I wrote a two part article about this at ddj.com:
About Log Files Part 1
About Log Files Part 2
Just an observation, but the the stack is getting truncated or over-written, might this be a simple case of using an uninitialised field, or perhaps a buffer overrun ?
That might be fairly easy to locate.
Have you tried to set WinDbg on a customer's computer and use it as a default debugger for any application that causes a crash? You just need to add pdb files to the folder where your application resides. When a crush happens WinDbg starts and you can try to get call stack.
Possibly you already know this, but here are some points about minidump debugging:
1. You need to have exactly the same executables and PDB files, as on the client computer where minidump was created, and they should be placed exactly in the same directories. Just rebuilding the same version doesn't help.
2. Debugger must be connected to MS Symbols server.
3. When debugger starts, it prints process loading log in the Output window. Generally, all libraries should be successfully loaded with debug information. Libraries without debug information are loaded as well, but "no debug info" is printed. Learn this log - it can give you some information.
If executable stack contains frames from a library without debug information, it may be not shown. This happens, for example, if your code is running as third-party library callback.
Try to create minidump on your own computer, by adding some code which creates unhandled exception, and debug it immediately. Does this work? Compare loading log in successful and unsuccessful debugging sessions.
You may have called null function pointer. Current executing function information is needed to show call stack information. Force set instruction pointer to start of any simple function, then you'll see call stack information again.
void SimpleFunc()
{ // <- set next statement here
}
Well, fortunately I haven't written many applications that cause a BSOD but I just wonder about the usefullness of the information on this screen. Does it contain any useful information that could help me to find the error in my code? If so, what do I need, exactly?
And then, the system restarts and probably has written some error log or other information to the system somewhere. Where is it, what does it contain and how do I use it to improve my code?
I did get a BSOD regularly in the past when I was interacting with a PBX system where the amount of documentation of it's drivers were just absent, so I had to do some trial-and-error coding. Fortunately, I now work for a different company and don't see any BSOD's as a result of my code.
If you want a fairly easy way to find out what caused an OS crash that will work ~90% of the time - assuming you have a crash dump available - then try the following:
Download WinDbg as part of the Debugging tools for Windows package. Note, you only need to install the component called Debugging Tools for Windows.
Run WinDbg
Select "Open Crash Dump" from the file menu
When the dump file has loaded type analyze -v and press enter
WinDbg will do an automated analysis of the crash and will provide a huge amount of information on the system state at the time of the crash. It will usually be able to tell you which module was at fault and what type of error caused the crash. You should also get a stack trace that may or may not be helpful to you.
Another useful command is kbwhich prints out a stack trace. In that list, look for a line contains .sys. This is normally the driver which caused the crash.
Note that you will have to configure symbols in WinDbg if you want the stack trace to give you function names. To do this:
Create a folder such as C:\symbols
In WinDbg, open File -> Symbol File Path
Add: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
This will cache symbol files from Microsoft's servers.
If the automated analysis is not sufficient then there are a variety of commands that WinDbg provides to enable you to work out exactly what was happening at the time of the crash. The help file is a good place to start in this scenario.
Generally speaking, you cannot cause a OS crash or bug check from within your application code. That said, if you are looking for general tips and stuff, I recommend the NTDebugging blog. Most of the stuff is way over my head.
What happens when the OS crashes is it will write a kernel dump file, depending on the current flags and so on, you get more or less info in it. You can load up the dump file in windbg or some other debugger. Windbg has the useful !analyze command, which will examine the dump file and give you hints on the bucket the crash fell into, and the possible culprits. Also check the windbg documentation on the general cause of the bug check, and what you can do to resolve it.
One of my ANTLR grammars running in AntlrWorks throws:
“Cannot launch the debugger. Time-out waiting to connect to the remote parser.”
In the past this message usually goes away but this one is persistent. On searching the ANTLR lists (e.g. http://www.antlr.org/pipermail/antlr-interest/2009-June/034659.html) there are hints that the error message is nothing to do with what it seems but could be a grammar error.
Has anyone got tips as to how to "reboot" or find the bugs in this situation?
I've found that the Windows firewall rules can really interfere with the debugger, so make sure you haven't set it to block the Java VM.
Also, try waiting a bit and then choosing the "Debug Remote" option, often the debugger just takes a little while and the main process times out, but the debugger does still come up.
It may or may not relate - but we got rid of the problem as follows:
On a UNIX box it didn't occur. On Windows it did. There were two parser rules that differed by case (e.g. myfoo and myFOO). When they were resolved the error went away.
I updated the ANTLRworks but the error persisted until we "solved" it as above.