my problem is related and very similar to this one:
Analyzing Outlook HANG dump (with GoogleCalendarSync add-in installed)
The problem is, my addin seems to hang sometimes when a new mail arrives (at least that what it seems to happen, also based on the stack info below. The application log tells me something like "Cross Thread Deadlock". My addin is a managed VSTO addin.
Here is the hang dump analsis:
FAULTING_IP:
+0
00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000007 (Wake debugger)
ExceptionFlags: 00000000
NumberParameters: 0
CONTEXT: 00000000 -- (.cxr 0x0;r)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00bd7028 edi=00000000
eip=77bff8d1 esp=0044e44c ebp=0044e4b0 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200246
ntdll!ZwWaitForSingleObject+0x15:
77bff8d1 83c404 add esp,4
BUGCHECK_STR: HANG
DEFAULT_BUCKET_ID: APPLICATION_HANG
PROCESS_NAME: OUTLOOK.EXE
ERROR_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: outlook.exe
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) x86fre
MANAGED_STACK:
(TransitionMU)
0044EA3C 06019026 UNKNOWN!DomainBoundILStubClass.IL_STUB_CLRtoCOM(System.String, System.Object, System.Object)+0x1d6
(TransitionUM)
(TransitionMU)
0044EC2C 06018DD8 UNKNOWN!yasoonBase.Controller.Outlook.OutlookPersistenceSynchronizer.userStore_OnNewMail(System.String)+0x58
(TransitionUM)
(TransitionMU)
0044F01C 642F371D mscorlib_ni!System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])+0x5d
0044F040 642EF8FA mscorlib_ni!System.Delegate.DynamicInvokeImpl(System.Object[])+0x76
0044F054 64AE1753 mscorlib_ni!System.Runtime.InteropServices.ComEventsMethod+DelegateWrapper.Invoke(System.Object[])+0x8f
0044F068 64AE08BB mscorlib_ni!System.Runtime.InteropServices.ComEventsMethod.Invoke(System.Object[])+0x2f
0044F080 64AE0194 mscorlib_ni!System.Runtime.InteropServices.ComEventsSink.System.Runtime.InteropServices.NativeMethods.IDispatch.Invoke(Int32, System.Guid ByRef, Int32, System.Runtime.InteropServices.ComTypes.INVOKEKIND, System.Runtime.InteropServices.ComTypes.DISPPARAMS ByRef, IntPtr, IntPtr, IntPtr)+0x168
0044F0C8 64951D11 mscorlib_ni!DomainNeutralILStubClass.IL_STUB_COMtoCLR(Int32, IntPtr, Int32, Int32, IntPtr, Int32, Int32, Int32)+0x29
(TransitionUM)
MANAGED_STACK_COMMAND: _EFN_StackTrace
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- --------------------------
0 1d24.16e4 Event -->
54 1d24.1e20 SendMessage
WAIT_CHAIN_COMMAND: ~0s;k;;~54s;k;;
BLOCKING_THREAD: 00001e20
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG
LAST_CONTROL_TRANSFER: from 76e0216b to 76df72b9
FAULTING_THREAD: 00000036
STACK_TEXT:
2a9bbd48 76e0216b 003e0fd8 0000c382 00000001 user32!NtUserMessageCall+0x15
2a9bbd88 76df96c5 022c5d90 00000000 25ecd700 user32!SendMessageWorker+0x3c6
2a9bbdac 25ecdaa0 003e0fd8 0000c382 00000001 user32!SendMessageW+0x7f
WARNING: Stack unwind information not available. Following frames may be wrong.
2a9bbdcc 18314b60 1d133da0 00000001 2a9bbe10 redemption!InitExtensionLibrary+0x4b31c
2a9bbdec 1832467f 00bd6ff0 00000001 2a9bbe10 PSTPRX32!PRXServiceEntry+0xdbaf
2a9bbe6c 18324485 2a9bc820 29e66080 00000005 PSTPRX32!PRXServiceEntry+0x1d6ce
2a9bbeb0 18323b3a 2a9bc820 e4c3e839 00000001 PSTPRX32!PRXServiceEntry+0x1d4d4
2a9bbee0 18325c83 2a9bc7e4 2a9bc7e4 00000000 PSTPRX32!PRXServiceEntry+0x1cb89
2a9bbef8 1831a506 00000000 2a9bc7e4 00000000 PSTPRX32!PRXServiceEntry+0x1ecd2
2a9bc740 1289e3c8 29e64ab4 2a9bc7e4 00000000 PSTPRX32!PRXServiceEntry+0x13555
2a9bc75c 1289a277 29e64ab4 2a9bc7e4 26bc23b8 OUTLMIME!CloseAllSockets+0xea20
2a9bc854 128999e7 2a9bc93c 00000fff 210428ad OUTLMIME!CloseAllSockets+0xa8cf
2a9bc8c0 12898d24 2a9bc93c 210428a2 2a9bc9ac OUTLMIME!CloseAllSockets+0xa03f
2a9bc8e8 1289c957 2a9bc93c 210428a2 2a9bc980 OUTLMIME!CloseAllSockets+0x937c
2a9bc98c 1289cc65 1802d2b8 00000003 2a9bc9ac OUTLMIME!CloseAllSockets+0xcfaf
2a9bcdbc 12896de5 00000005 26bc23c0 26e38f18 OUTLMIME!CloseAllSockets+0xd2bd
2a9bd254 12890bb7 00000005 00000005 00000003 OUTLMIME!CloseAllSockets+0x743d
2a9bd278 1289150b 00000005 00000003 26e38f18 OUTLMIME!CloseAllSockets+0x120f
2a9bd2b4 1289128c 00000000 1808dcc0 00000000 OUTLMIME!CloseAllSockets+0x1b63
2a9bf2d8 1288ffd6 00000000 00000401 26e38690 OUTLMIME!CloseAllSockets+0x18e4
2a9bf6fc 1289201a 00000401 00002bc4 00000001 OUTLMIME!CloseAllSockets+0x62e
2a9bf718 76df62fa 00580ad4 00000401 00002bc4 OUTLMIME!CloseAllSockets+0x2672
2a9bf744 76df6d3a 12891fd1 00580ad4 00000401 user32!InternalCallWinProc+0x23
2a9bf7bc 76df77c4 00000000 12891fd1 00580ad4 user32!UserCallWinProcCheckWow+0x109
2a9bf81c 76df7bca 12891fd1 00000001 2a9bfc8c user32!DispatchMessageWorker+0x3bc
2a9bf82c 1831beda 2a9bf844 00000001 29eb58c8 user32!DispatchMessageA+0xf
2a9bfc8c 0f598abc 29e64aa8 29eb58c8 1922eb58 PSTPRX32!PRXServiceEntry+0x14f29
2a9bfcb8 0f598a08 29eb5b80 1922eb58 26b13240 OLMAPI32!MemGetMalloc+0xbed
2a9bfcd4 655b5155 1922ebc8 26b13240 655ac3bb OLMAPI32!MemGetMalloc+0xb39
2a9bfd04 655ab3a2 2a9bfd74 2a9bfd58 00598790 MSO!Ordinal5372+0x66
2a9bfd1c 655a817f 2a9bfd74 00000000 00598790 MSO!Ordinal4578+0x1bc
2a9bfd50 655a6e0d 00000000 655a6e0d 2a9bfd74 MSO!Ordinal630+0x18ed
2a9bfda4 756a336a 00598790 2a9bfdf0 77c19f72 MSO!Ordinal630+0x57b
2a9bfdb0 77c19f72 00598790 5671c62f 00000000 kernel32!BaseThreadInitThunk+0xe
2a9bfdf0 77c19f45 655a6db4 00598790 ffffffff ntdll!__RtlUserThreadStart+0x70
2a9bfe08 00000000 655a6db4 00598790 00000000 ntdll!_RtlUserThreadStart+0x1b
FOLLOWUP_IP:
redemption!InitExtensionLibrary+4b31c
25ecdaa0 c3 ret
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: redemption!InitExtensionLibrary+4b31c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: redemption
IMAGE_NAME: redemption.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 52791e66
STACK_COMMAND: ~54s ; kb
BUCKET_ID: HANG_redemption!InitExtensionLibrary+4b31c
FAILURE_BUCKET_ID: APPLICATION_HANG_cfffffff_redemption.dll!InitExtensionLibrary
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:application_hang_cfffffff_redemption.dll!initextensionlibrary
FAILURE_ID_HASH: {c9d67d3f-8e85-921b-11e8-c7a8dfc70981}
Followup: MachineOwner
The OnNewMail event handler does not very much imho:
void userStore_OnNewMail(string entryID)
{
//Get mail from store & raise event
RDOMail mail = mapiSession.GetMessageFromID(entryID, this.storeEntryId);
var args = new MailEventArguments(mail, ChangeType.New);
this.eventPublisher.RaiseEvent(new MailEvent(args));
}
One thing I noticed - This seems to happen especially on non-default Outlook stores, though this event is not expected to be fired on non-default stores anyway...
What I'm trying to understand, what is the other thread which blocks this one, is there any possibility to get that information?
Any feedback would be highly appreciated ...
Thanks!
Related
i have a legacy MFC application built using VS2005, i migrated it to VS2015, on Windows-10 the application works fine, but when testing on Windows-7, the application crashes whenever it has show a Message box, i found that Application does not crash if i remove the ICONWARNING, even tired with other flags which has icon like MB_ICONERROR, i see crash with this also.
The module is a DLL and not an exe.
MessageBox(NULL,_T("Something"),_T("Some title"),MB_ICONWARNING|MB_OK); //crashes
MessageBox(NULL,_T("Something"),_T("Some title"),MB_OK); //No Crash
Stack trace from the memory dump.
003ce974 7789fb56 00000000 00000000 776f6a2c ntdll!RtlpWaitOnCriticalSection+0xbd
003ce99c 748a5ea6 749cc618 0060e248 0060e240 ntdll!RtlEnterCriticalSection+0x150
003ce9b0 748a6000 0060e248 00020021 003ceaac comctl32!CImageList::_Destroy+0x51
003ce9cc 748a61e7 00000030 00000030 00020021 comctl32!CImageList::_Initialize+0x1b
003ce9f4 748da1fc 0060e260 00000030 00000030 comctl32!CImageList::Initialize+0x30
003cea38 748c8239 00a10253 00000028 00000028 comctl32!CreateSmallerIcon+0x9f
003cea68 7490f79c 02840001 00000054 00000028 comctl32!LoadIconWithScaleDown+0x109
003ceab4 74887fb2 0060a352 00000000 00000081 comctl32!CStatic::LoadImageW+0x10f
003ceb2c 7489780c 0005034e 00000001 00000000 comctl32!CStatic::WndProc+0x1bd
003ceb50 770086ef 0005034e 00000001 00000000 comctl32!CStatic::s_WndProc+0x8b
003ceb7c 770079cc 748977cd 0005034e 00000001 user32!InternalCallWinProc+0x23
003cebf4 770070f4 005a334c 748977cd 0005034e user32!UserCallWinProcCheckWow+0xe0
003cec50 77000b5f 00c79278 00000001 00000000 user32!DispatchClientMessage+0xda
003cec80 778b642e 003cec98 00000060 003cf39c user32!__fnINLPCREATESTRUCT+0x8b
003cecf4 77000d69 77000cfd 00000004 0000c019 ntdll!KiUserCallbackDispatcher+0x2e
003cecf8 77000cfd 00000004 0000c019 003ced48 user32!NtUserCreateWindowEx+0xc
003cef9c 76ff9a8a 00000004 0000c019 003ceff8 user32!VerNtUserCreateWindowEx+0x1a3
003cf078 77025500 76ff0000 00090346 00000000 user32!InternalCreateDialog+0xa4a
003cf0a8 7704e135 76ff0000 0060a2e0 00000000 user32!InternalDialogBox+0xa7
003cf14c 7704e6b9 00000030 68fdf948 00000000 user32!SoftModalMessageBox+0x68a
003cf29c 7704e7ec 003cf2a8 00000028 00000000 user32!MessageBoxWorker+0x2ca
003cf304 7704ea68 00000000 00607c80 00607de0 user32!MessageBoxTimeoutW+0x7f
003cf324 7704eb04 00000000 00607c80 00607de0 user32!MessageBoxExW+0x1b
003cf340 68f31dbf 00000000 00607c80 00607de0 user32!MessageBoxW+0x45
MODULE_NAME: comctl32
IMAGE_NAME: comctl32.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd976
STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~0s ; .ecxr ; kb
FAILURE_BUCKET_ID: NULL_CLASS_PTR_WRITE_c0000005_comctl32.dll!CImageList::_Destroy
BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_WRITE_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_comctl32!CImageList::_Destroy+51
FAILURE_EXCEPTION_CODE: c0000005
FAILURE_IMAGE_NAME: comctl32.dll
BUCKET_ID_IMAGE_STR: comctl32.dll
FAILURE_MODULE_NAME: comctl32
BUCKET_ID_MODULE_STR: comctl32
FAILURE_FUNCTION_NAME: CImageList::_Destroy
BUCKET_ID_FUNCTION_STR: CImageList::_Destroy
BUCKET_ID_OFFSET: 51
BUCKET_ID_MODTIMEDATESTAMP: 4a5bd976
BUCKET_ID_MODCHECKSUM: 1a1908
BUCKET_ID_MODVER_STR: 6.10.7600.16385
BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_NULL_CLASS_PTR_WRITE_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_
FAILURE_PROBLEM_CLASS: APPLICATION_FAULT
FAILURE_SYMBOL_NAME: comctl32.dll!CImageList::_Destroy
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/ABT.exe/2.9.13.7/6110c135/ntdll.dll/6.1.7600.16385/4a5bdadb/c0000005/0002fc47.htm?Retriage=1
TARGET_TIME: 2021-08-10T10:52:43.000Z
OSBUILD: 7600
OSSERVICEPACK: 16385
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x86
OSNAME: Windows 7
OSEDITION: Windows 7 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2009-07-14 06:39:01
BUILDDATESTAMP_STR: 090713-1255
BUILDLAB_STR: win7_rtm
BUILDOSVER_STR: 6.1.7600.16385
ANALYSIS_SESSION_ELAPSED_TIME: f8b
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:null_class_ptr_write_c0000005_comctl32.dll!cimagelist::_destroy
FAILURE_ID_HASH: {b3bc3c2c-d915-6f2d-661c-984cc3a945f1}
Thank you for looking to this, appreciate any inputs or suggestions.
I have the following thread stack with a msvcr100!_CxxThrowException.
# ChildEBP RetAddr Args to Child
00 0973ef38 7739bf53 7739610a 00000000 00000000 ntdll!KiFastSystemCallRet
01 0973ef70 7738965e 0019029e 00000000 00000001 user32!NtUserWaitMessage+0xc
02 0973ef98 7739f762 77380000 0016aa20 00000000 user32!InternalDialogBox+0xd0
03 0973f258 7739f047 0973f3b4 00000000 ffffffff user32!SoftModalMessageBox+0x94b
04 0973f3a8 7739eec9 0973f3b4 00000028 00000000 user32!MessageBoxWorker+0x2ba
05 0973f400 773d7d0d 00000000 001aaf18 0019bb60 user32!MessageBoxTimeoutW+0x7a
06 0973f434 773c42c8 00000000 7787b9f0 7786c24c user32!MessageBoxTimeoutA+0x9c
07 0973f454 773c42a4 00000000 7787b9f0 7786c24c user32!MessageBoxExA+0x1b
08 0973f470 7786f265 00000000 7787b9f0 7786c24c user32!MessageBoxA+0x45
09 0973f4a4 7786c20f 7787b9f0 7786c24c 00012010 netman!__crtMessageBoxA+0xf6
0a 0973f4cc 7786f34e 0000000a 00000000 0973f788 netman!_NMSG_WRITE+0x127
0b 0973f4fc 7786d6b6 77ecb7c0 0973f760 77e761b7 netman!abort+0x7
0c 0973f508 77e761b7 0973f788 00000000 00000000 netman!__CxxUnhandledExceptionFilter+0x2f
0d 0973f760 77e792a3 0973f788 77e61ac1 0973f790 kernel32!UnhandledExceptionFilter+0x12a
0e 0973f768 77e61ac1 0973f790 00000000 0973f790 kernel32!BaseThreadStart+0x4a
0f 0973f790 7c828772 0973fb4c 0973ffdc 0973f86c kernel32!_except_handler3+0x61
10 0973f7b4 7c828743 0973fb4c 0973ffdc 0973f86c ntdll!ExecuteHandler2+0x26
11 0973f85c 7c82865c 09737000 0973f86c 00010007 ntdll!ExecuteHandler+0x24
12 0973fb3c 77e4bef7 0973fb4c 0000000f e06d7363 ntdll!RtlRaiseException+0x3d
13 0973fb9c 78ac872d e06d7363 00000001 00000003 kernel32!RaiseException+0x53
14 0973fbd4 0084bb9e 0973fc38 00bd8470 9adbd99a msvcr100!_CxxThrowException+0x48
When I look a the msvcr100!_CxxThrowException frame I see the following information. How can I progressive analyze this dump to determine the cause of the MSVCR exception?
14 0973fbd4 0084bb9e msvcr100!_CxxThrowException+0x48 [f:\dd\vctools\crt_bld\self_x86\crt\prebuild\eh\throw.cpp # 157]
0973fbdc void * pExceptionObject = 0x0973fc38
0973fbe0 struct _s__ThrowInfo * pThrowInfo = 0x00bd8470
0973fbb4 struct EHExceptionRecord ThisException = struct EHExceptionRecord
78ac8734 struct EHExceptionRecord ExceptionTemplate = struct EHExceptionRecord
EDIT: At the time I wrote this answer, I wasn't aware of the better, less complicated approaches suggested by the other posters below. So please scroll down and check their answers out as well!
According to your comments, you can't really analyze the stack trace further than this point.
To at least get details about the exception itself (only if it's a exception you have symbols for, such as one in std), you can do the following:
I prepared a simple test file:
#include <stdexcept>
int main()
{
throw std::runtime_error("Oh noez!");
}
Then I ran it in WinDbg:
CommandLine: Z:\Temp\testexception\bin\Debug\testexception.exe
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred symsrv*symsrv.dll*c:\users\david\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: symsrv*symsrv.dll*c:\users\david\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00910000 00919000 testexception.exe
ModLoad: 771a0000 7731b000 ntdll.dll
ModLoad: 75b60000 75c40000 C:\WINDOWS\SysWOW64\KERNEL32.DLL
ModLoad: 73ef0000 7406e000 C:\WINDOWS\SysWOW64\KERNELBASE.dll
ModLoad: 0fb60000 0fcd3000 C:\WINDOWS\SysWOW64\MSVCR100D.dll
(4de4.178c): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000003 ecx=039b0000 edx=00000000 esi=009100e8 edi=00360000
eip=7724ccbc esp=0018f524 ebp=0018f550 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2b:
7724ccbc cc int 3
Processing initial command '.prefer_dml 1'
0:000> .prefer_dml 1
DML versions of commands on by default
0:000> bp ntdll!ExecuteHandler2 <<<<<< This is just to get a stack more similar to yours
0:000> g
(4de4.178c): C++ EH exception - code e06d7363 (first chance)
Breakpoint 0 hit
eax=00000000 ebx=00000000 ecx=64905de5 edx=7722b670 esi=00000000 edi=00000000
eip=7722b62c esp=0018f3cc ebp=0018f490 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!ExecuteHandler2:
7722b62c 55 push ebp
0:000> kb
# ChildEBP RetAddr Args to Child
00 0018f3c8 7722b624 0018f4a8 0018fa4c 0018f4f8 ntdll!ExecuteHandler2
01 0018f490 77218e7f 0018f4a8 0018f4f8 0018f4a8 ntdll!ExecuteHandler+0x24
02 0018f490 73fadad8 0018f4a8 0018f4f8 0018f4a8 ntdll!KiUserExceptionDispatcher+0xf
03<0018f9b0>0fc5cf82 e06d7363 00000001 00000003 KERNELBASE!RaiseException+0x48
*** WARNING: Unable to verify checksum for testexception.exe
04 0018f9f0 00911071 0018fa00 009153a8 00914790 MSVCR100D!_CxxThrowException+0x52
05 0018fa0c 009114df 00000001 00a14f78 00a12358 testexception!main+0x21
06 0018fa5c 0091130f 0018fa78 75b738f4 00360000 testexception!__tmainCRTStartup+0x1bf
07 0018fa64 75b738f4 00360000 75b738d0 380b229d testexception!mainCRTStartup+0xf
08 0018fa78 77205de3 00360000 6488a725 00000000 KERNEL32!BaseThreadInitThunk+0x24
09 0018fac0 77205dae ffffffff 7722b7d2 00000000 ntdll!__RtlUserThreadStart+0x2f
0a 0018fad0 00000000 00911300 00360000 00000000 ntdll!_RtlUserThreadStart+0x1b
0:000> dds 0018f9b0 l6 <<<<<< The address is from the line with RaiseException above, I marked it with < >
0018f9b0 0018f9f0
0018f9b4 0fc5cf82 MSVCR100D!_CxxThrowException+0x52
0018f9b8 e06d7363
0018f9bc 00000001
0018f9c0 00000003
0018f9c4 0018f9e4 <<<<<< This is the address of the arguments array
0:000> dpp 0018f9e4 l3
0018f9e4 19930520
0018f9e8 <0018fa00>00914790 <testexception!std::runtime_error>::`vftable' <<<<<< this is the exception
0018f9ec 009153a8 00000000
0:000> dt 0018fa00 testexception!std::runtime_error <<<<<< remove the `vftable` part (again marked with < > above)
+0x000 __VFN_table : 0x00914790
+0x004 _Mywhat : 0x00a11068 "Oh noez!" <<<<<< Here is our message from the code
+0x008 _Mydofree : 1
#CherryDT's answer is probably fine. I just want to share an alternative approach.
.symfix
.sympath+ <your private symbols>
.reload
.exr -1
dp <parameter 1> L1
ln <result of dp>
dt <type of ln> <parameter 1>
It should look something like this (skipping the symbols parts):
0:000> .exr -1
ExceptionAddress: 7689c41f (KERNELBASE!RaiseException+0x00000058)
ExceptionCode: e06d7363 (C++ EH exception)
ExceptionFlags: 00000001
NumberParameters: 3
Parameter[0]: 19930520
Parameter[1]: 004bfb68
Parameter[2]: 003370b8
0:000> dp 004bfb68 L1
004bfb68 0f5cf1d0
0:000> ln 0f5cf1d0
(0f5cf1d0) MSVCR110D!std::exception::`vftable' | (0f5cf1d8) MSVCR110D!`string'
Exact matches:
MSVCR110D!std::exception::`vftable' = <no type information>
0:000> dt std::exception 004bfb68
SimpleCppCrash!std::exception
+0x000 __VFN_table : 0x0f5cf1d0
+0x004 _Mywhat : 0x0059f410 "Ouch: This application crashed because ..."
+0x008 _Mydofree : 1
If you have trouble with the symbols for MSVCRxxD, I found that a !analyze -v helps (I did not find out what that actually does to fix the problem).
Alternate Approach
$exr_param0,14 are PseudoRegisters for _EXCEPTION_RECORD->ExceptionInformation[15]
ExceptionInformation[2] is pExceptionObject
0:000> da poi($exr_param1+4)
0046ad00 "Oh noez!"
if you use the latest windbg drop you can use the Natvis Expression Evaluator
to view it like this
0:000> dx Debugger.State.DebuggerVariables.curprocess.Threads.First().Stack.Frames[1].LocalVariables.ThisException.params
Debugger.State.DebuggerVariables.curprocess.Threads.First().Stack.Frames[1].LocalVariables.ThisException.params [Type: EHExceptionRecord::EHParameters]
[+0x000] magicNumber : 0x19930520
[+0x004] pExceptionObject : 0x30f9a4 [Type: void *]
[+0x008] pThrowInfo : 0x133728 [Type: _s_ThrowInfo *]
or
0:000> ?? ((stdexcept!std::runtime_error *) #$exr_param1 )->_Data
struct __std_exception_data
+0x000 _What : 0x003dad00 "Oh noez!"
+0x004 _DoFree : 1
Even after giving correct PDB symbols I cant see stack trace where it can tell me function calls. Stack text only shows msvcr120. Also this crash occurs on customer machine only. I am wondering if something is missing wrt msvcr120 which we need to install. This is what I can see in windbg:
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00007fffc113dd27 (msvcr120+0x000000000006dd27)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000005
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=aaaaaaaaaaaaaaaa rbx=0000000000000000 rcx=aaaaaaaaaaaaaaaa
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=00007fffc113dd27 rsp=000000e40cd261c0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=aaaaaaaaaaaaaaaa r12=000000e40c3076b0 r13=0000000000000000
r14=000000000000005c r15=000000e40c3051d0
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
msvcr120+0x6dd27:
00007fff`c113dd27 cd29 int 29h
PROCESS_NAME: <removed>
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000005
NTGLOBALFLAG: 0
APP: <removed>
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
FAULTING_THREAD: 0000000000005188
BUGCHECK_STR: APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP
PRIMARY_PROBLEM_CLASS: INVALID_ARG_FAILURE_SEHOP
DEFAULT_BUCKET_ID: INVALID_ARG_FAILURE_SEHOP
LAST_CONTROL_TRANSFER: from 0000000000000000 to 00007fffc113dd27
STACK_TEXT:
000000e4`0cd261c0 00000000`00000000 : 00000000`00000000 00000000`00000000 aaaaaaaa`aaaaaaaa 00000000`00000000 : msvcr120+0x6dd27
STACK_COMMAND: ~5s; .ecxr ; kb
FOLLOWUP_IP:
msvcr120+6dd27
00007fff`c113dd27 cd29 int 29h
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: msvcr120+6dd27
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr120
IMAGE_NAME: msvcr120.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 524f83ff
FAILURE_BUCKET_ID: INVALID_ARG_FAILURE_SEHOP_c0000409_msvcr120.dll!Unknown
BUCKET_ID: APPLICATION_FAULT_INVALID_ARG_FAILURE_SEHOP_msvcr120+6dd27
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:invalid_arg_failure_sehop_c0000409_msvcr120.dll!unknown
FAILURE_ID_HASH: {6c95a838-d91e-9c26-c623-f4edddde2886}
Followup: MachineOwner
---------
0:005> k
Child-SP RetAddr Call Site
000000e4`0cd261c0 00000000`00000000 msvcr120+0x6dd27
(Btw I have tried every possible suggestion I found to get stack trace on stackoverflow and other places before asking question)
Based on the output above, you do not have valid symbols for msvcr120. The first step is to try and get those. If you can't get the symbols, or you do get them and still can't get a good stack trace, then you should use dqs and try to manually walk the stack.
I have a problem with Virtual Treeview Destructor, which stops the WorkerThread while it is still running.
Code:
destructor TBaseVirtualTree.Destroy;
begin
Exclude(FOptions.FMiscOptions, toReadOnly);
ReleaseThreadReference(Self);
and the code for ReleaseThreadReference:
procedure ReleaseThreadReference(Tree: TBaseVirtualTree);
begin
if Assigned(WorkerThread) then
begin
Dec(WorkerThread.FRefCount);
// Make sure there is no reference remaining to the releasing tree.
Tree.InterruptValidation;
if WorkerThread.FRefCount = 0 then
begin
with WorkerThread do
begin
Terminate;
SetEvent(WorkEvent);
end;
FreeAndNil(WorkerThread);
CloseHandle(WorkEvent);
end;
end;
end;
And output from WinDbg:
FAULTING_IP:
vcl120!Forms.TGlassFrame.FrameExtended+3
501f0b57 807b0800 cmp byte ptr [ebx+8],0
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 501f0b57 (vcl120!Forms.TGlassFrame.FrameExtended+0x00000003)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000008
Attempt to read from address 00000008
PROCESS_NAME: MyProcess.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000008
READ_ADDRESS: 00000008
FOLLOWUP_IP:
vcl120!Forms.TGlassFrame.FrameExtended+0
501f0b54 53 push ebx
FAULTING_THREAD: 00000894
ADDITIONAL_DEBUG_TEXT: Followup set via attribute from Frame 0 on thread 894
BUGCHECK_STR: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_WINDOW_HOOK
PRIMARY_PROBLEM_CLASS: NULL_CLASS_PTR_DEREFERENCE
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 501c565d to 501f0b57
00d7eca4 501c565d 00d7efb0 028408b9 00d7ee74 vcl120!Forms.TGlassFrame.FrameExtended+0x3
00d7edd0 501c9cec 00d7ee74 01a58e10 77c2c3ce vcl120!Controls.TControl.WndProc+0x2d5
00d7ee10 501e5a59 00d7efb0 028408b9 02190e80 vcl120!Controls.TWinControl.WndProc+0x518
00d7ee3c 501c9403 00d7ee50 50007cb0 00d7ee6c vcl120!Forms.TCustomForm.WndProc+0x599
00d7ee6c 500591de 00000046 00000000 00d7efb0 vcl120!Controls.TWinControl.MainWndProc+0x2f
00d7ee84 77d48709 002b00ee 00000046 00000000 rtl120!Classes.StdWndProc+0x16
00d7eeb0 77d4d297 028408b9 002b00ee 00000046 user32!InternalCallWinProc+0x28
00d7ef18 77d4b368 00000000 028408b9 002b00ee user32!UserCallWinProcCheckWow+0xea
00d7ef6c 77d4d1da 01c9c880 00000046 00000000 user32!DispatchClientMessage+0xa3
00d7ef94 7c90eae3 00d7efa4 00000030 01c9c880 user32!__fnINOUTLPWINDOWPOS+0x27
00d7efac 002b00ee 00000000 00000000 00000000 ntdll!KiUserCallbackDispatcher+0x13
00d7efe8 501e6a2b 002b00ee 00000000 00d7f1cc MainControls!TUJournalIntf.ImportFunFile+0x33a
00d7f020 501e88cc 02190e80 00d7f158 501c565d vcl120!Forms.TCustomForm.SetMenu+0x197
00d7f02c 501c565d 00d7f35c 028408b9 00d7f1fc vcl120!Forms.TCustomForm.WMNCCreate+0x20
00d7f158 501c9cec 00d7f1fc 00d7f1a4 501c9cec vcl120!Controls.TControl.WndProc+0x2d5
00d7f198 501e5a59 00d7f35c 028408b9 02190e80 vcl120!Controls.TWinControl.WndProc+0x518
00d7f1c4 501c9403 00d7f1d8 501c941b 00d7f1f4 vcl120!Forms.TCustomForm.WndProc+0x599
00d7f1f4 500591de 00000081 00000000 00d7f35c vcl120!Controls.TWinControl.MainWndProc+0x2f
00d7f20c 77d48709 002b00ee 00000081 00000000 rtl120!Classes.StdWndProc+0x16
00d7f238 77d4d297 028408b9 002b00ee 00000081 user32!InternalCallWinProc+0x28
00d7f2a0 77d4b368 00000000 028408b9 002b00ee user32!UserCallWinProcCheckWow+0xea
00d7f2f4 77d4e840 01c9c880 00000081 00000000 user32!DispatchClientMessage+0xa3
00d7f324 7c90eae3 00d7f334 00000060 00000060 user32!__fnINLPCREATESTRUCT+0x8b
00d7f390 77d517eb 77d517b1 00050000 00d7f8b8 ntdll!KiUserCallbackDispatcher+0x13
00d7f834 77d518a4 00050000 00d7f8b8 00d7f8cc user32!NtUserCreateWindowEx+0xc
00d7f8e0 77d51b08 00050000 00d7fa04 00d7f8cc user32!_CreateWindowEx+0x1ed
00d7f91c 50122dd0 00050000 00d7fa04 0b3413bc user32!CreateWindowExW+0x33
00d7f964 501c8b29 00000000 50120000 00000000 vcl120!Windows.CreateWindowEx+0x44
00d7faa8 501c8a47 00d7fc80 501c8ae7 00d7fbc4 vcl120!Controls.TWinControl.CreateWindowHandle+0x35
00d7fbc4 501e3682 02190e80 501e7787 00d7f9cc vcl120!Controls.TWinControl.CreateWnd+0x13f
00d7fc18 77d4d86f 000100a8 00d7fc68 00d7fcf8 vcl120!Forms.TScrollingWinControl.CreateWnd+0xa
00d7fc38 77d4d94b 00000000 00000000 501ed470 user32!InternalEnumWindows+0x5a
00d7fc58 501ed556 501ed470 00d7fc68 00450242 user32!EnumWindows+0x16
00d7fce0 500591de 0000001c 00000000 00000454 vcl120!Forms.TApplication.DoNormalizeTopMosts+0x32
00d7fcf8 77d48709 00450242 0000001c 00000000 rtl120!Classes.StdWndProc+0x16
00d7fd24 77d487eb 02840fe2 00450242 0000001c user32!InternalCallWinProc+0x28
00d7fd8c 77d4b368 00000000 02840fe2 00450242 user32!UserCallWinProcCheckWow+0x150
00d7fde0 77d4b3b4 01c8f058 0000001c 00000000 user32!DispatchClientMessage+0xa3
00d7fe08 7c90eae3 00d7fe18 00000018 01c8f058 user32!__fnDWORD+0x24
00d7fe2c 77d493c6 77d49385 00d7feac 00000000 ntdll!KiUserCallbackDispatcher+0x13
00d7fe58 77d493df 00d7feac 00000000 00000000 user32!NtUserPeekMessage+0xc
00d7fe84 500576a4 00d7feac 00000000 00000000 user32!PeekMessageW+0xbc
00d7fee8 50006c37 5002b6a9 01783c94 00d7ff08 rtl120!Classes.TThread.WaitFor+0x5c
00d7fef8 0178fc99 00000003 021d5800 021d5830 rtl120!System.TObject.Free+0xb
00d7ff08 501c7240 02190e80 021d5830 021d5830 VirtualTreesR!VirtualTrees.TBaseVirtualTree.Destroy+0x21
00d7ff1c 501cef46 00000002 00000000 501c7240 vcl120!Controls.TWinControl.Destroy+0x90
00d7ff28 501c7240 00d7ff64 02190e80 02190e80 vcl120!Controls.TCustomControl.Destroy+0x22
00000000 00000000 00000000 00000000 00000000 vcl120!Controls.TWinControl.Destroy+0x90
SYMBOL_NAME: vcl120!Forms.TGlassFrame.FrameExtended+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vcl120
IMAGE_NAME: vcl120.bpl
DEBUG_FLR_IMAGE_TIMESTAMP: 4a0b8b7f
STACK_COMMAND: .ecxr ; ~~[894] ; .frame 0 ; ~0s; .ecxr ; kb
FAILURE_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE_c0000005_vcl120.bpl!Forms.TGlassFrame.FrameExtended
BUCKET_ID: APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_WINDOW_HOOK_vcl120!Forms.TGlassFrame.FrameExtended+0
If you look at this line in callstack "0000001c 00000000 rtl120!Classes.StdWndProc+0x16", you can see that application processed WM_ACTIVATEAPP(0x1C) message and called "DoNormalizeTopMosts" (I think this leads to create main form again). I found in our project DevExpress6 with "dxBarWndProcHook", maybe this is a problem, but I'm not sure. I have no idea why this is happen - function TThread.WaitFor processed message which leads to recreate form.
Please, could anyone help me to solve this? Thank you in advance!
Since I started using outlook with GoogleCalendarSync i'm experiencing hangs every once in awhile.
I used ADPlus to create a hang dump of the process (using adplus -hang -pn outlook.exe -o c:\dumps).
When I read the dump via WinDBG I use the command !analyze -v -hang, but I can't figure out what exactly went wrong.
The output of the command is:
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
FAULTING_IP:
+1d32faf00ffdf58 00000000 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000 ExceptionCode: 80000007 (Wake debugger)
ExceptionFlags: 00000000 NumberParameters: 0
BUGCHECK_STR: HANG
PROCESS_NAME: OUTLOOK.EXE
ERROR_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xcfffffff - <Unable to get error code
text>
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK: !dumpstack -EE OS Thread Id: 0xd60 (37) Current frame:
ChildEBP RetAddr Caller,Callee
DERIVED_WAIT_CHAIN:
Dl Eid Cid WaitType
-- --- ------- -------------------------- 0 ba0.6a4 Thread Handle --> 37 ba0.d60 Event
WAIT_CHAIN_COMMAND: ~0s;k;;~37s;k;;
BLOCKING_THREAD: 00000d60
DEFAULT_BUCKET_ID: APPLICATION_HANG_BlockedOn_EventHandle
PRIMARY_PROBLEM_CLASS: APPLICATION_HANG_BlockedOn_EventHandle
LAST_CONTROL_TRANSFER: from 7c90df5a to 7c90e514
FAULTING_THREAD: 00000025
STACK_TEXT: 11f3f764 7c90df5a 7c8025db 00000458 00000000
ntdll!KiFastSystemCallRet 11f3f768 7c8025db 00000458 00000000 00000000
ntdll!NtWaitForSingleObject+0xc 11f3f7cc 7c802542 00000458 ffffffff
00000000 kernel32!WaitForSingleObjectEx+0xa8 11f3f7e0 77520197
00000458 ffffffff 00192888 kernel32!WaitForSingleObject+0x12 11f3f7fc
77602e50 00192888 001a3ab8 00000000 ole32!GetToSTA+0x6f 11f3f81c
7760208a 11f3f8e4 11f3f9f4 09b148b8
ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0xf6 11f3f8fc
7752c982 09b148b8 11f3f9f4 11f3f9e4
ole32!CRpcChannelBuffer::SendReceive2+0xc8 11f3f968 7752c91a 09b148b8
11f3f9f4 11f3f9e4 ole32!CAptRpcChnl::SendReceive+0xab 11f3f9bc
77ef5db5 09b148b8 11f3f9f4 11f3f9e4
ole32!CCtxComChnl::SendReceive+0x113 11f3f9d8 77ef5ead 09b22354
11f3fa20 0600015b rpcrt4!NdrProxySendReceive+0x43 11f3fdbc 77ef5e42
774e6228 774e92da 11f3fdf4 rpcrt4!NdrClientCall2+0x1fa 11f3fddc
77e88519 00000010 00000005 11f3fe04 rpcrt4!ObjectStublessClient+0x8b
11f3fdec 7752d919 09b22354 00000001 145bf7b8 rpcrt4!ObjectStubless+0xf
11f3fe04 7752d8ba 09b22354 00192888 00000001
ole32!RemoteReleaseRifRefHelper+0x84 11f3fe2c 7752c558 09b22354
00192888 00000001 ole32!RemoteReleaseRifRef+0x74 11f3fe84 7752c351
0e8a3cfc 0e8a3cf8 00000000 ole32!CStdMarshal::DisconnectCliIPIDs+0x200
11f3feac 7750c880 00000002 0e8a3da0 0e8a3cf8
ole32!CStdMarshal::Disconnect+0x178 11f3fec8 7750c7ed 0e8a3cf8
11f3fee8 7750c967 ole32!CStdIdentity::~CStdIdentity+0x89 11f3fed4
7750c967 00000001 00440023 00520006 ole32!CStdIdentity::`vector
deleting destructor'+0xd 11f3fee8 77ef5ae8 80000000 11f3ff00 1112f31b
ole32!CStdIdentity::CInternalUnk::Release+0x4c 11f3fef4 1112f31b
0e8bd1fc 11f3ff14 1112a0e4 rpcrt4!IUnknown_Release_Proxy+0x11 WARNING:
Stack unwind information not available. Following frames may be wrong.
11f3ff00 1112a0e4 11f3ff80 00000000 11f3ff80 GoogleCalendarSync+0xf31b
11f3ff14 1112a0b1 00000000 11f3ff80 11f3ffb4 GoogleCalendarSync+0xa0e4
11f3ff24 11137c5e 555047c9 00020048 80578cb2 GoogleCalendarSync+0xa0b1
11f3ffb4 7c80b729 00000301 00440023 00520006
GoogleCalendarSync+0x17c5e 11f3ffec 00000000 111378c0 00000301
00000000 kernel32!BaseThreadStart+0x37
FOLLOWUP_IP: GoogleCalendarSync+f31b 1112f31b 8b5508 mov
edx,dword ptr [ebp+8]
SYMBOL_STACK_INDEX: 15
SYMBOL_NAME: GoogleCalendarSync+f31b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: GoogleCalendarSync
IMAGE_NAME: GoogleCalendarSync.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4d9f0466
STACK_COMMAND: ~37s ; kb
BUCKET_ID: HANG_GoogleCalendarSync+f31b
WATSON_IBUCKET: -1362224887
WATSON_IBUCKETTABLE: 1
FAILURE_BUCKET_ID:
APPLICATION_HANG_BlockedOn_EventHandle_cfffffff_GoogleCalendarSync.dll!Unknown
WATSON_STAGEONE_URL:
http://watson.microsoft.com/StageOne/OUTLOOK_EXE/14_0_6117_5001/4f3e2d20/unknown/0_0_0_0/bbbbbbb4/cfffffff/00000000.htm?Retriage=1
Followup: MachineOwner
---------------------------
How can I further investigate this dump? What am I missing?
The thread GoogleCalendarSync is operating in tries to Release a COM object whose apartement model is STA, that is the object lives in a single thread. This kind of object was very popular in the begining of COM, because the COM layer ensures the object won't be accessed from multiple threads in the same time, thus avoiding adding synchronization code in the object implementation.
You can grab the first parameter of GetToSTA (0x00192888 in this case), dump the contents of the memory at this address (dc 0x00192888). In the result, skip the first 2 DWORD : next DWORD should be the target process ID and next one the target thread ID. This target thread is likely to be already blocked in another operation (refer to http://blogs.msdn.com/b/tess/archive/2008/06/12/asp-net-case-study-deadlock-waiting-in-gettosta.aspx if you need a real life example).