Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to read a google chrome crash dump with windbg

here is what I'm trying to solve. I have a crash dump from Google Chrome.

  1. I open windbg and say File -> Symbol File Path: "SRV*c:\code\symbols*http://msdl.microsoft.com/download/symbols;SRV*c:\code\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com" I guess this looks for the debugging symbols from let to right and should finally grab them from google then. I copied that from http://www.chromium.org/developers/how-tos/debugging.

  2. I drag and drop the crash dump into windbg

And then...

Microsoft (R) Windows Debugger Version 6.2.8400.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\cburgdorf\Desktop\Chrome-last.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: SRV*c:\code\symbols*http://msdl.microsoft.com/download/symbols;SRV*c:\code\symbols*https://chromium-browser-symsrv.commondatastorage.googleapis.com
Executable search path is: 
Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Wed May 16 16:25:24.000 2012 (UTC + 2:00)
System Uptime: not available
Process Uptime: 0 days 0:01:39.000
.........................................
This dump file has a breakpoint exception stored in it.
The stored exception information can be accessed via .ecxr.
eax=00000000 ebx=0038e1f8 ecx=00000001 edx=0012df58 esi=00000002 edi=0038e218
eip=776e013d esp=0038e1a8 ebp=0038e244 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200246
ntdll!NtWaitForMultipleObjects+0x15:
776e013d 83c404          add     esp,4
0:000> .excr
           ^ Syntax error in '.excr'

You see that it says "The stored exception information can be accessed via .ecxr" but once I insert that it tells me that I have a syntax error.

Does anyone know what I'm doing wrong?

like image 279
Christoph Avatar asked Jun 01 '12 10:06

Christoph


1 Answers

You've got a typo, it's .ecxr :) In the meantime, another easy way to get information out of a crash dump without needing too much WinDbg-fu, is:

.symfix; .reload
!analyze -v

And if this is a .NET App (Chromium isn't but just for extra info), add these three lines

.loadby sos clr
!pe
~*e !clrstack
like image 148
Ana Betts Avatar answered Sep 28 '22 18:09

Ana Betts