What does WinDbg's PRIMARY_PROBLEM_CLASS STACKIMMUNE mean?

Question

In general I cannot find a listing of the meaning of the values that the different fields in WinDbg's output of the !analyze -v command can contain.

Searching is difficult due to the fact that the output of the command is often posted without the field values (like that of DEFAULT_BUCKET_ID and PRIMARY_PROBLEM_CLASS) explicitly being addressed. Is there a reference list?

To be more specific: During the analysis of a memory dump, the output of the !analyze -v command indicated that both DEFAULT_BUCKET_ID and PRIMARY_PROBLEM_CLASS are "STACKIMMUNE". What does this mean?

Answer 1

First a small introduction to how !analyze works.

When !analyze tries to determine the reason for an access violation (and some other types of exceptions, for example, SEH exceptions, C++ exceptions, integer overflow, division by zero, etc.), it looks at the call stack of the thread that threw the exception and figures out what is on the top of the thread. However, not all stack frames are useful.

For example, for C++ exceptions you will see kernel32!RaiseException and your_module!__except_handler3 at the top of the stack. Those frames must be skipped, because they are very unlikely the cause of the problem. Sometimes !analyze has to skip lots of frames to get to the interesting frame. Just look at an example on other Stack Overflow question, where the offending code is ~40 frames below.

To answer your question: STACKIMMUNE is an indication that all frames in the call stack are skipped. This could happen when the stack is corrupted or when you have wrong symbols and used !reload /i to ignore any mismatch errors, and probably in many other cases.