Windows Crash Dump call stack only shows wow64

Question

Problem

I have a Windows application that we developed for in house use. Thanks to Windows Error Handling, the window stays open and I can easily generate a crash dump from the task manager.

I have used crash-dumps on linux through eclipse once before, but this is the first time on Windows.

Hardware

The server is Windows 2012, and my development machine is Windows 7.

Windbg

When I load the crash dump in Windbg, load my symbols, then choose to look at the call stack, the only listings are:

How can I see my application call stack specifically?

Answer 1

Looks like your applications is a 32Bit application and you used the 64Bit Taskmgr to generate a dump.

You should use ProcessExplorer instead, it cares about the bitness:

Process Explorer v15.3: It also creates dump files that match the bitness of the target process

Or run the 32Bit Taskmgr from C:\Windows\SysWOW64 to generate the dump.

Answer 2

As already answered, you have taken a 64 bit dump of a 32 bit application. There are multiple options to take a 32 bit dump of a 32 bit application on 64 bit OS, just choose the one which is most comfortable to you.

If this is the only dump you have and there's hardly a chance to get a better dump, you can try !sw to switch to 32 bit mode:

0:014> !sw
Switched to 32bit mode
0:014:x86>

Note how the command prompt changed. IMHO the exact same effect can be achieved by .effmach

0:014> .effmach x86
Effective machine: x86 compatible (x86)
0:014:x86>

except that you specify the mode explicitly where the !sw command toggles between the two.

In case of a .NET application, none of these ever helped me, since SOS cannot work with dumps of incorrect bitness.