Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows Crash Dump call stack only shows wow64

Problem

I have a Windows application that we developed for in house use. Thanks to Windows Error Handling, the window stays open and I can easily generate a crash dump from the task manager.

I have used crash-dumps on linux through eclipse once before, but this is the first time on Windows.

Hardware

The server is Windows 2012, and my development machine is Windows 7.

Windbg

When I load the crash dump in Windbg, load my symbols, then choose to look at the call stack, the only listings are:

enter image description here

How can I see my application call stack specifically?

like image 211
Dan Avatar asked Aug 07 '15 23:08

Dan


2 Answers

Looks like your applications is a 32Bit application and you used the 64Bit Taskmgr to generate a dump.

You should use ProcessExplorer instead, it cares about the bitness:

Process Explorer v15.3: It also creates dump files that match the bitness of the target process

Or run the 32Bit Taskmgr from C:\Windows\SysWOW64 to generate the dump.

like image 145
magicandre1981 Avatar answered Sep 19 '22 12:09

magicandre1981


As already answered, you have taken a 64 bit dump of a 32 bit application. There are multiple options to take a 32 bit dump of a 32 bit application on 64 bit OS, just choose the one which is most comfortable to you.

If this is the only dump you have and there's hardly a chance to get a better dump, you can try !sw to switch to 32 bit mode:

0:014> !sw
Switched to 32bit mode
0:014:x86>

Note how the command prompt changed. IMHO the exact same effect can be achieved by .effmach

0:014> .effmach x86
Effective machine: x86 compatible (x86)
0:014:x86>

except that you specify the mode explicitly where the !sw command toggles between the two.

In case of a .NET application, none of these ever helped me, since SOS cannot work with dumps of incorrect bitness.

like image 34
Thomas Weller Avatar answered Sep 20 '22 12:09

Thomas Weller