Windows/C++: Is it possible to find the line of code where exception was thrown having "Exception Offset"

Question

One of our users having an Exception on our product startup. She has sent us the following error message from Windows:

  Problem Event Name:                        APPCRASH   Application Name:                          program.exe   Application Version:                       1.0.0.1   Application Timestamp:                     4ba62004   Fault Module Name:                         agcutils.dll   Fault Module Version:                      1.0.0.1   Fault Module Timestamp:                    48dbd973   Exception Code:                            c0000005   Exception Offset:                          000038d7   OS Version:                                6.0.6002.2.2.0.768.2   Locale ID:                                 1033   Additional Information 1:                  381d   Additional Information 2:                  fdf78cd6110fd6ff90e9fff3d6ab377d   Additional Information 3:                  b2df   Additional Information 4:                  a3da65b92a4f9b2faa205d199b0aa9ef 

Is it possible to locate the exact place in the source code where the exception has occured having this information?

What is the common technique for C++ programmers on Windows to locate the place of an error that has occured on user computer?

Our project is compiled with Release configuration, PDB file is generated.

I hope my question is not too naive.

Answer 1

Yes, that's possible. Start debugging with the exact same binaries as ran by your user, make sure the DLL is loaded and you've got a matching PDB file for it. Look in Debug + Windows + Modules for the DLL base address. Add the offset. Debug + Windows + Disassembly and enter the calculated address in the Address field (prefix with 0x). That shows you the exact machine code instruction that caused the exception. Right-click + Go To Source code to see the matching source code line.

While that shows you the statement, this isn't typically good enough to diagnose the cause. The 0xc0000005 exception is an access violation, it has many possible causes. Often you don't even get any code, the program may have jumped into oblivion due to a corrupted stack. Or the real problem is located far away, some pointer manipulation that corrupted the heap. You also typically really need a stack trace that shows you how the program ended up at the statement that bombed.

What you need is a minidump. You can easily get one from your user if she runs Vista or Win7. Start TaskMgr.exe, Processes tab, select the bombed program while it is still displaying the crash dialog. Right-click it and Create Dump File.

To make this smooth, you really want to automate this procedure. You'll find hints in my answer in this thread.