Heap stack traces from W2K3/XP user dump
CARE: Crash Analysis Report Environment
DATA (Dump Analysis + Trace Analysis) Facebook group
Please join the community of memory (dump) and trace analysis engineers. This group promotes scientific methods and memory dump-based worldview.
Twitter @ DumpAnalysis You can now follow portal and blog news at DumpAnalysis on Twitter
LinkedIn Group Dr. Watson Enthusiasts All about Dr. Watson errors and more. Get news, excerpts and progress reports about the forthcoming book The Science of Dr. Watson: An Illustrated History of Debugging (ISBN 978-1906717070)
2010 (0x7DA) - The Year of Dump Analysis 2011 (0x7DB) - 2020 (0x7E4) The Debugging Decade
If you have user mode stack trace DB enabled on Windows 2003 for some service or application (here is an example for Citrix IMA service) and if you get a dump and try to get saved stack traces using !heap extension command you get these errors:
0:000> !heap -k -h 000a0000
Heap entries for Segment00 in Heap 000a0000
000a0c50: 00c50 . 00040 [01] - busy (40)
000a0c90: 00040 . 01818 [07] - busy (1800), tail fill - unable to read heap entry extra at 000a24a0
000a24a8: 01818 . 00030 [07] - busy (18), tail fill - unable to read heap entry extra at 000a24d0
000a24d8: 00030 . 005a0 [07] - busy (588), tail fill - unable to read heap entry extra at 000a2a70
The solution is to use Windows 2000 extension ntsdexts.dll:
0:000> !.\w2kfre\ntsdexts.heap -k -h 000a0000
Stack trace (12) at 1021bfc:
7c85fc22: ntdll!RtlAllocateHeapSlowly+0×00000041
7c81d4df: ntdll!RtlAllocateHeap+0×00000E9F
7c83467a: ntdll!LdrpAllocateUnicodeString+0×00000035
7c8354f4: ntdll!LdrpCopyUnicodeString+0×00000031
7c83517b: ntdll!LdrpResolveDllName+0×00000195
7c834b2a: ntdll!LdrpMapDll+0×0000014F
7c837474: ntdll!LdrpLoadImportModule+0×0000017C
7c837368: ntdll!LdrpHandleOneNewFormatImportDescriptor+0×0000004D
7c837317: ntdll!LdrpHandleNewFormatImportDescriptors+0×0000001D
7c837441: ntdll!LdrpWalkImportDescriptor+0×00000195
7c80f560: ntdll!LdrpInitializeProcess+0×00000E3E
7c80ea0b: ntdll!_LdrpInitialize+0×000000D0
7c82ec2d: ntdll!KiUserApcDispatcher+0×00000025
- Dmitry Vostokov @ DumpAnalysis.org -
_1125.png)
Coming Soon:
Debugging Notebook: Essential Concepts, WinDbg Commands and Tools
Crash Dump Analysis for System Administrators and Support Engineers
New Magazines:
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
New Books:
Memory Dump Analysis Anthology, Volume 3
First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
x64 Windows Debugging: Practical Foundations
Also available:
Windows Debugging: Practical Foundations
DLL List Landscape: The Art from Computer Memory Space
Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov
WinDbg: A Reference Poster and Learning Cards
Memory Dump Analysis Anthology, Volume 2
Memory Dump Analysis Anthology, Volume 1
New Children's Book:
