Archive for the ‘Mac Crash Corner’ Category

Plans for The Year of Dump Analysis

Monday, January 18th, 2010

After exciting results of  the previous year of debugging it is time to announce modest plans for this year, 0×7DA:

Release the first beta version of EasyDbg 

Release the first beta version of CARE (Crash Analysis Report Environment) for a pattern-driven debugger log analyzer with standards for structured audience-driven reports

Release the first beta version of STARE (Software Trace Analysis Report Environment) for a pattern-driven software trace analyzer with corresponding standards for structured audience-driven reports

Publish the following books on dump analysis that address different audiences (general users, system administrators, support and escalation engineers, testers, software engineers, security and software defect researchers):

Windows Debugging Notebook
Crash Dump Analysis for System Administrators and Support Engineers
- Memory Dump Analysis Anthology, Volume 4
- Memory Dump Analysis Anthology, Volume 5
- Memory Dump Analysis Anthology Color Supplement
- Principles of Memory Dump Analysis
- My Computer Crashes and Freezes: A Non-technical Guide to Software and Hardware Errors
- Linux, FreeBSD and Mac OS X Debugging: Practical Foundations  
- Encyclopedia of Crash Dump Analysis Patterns  
- WinDbg In Use: Debugging Exercises

Publish articles related to memory dump analysis in Debugged! magazine

Update WinDbg Poster and Cards

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Posted in Announcements, Books, Certification, Crash Dump Analysis, Debugging, Education and Research, Escalation Engineering, FreeBSD Crash Corner, Linux Crash Corner, Mac Crash Corner, New Acronyms, Publishing, Software Engineering, Software Technical Support, Software Trace Analysis | No Comments »

More Practical Foundations Series

Tuesday, August 4th, 2009

OpenTask plans to expand its Practical Foundations series and publish the following 2 books for the forthcoming Memory Dump Analysis Fundamentals certification (Unix track) being developed by Memory Analysis and Debugging Institute:

  • Linux, FreeBSD and Mac OS X Debugging: Practical Foundations (ISBN: 978-1906717773)

  • 64-bit Linux, FreeBSD and Mac OS X Debugging: Practical Foundations (ISBN: 978-1906717780)

    • - Dmitry Vostokov @ DumpAnalysis.org -

    Posted in Announcements, Assembly Language, Books, Certification, Crash Dump Analysis, Debugging, Education and Research, FreeBSD Crash Corner, GDB for WinDbg Users, Linux Crash Corner, Mac Crash Corner, Memory Dump Analysis Jobs, Publishing, Software Engineering, Software Technical Support, Testing, Tools, Training and Seminars | No Comments »

    Deadlocks in iPhone

    Friday, July 24th, 2009

    One of the authors of June Debugged! MZ/PE issue, Kapildev Ramlal, published a short article about XCode debugging of multithreaded deadlocks and a few GDB commands:

    Episode 1 of XCode iPhone Debugging Adventures

    - Dmitry Vostokov @ DumpAnalysis.org -

    Posted in Debugging, GDB for WinDbg Users, Mac Crash Corner | No Comments »

    Mac Crash Corner: Blame Module

    Friday, May 16th, 2008

    It looks like Microsoft has introduced the “Blame Module” concept in addition to the old Windows “Crashed Module” terminology in Microsoft Error Reporting for Mac OS X. I noticed that yesterday when the freshly installed out of the box Microsoft Word 2008 for Mac crashed on my new MacBook Air. Digging into the report I noticed this:

    Microsoft Error Reporting log version: 2.0

    Error Signature:
    Exception: EXC_BAD_ACCESS
    Date/Time: 2008-05-16 01:15:21 +0100
    Application Name: Microsoft Word
    Application Bundle ID: com.microsoft.Word
    Application Signature: MSWD
    Application Version: 12.0.0.071130
    Crashed Module Name: HIToolbox
    Crashed Module Version: unknown
    Crashed Module Offset: 0x0006118f
    Blame Module Name: HIToolbox
    Blame Module Version: unknown
    Blame Module Offset: 0×0006118f
    Application LCID: 1033
    Extra app info: Reg=en Loc=0×0409

    In the report itself it is nice to see stack traces and thread context in familiar Intel syntax:

    Thread 0 crashed:
    #  1  0x9037018f in .objc_class_name_IPMDFontRange + 0x9004556F (HIToolbox + 0x0006118f)
    #  2  0x9036ff53 in .objc_class_name_IPMDFontRange + 0x90045333 (HIToolbox + 0x00060f53)
    #  3  0x9036edaa in .objc_class_name_IPMDFontRange + 0x9004418A (HIToolbox + 0x0005fdaa)
    #  4  0x9036a9b5 in .objc_class_name_IPMDFontRange + 0x9003FD95 (HIToolbox + 0x0005b9b5)
    #  5  0x903f99da in .objc_class_name_IPMDFontRange + 0x900CEDBA (HIToolbox + 0x000ea9da)
    #  6  0x01661a53 in _McpSetWindowBrush + 0x000001E7 (MicrosoftComponentPlugin + 0x000eba53)
    #  7  0x90316fc3 in .objc_class_name_IPMDFontRange + 0x8FFEC3A3 (HIToolbox + 0x00007fc3)
    #  8  0x903163fd in .objc_class_name_IPMDFontRange + 0x8FFEB7DD (HIToolbox + 0x000073fd)
    #  9  0x90332e0e in .objc_class_name_IPMDFontRange + 0x900081EE (HIToolbox + 0x00023e0e)
    # 10  0x90345dcf in .objc_class_name_IPMDFontRange + 0x9001B1AF (HIToolbox + 0x00036dcf)
    # 11  0x9031737c in .objc_class_name_IPMDFontRange + 0x8FFEC75C (HIToolbox + 0x0000837c)
    # 12  0x903163fd in .objc_class_name_IPMDFontRange + 0x8FFEB7DD (HIToolbox + 0x000073fd)
    # 13  0x90332e0e in .objc_class_name_IPMDFontRange + 0x900081EE (HIToolbox + 0x00023e0e)
    # 14  0x01661c05 in _McpFDispatchEventRef + 0x00000073 (MicrosoftComponentPlugin + 0x000ebc05)
    # 15  0x01662195 in _McpRunApplicationEventLoop + 0x0000051B (MicrosoftComponentPlugin + 0x000ec195)
    # 16  0x00ae3e6b in _wdCommandDispatch + 0x007C7EC3 (Microsoft Word + 0x00ae2e6b)
    # 17  0x00aecd18 in _wdCommandDispatch + 0x007D0D70 (Microsoft Word + 0x00aebd18)
    # 18  0x02236080 in __WlmMain + 0x00000047 (MicrosoftOffice + 0x004a2080)
    # 19  0x00ad2438 in _wdCommandDispatch + 0x007B6490 (Microsoft Word + 0x00ad1438)
    # 20  0x000028e2 in __mh_execute_header + 0x000018E2 (Microsoft Word + 0x000018e2)
    # 21  0x00002809 in __mh_execute_header + 0x00001809 (Microsoft Word + 0x00001809)

    X86 Thread State:
     eax: 0x00000000  ebx: 0x903700a9  ecx: 0x00000001  edx:0x00000000
     edi: 0xbfffede4  esi: 0x1e895cb0  ebp: 0xbfffeb58  esp:0xbfffead0
      ss: 0x0000001f  eip: 0x9037018f   cs: 0x00000017   ds:0x0000001f
      es: 0x0000001f   fs: 0x00000000   gs: 0x00000037  eflags:0x00010246

    Thread 1:
    #  1  0x91870b06 in _signgam + 0x916D22C6 (libSystem.B.dylib + 0x00000b06)
    #  2  0x918f97eb in _signgam + 0x9175AFAB (libSystem.B.dylib + 0x000897eb)
    #  3  0x01aa4265 in _MerpCreateSession + 0x00000B05 (merp + 0x00002265)
    #  4  0x01aa38cd in _MerpCreateSession + 0x0000016D (merp + 0x000018cd)
    #  5  0x01aa3954 in _MerpCreateSession + 0x000001F4 (merp + 0x00001954)
    #  6  0x01aa440d in _MerpCreateSession + 0x00000CAD (merp + 0x0000240d)
    #  7  0x918a1c55 in _signgam + 0x91703415 (libSystem.B.dylib + 0x00031c55)
    #  8  0x918a1b12 in _signgam + 0x917032D2 (libSystem.B.dylib + 0x00031b12)

    X86 Thread State:
     eax: 0xffffffa6  ebx: 0x918e8609  ecx: 0xb00a0a5c  edx:0x91870b06
     edi: 0x0000001f  esi: 0x3cadb317  ebp: 0xb00a0ac8  esp:0xb00a0a5c
      ss: 0x0000001f  eip: 0x91870b06   cs: 0x00000007   ds:0x0000001f
      es: 0x0000001f   fs: 0x0000001f   gs: 0x00000037  eflags:0x00000202

    Thread 2:
    #  1  0x91877bce in _signgam + 0x916D938E (libSystem.B.dylib + 0x00007bce)
    #  2  0x918a28cd in _signgam + 0x9170408D (libSystem.B.dylib + 0x000328cd)
    #  3  0x91a03460 in __CMProfileID + 0x9193033C (ColorSync + 0x00033460)
    #  4  0x91a15d92 in __CMProfileID + 0x91942C6E (ColorSync + 0x00045d92)
    #  5  0x918a1c55 in _signgam + 0x91703415 (libSystem.B.dylib + 0x00031c55)
    #  6  0x918a1b12 in _signgam + 0x917032D2 (libSystem.B.dylib + 0x00031b12)

    X86 Thread State:
     eax: 0x0000014e  ebx: 0x918a28ed  ecx: 0xb0122e7c  edx:0x91877bce
     edi: 0x05042fa4  esi: 0xb0123000  ebp: 0xb0122ef8  esp:0xb0122e7c
      ss: 0x0000001f  eip: 0x91877bce   cs: 0x00000007   ds:0x0000001f
      es: 0x0000001f   fs: 0x0000001f   gs: 0x00000037  eflags:0x00000246

    Thread 3:
    #  1  0x918d0036 in _signgam + 0x917317F6 (libSystem.B.dylib + 0x00060036)
    #  2  0x016e7552 in _FWaitForConnection + 0x0000002A (MicrosoftComponentPlugin + 0x00171552)
    #  3  0x015f58b8 in _McpFInitNetworkPIDChecking + 0x0000111C (MicrosoftComponentPlugin + 0x0007f8b8)
    #  4  0x96683beb in __gTECMasterGlobals + 0x9639F5AB (CarbonCore + 0x00048beb)
    #  5  0x918a1c55 in _signgam + 0x91703415 (libSystem.B.dylib + 0x00031c55)
    #  6  0x918a1b12 in _signgam + 0x917032D2 (libSystem.B.dylib + 0x00031b12)

    X86 Thread State:
     eax: 0x000c0194  ebx: 0x015f5867  ecx: 0xb01add3c  edx:0x918d0036
     edi: 0x04000000  esi: 0xb01adf24  ebp: 0xb01add58  esp:0xb01add3c
      ss: 0x0000001f  eip: 0x918d0036   cs: 0x00000007   ds:0x0000001f
      es: 0x0000001f   fs: 0x0000001f   gs: 0x00000037  eflags:0x00000282

    Thread 4:
    #  1  0x918b9f16 in _signgam + 0x9171B6D6 (libSystem.B.dylib + 0x00049f16)
    #  2  0x016e75dd in _FReceiveMessage + 0x00000077 (MicrosoftComponentPlugin + 0x001715dd)
    #  3  0x015f5566 in _McpFInitNetworkPIDChecking + 0x00000DCA (MicrosoftComponentPlugin + 0x0007f566)
    #  4  0x96683beb in __gTECMasterGlobals + 0x9639F5AB (CarbonCore + 0x00048beb)
    #  5  0x918a1c55 in _signgam + 0x91703415 (libSystem.B.dylib + 0x00031c55)
    #  6  0x918a1b12 in _signgam + 0x917032D2 (libSystem.B.dylib + 0x00031b12)

    X86 Thread State:
     eax: 0x00000193  ebx: 0x015f54d7  ecx: 0xb022fcac  edx:0x918b9f16
     edi: 0xb022fec4  esi: 0xb022ff34  ebp: 0xb022fcd8  esp:0xb022fcac
      ss: 0x0000001f  eip: 0x918b9f16   cs: 0x00000007   ds:0x0000001f
      es: 0x0000001f   fs: 0x0000001f   gs: 0x00000037  eflags:0x00000282

    Thread 5:
    #  1  0x91870a3a in _signgam + 0x916D21FA (libSystem.B.dylib + 0x00000a3a)
    #  2  0x015f5c7b in _McpFInitNetworkPIDChecking + 0x000014DF (MicrosoftComponentPlugin + 0x0007fc7b)
    #  3  0x96683beb in __gTECMasterGlobals + 0x9639F5AB (CarbonCore + 0x00048beb)
    #  4  0x918a1c55 in _signgam + 0x91703415 (libSystem.B.dylib + 0x00031c55)
    #  5  0x918a1b12 in _signgam + 0x917032D2 (libSystem.B.dylib + 0x00031b12)

    X86 Thread State:
     eax: 0xffffffda  ebx: 0x96696f0f  ecx: 0xb02b1e5c  edx:0x91870a3a
     edi: 0xb02b1f36  esi: 0x00000000  ebp: 0xb02b1e88  esp:0xb02b1e5c
      ss: 0x0000001f  eip: 0x91870a3a   cs: 0x00000007   ds:0x0000001f
      es: 0x0000001f   fs: 0x0000001f   gs: 0x00000037  eflags:0x00000246

    Loaded modules:
    0: Microsoft Word (12.0.0.071130 Reg=en Loc=0x0409): /Applications/Microsoft Office 2008/Microsoft Word.app/Contents/MacOS/Microsoft Word
    [...]

    Operating System Information
    Operating System: Mac OS X 10.5.2 (Build 9C3033)
    CPU: Intel Core Duo, Number: 2, Speed: 1600 MHz
    gestaltPhysicalRAMSize err = 0, result = 2047 MB
    gestaltSystemVersion err = 0, result = 0x1052
    Screen: 1280 x 800, depth = 32, ltbr = 0, 0, 800, 1280

    Microsoft Application Information:
    Error Reporting UUID: 1B018C67-56E8-4516-B277-B474CDE25846
    Time from launch: 0 hours, 0 minutes, 27 seconds
    Total errors on this client: 1

    I installed Microsoft Office 2008 SP1 and hope it resolves the issue.

    - Dmitry Vostokov @ DumpAnalysis.org -

    Posted in Mac Crash Corner | 2 Comments »

    Introducing Mac Crash Corner

    Friday, May 16th, 2008

    As a happy owner of an Apple MacBook Air Laptop I’m introducing the new blog category where I’m going to dig into crash dump analysis on Mac OS X and FreeBSD whenever an occasion happens.

    Buy from Amazon

    In order to seamlessly analyze Windows crash dumps and use WinDbg I also bought VMware Fusion

    Buy from Amazon

    and Microsoft Office 2008 for Mac to write about my experience:

    Buy from Amazon

    - Dmitry Vostokov @ DumpAnalysis.org -

    Posted in Announcements, GDB for WinDbg Users, Mac Crash Corner | No Comments »