Heap stack traces from W2K3/XP user dump
If you have user mode stack trace DB enabled on Windows 2003 for some service or application (here is an example for Citrix IMA service) and if you get a dump and try to get saved stack traces using !heap extension command you get these errors:
0:000> !heap -k -h 000a0000
Heap entries for Segment00 in Heap 000a0000
000a0c50: 00c50 . 00040 [01] - busy (40)
000a0c90: 00040 . 01818 [07] - busy (1800), tail fill - unable to read heap entry extra at 000a24a0
000a24a8: 01818 . 00030 [07] - busy (18), tail fill - unable to read heap entry extra at 000a24d0
000a24d8: 00030 . 005a0 [07] - busy (588), tail fill - unable to read heap entry extra at 000a2a70
The solution is to use Windows 2000 extension ntsdexts.dll:
0:000> !.\w2kfre\ntsdexts.heap -k -h 000a0000
Stack trace (12) at 1021bfc:
7c85fc22: ntdll!RtlAllocateHeapSlowly+0×00000041
7c81d4df: ntdll!RtlAllocateHeap+0×00000E9F
7c83467a: ntdll!LdrpAllocateUnicodeString+0×00000035
7c8354f4: ntdll!LdrpCopyUnicodeString+0×00000031
7c83517b: ntdll!LdrpResolveDllName+0×00000195
7c834b2a: ntdll!LdrpMapDll+0×0000014F
7c837474: ntdll!LdrpLoadImportModule+0×0000017C
7c837368: ntdll!LdrpHandleOneNewFormatImportDescriptor+0×0000004D
7c837317: ntdll!LdrpHandleNewFormatImportDescriptors+0×0000001D
7c837441: ntdll!LdrpWalkImportDescriptor+0×00000195
7c80f560: ntdll!LdrpInitializeProcess+0×00000E3E
7c80ea0b: ntdll!_LdrpInitialize+0×000000D0
7c82ec2d: ntdll!KiUserApcDispatcher+0×00000025
- Dmitry Vostokov @ DumpAnalysis.org -