Software Diagnostics Library

Crash Dump Analysis Patterns (Part 78a)

This December starts with easy and obvious patterns that I forgot to write about. Integer division by zero is one of the most frequent exceptions. It is easily recognizable in process crash dumps by the processor instruction that caused this exception type (DIV or IDIV):

FAULTING_IP: DLL!FindHighestID+278 1b2713c4 f775e4 div dword ptr [ebp-0×1c]

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff) ExceptionAddress: 1b2713c4 (DLL!FindHighestID+0x00000278) ExceptionCode: c0000094 (Integer divide-by-zero) ExceptionFlags: 00000000 NumberParameters: 0

FAULTING_IP: Application+263d8 004263d8 f7fe idiv eax,esi

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 004263d8 (Application+0x000263d8) ExceptionCode: c0000094 (Integer divide-by-zero) ExceptionFlags: 00000000 NumberParameters: 0

ERROR_CODE: (NTSTATUS) 0xc0000094 - {EXCEPTION} Integer division by zero.

- Dmitry Vostokov @ DumpAnalysis.org -

This entry was posted on Monday, December 1st, 2008 at 5:37 pm and is filed under Crash Dump Analysis, Crash Dump Patterns, Debugging. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Crash Dump Analysis Patterns (Part 78a)”

Crash Dump Analysis » Blog Archive » Crash Dump Analysis Patterns (Part 78b) Says:
November 2nd, 2010 at 11:39 pm
[…] Experts Magazine Online This is a kernel mode counterpart of Divide by Zero pattern in user mode. It manifests under different bugchecks, for […]

Crash Dump Analysis Patterns (Part 78a)

One Response to “Crash Dump Analysis Patterns (Part 78a)”

Leave a Reply