Blocked threads, message box and self-diagnosis: pattern cooperation

This is a very simple case study. One service was hanging and its user dump was taken. Inspection of its critical sections reveals the one thread blocking 32 other threads. The owner stack trace points to Message Box pattern:

0:000> !cs -l -o -s
[...]
DebugInfo          = 0x00151e20
Critical section   = 0x00455bd0 (ServiceA!g_CritSec+0x0)
LOCKED
LockCount          = 0×20
WaiterWoken        = No
OwningThread       = 0×00005774
RecursionCount     = 0×1
LockSemaphore      = 0×18
SpinCount          = 0×00000000
OwningThread DbgId = ~24s
OwningThread Stack =
ChildEBP RetAddr  Args to Child              
00d0d854 77e3bf53 77e3610a 00000000 00000000 ntdll!KiFastSystemCallRet
00d0d88c 77e2969d 07a1006e 00000000 00000001 user32!NtUserWaitMessage+0xc
00d0d8b4 77e3f762 77e20000 00181620 00000000 user32!InternalDialogBox+0xd0
00d0db74 77e3f047 00d0dcd0 00d0e810 00d0f3dc user32!SoftModalMessageBox+0×94b
00d0dcc4 77e3eec9 00d0dcd0 00000028 00000000 user32!MessageBoxWorker+0×2ba
00d0dd1c 77e3ee65 00000000 00d0de94 00d0dd84 user32!MessageBoxTimeoutW+0×7a
00d0dd3c 77e3ee41 00000000 00d0de94 00d0dd84 user32!MessageBoxExW+0×1b
00d0dd58 25010b67 00000000 00d0de94 00d0dd84 user32!MessageBoxW+0×45
WARNING: Stack unwind information not available. Following frames may be wrong.
00d0de84 25010372 00d0de94 00010010 00690044 moduleA!DllMain+0×8b27
00d0e298 25018e3d 00002754 25067c58 25066a74 moduleA!DllMain+0×8332
[…]
00d0f974 00403e83 00000008 00d0f98c 00d0fae0 ServiceA!Create+0×39
[…]

Inspecting message box parameters we see a self-diagnostic message:

0:000> du /c 100 00d0de94
00d0de94  “The installation of Software Product A was not successful because moduleA could not be installed.”

- Dmitry Vostokov @ DumpAnalysis.org -

One Response to “Blocked threads, message box and self-diagnosis: pattern cooperation”

  1. Crash Dump Analysis » Blog Archive » !cs vs. !ntsdexts.locks Says:

    […] Blocked threads, message box and self-diagnosis […]

Leave a Reply

You must be logged in to post a comment.