Comments on: Crash Dump Analysis Patterns (Part 6b) https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/ Structural and Behavioral Patterns for Software Diagnostics, Forensics and Prognostics Wed, 06 May 2026 13:56:17 +0000 http://wordpress.org/?v=2.3.3 By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-767743 Dmitry Vostokov Sat, 15 Nov 2025 10:31:49 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-767743 Windows ARM64 00007fff`647622e0 f9400400 ldr x0,[x0,#8] 0:026> r x0 x0=0000000000000000 Windows ARM64

00007fff`647622e0 f9400400 ldr x0,[x0,#8]

0:026> r x0
x0=0000000000000000

]]> By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-741734 Dmitry Vostokov Sun, 19 Feb 2017 10:21:32 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-741734 <p align="left">0:004> r rax=0000000000000000 rbx=000000dd5253ce30 rcx=000000d515923a00 rdx=0000000000000000 rsi=0000000000000002 rdi=000000dd5253c940 rip=00007ffd1fbc98cc rsp=000000dd5253d060 rbp=000000dd5253d220 r8=000000d515923a00 r9=00000000ffffffff r10=0000000000000000 r11=000000dd5253d3c8 r12=00007ffd20002460 r13=000000dd636a3101 r14=000000dd51738000 r15=0000000000000c00 iopl=0 nv up ei pl nz na pe nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010200 edgehtml!COmWindowProxy::PrivateAddRef+0x3c: 00007ffd`1fbc98cc 488b7868 mov rdi,qword ptr [rax+68h] ds:00000000`00000068=???????????????? <p align="left">0:004> k # Child-SP RetAddr Call Site 00 000000dd`5253d060 00007ffd`1fbc9850 edgehtml!COmWindowProxy::PrivateAddRef+0x3c 01 000000dd`5253d090 00007ffd`1fbc97eb edgehtml!CEventPathBuilder::SetProxy+0x20 02 000000dd`5253d0c0 00007ffd`1fbcb79b edgehtml!CEventPathBuilder::AppendWindowTarget+0x47 03 000000dd`5253d0f0 00007ffd`1fbc5189 edgehtml!CWindow::BuildEventPath+0x1b 04 000000dd`5253d120 00007ffd`1faec7f1 edgehtml!CEventMgr::Dispatch+0x5c9 05 000000dd`5253d3d0 00007ffd`1faeb7cc edgehtml!CMessagePort::HandlePostMessage+0x10d 06 000000dd`5253d450 00007ffd`1fc4b667 edgehtml!CMessageDispatcher::ProcessNotification+0x5c 07 000000dd`5253d480 00007ffd`1fd521d1 edgehtml!GlobalWndOnPaintPriorityMethodCall+0x457 08 000000dd`5253d570 00007ffd`43a900dc edgehtml!GlobalWndProc+0x101 09 000000dd`5253d5f0 00007ffd`43a8fe52 user32!UserCallWinProcCheckWow+0x1fc 0a 000000dd`5253d6e0 00007ffd`43a9d3fe user32!DispatchClientMessage+0xa2 0b 000000dd`5253d740 00007ffd`462f5714 user32!_fnDWORD+0x3e 0c 000000dd`5253d7a0 00007ffd`43aaffba ntdll!KiUserCallbackDispatcherContinue 0d 000000dd`5253d828 00007ffd`43a8fca7 user32!NtUserDispatchMessage+0xa 0e 000000dd`5253d830 00007ffd`19c6eee8 user32!DispatchMessageWorker+0x247 0f 000000dd`5253d8b0 00007ffd`19cd0bdb eModel!CTabWindow::_TabWindowThreadProc+0x5b8 10 000000dd`5253fb10 00007ffd`3630864f eModel!LCIETab_ThreadProc+0x2bb 11 000000dd`5253fc40 00007ffd`45f42d92 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f 12 000000dd`5253fc70 00007ffd`46269f64 kernel32!BaseThreadInitThunk+0x22 13 000000dd`5253fca0 00000000`00000000 ntdll!RtlUserThreadStart+0x34 0:004> r
rax=0000000000000000 rbx=000000dd5253ce30 rcx=000000d515923a00
rdx=0000000000000000 rsi=0000000000000002 rdi=000000dd5253c940
rip=00007ffd1fbc98cc rsp=000000dd5253d060 rbp=000000dd5253d220
r8=000000d515923a00 r9=00000000ffffffff r10=0000000000000000
r11=000000dd5253d3c8 r12=00007ffd20002460 r13=000000dd636a3101
r14=000000dd51738000 r15=0000000000000c00
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010200
edgehtml!COmWindowProxy::PrivateAddRef+0×3c:
00007ffd`1fbc98cc 488b7868 mov rdi,qword ptr [rax+68h] ds:00000000`00000068=????????????????

0:004> k
# Child-SP RetAddr Call Site
00 000000dd`5253d060 00007ffd`1fbc9850 edgehtml!COmWindowProxy::PrivateAddRef+0×3c
01 000000dd`5253d090 00007ffd`1fbc97eb edgehtml!CEventPathBuilder::SetProxy+0×20
02 000000dd`5253d0c0 00007ffd`1fbcb79b edgehtml!CEventPathBuilder::AppendWindowTarget+0×47
03 000000dd`5253d0f0 00007ffd`1fbc5189 edgehtml!CWindow::BuildEventPath+0×1b
04 000000dd`5253d120 00007ffd`1faec7f1 edgehtml!CEventMgr::Dispatch+0×5c9
05 000000dd`5253d3d0 00007ffd`1faeb7cc edgehtml!CMessagePort::HandlePostMessage+0×10d
06 000000dd`5253d450 00007ffd`1fc4b667 edgehtml!CMessageDispatcher::ProcessNotification+0×5c
07 000000dd`5253d480 00007ffd`1fd521d1 edgehtml!GlobalWndOnPaintPriorityMethodCall+0×457
08 000000dd`5253d570 00007ffd`43a900dc edgehtml!GlobalWndProc+0×101
09 000000dd`5253d5f0 00007ffd`43a8fe52 user32!UserCallWinProcCheckWow+0×1fc
0a 000000dd`5253d6e0 00007ffd`43a9d3fe user32!DispatchClientMessage+0xa2
0b 000000dd`5253d740 00007ffd`462f5714 user32!_fnDWORD+0×3e
0c 000000dd`5253d7a0 00007ffd`43aaffba ntdll!KiUserCallbackDispatcherContinue
0d 000000dd`5253d828 00007ffd`43a8fca7 user32!NtUserDispatchMessage+0xa
0e 000000dd`5253d830 00007ffd`19c6eee8 user32!DispatchMessageWorker+0×247
0f 000000dd`5253d8b0 00007ffd`19cd0bdb eModel!CTabWindow::_TabWindowThreadProc+0×5b8
10 000000dd`5253fb10 00007ffd`3630864f eModel!LCIETab_ThreadProc+0×2bb
11 000000dd`5253fc40 00007ffd`45f42d92 iertutil!_IsoThreadProc_WrapperToReleaseScope+0×1f
12 000000dd`5253fc70 00007ffd`46269f64 kernel32!BaseThreadInitThunk+0×22
13 000000dd`5253fca0 00000000`00000000 ntdll!RtlUserThreadStart+0×34

]]> By: Dmitry Vostokov https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-741722 Dmitry Vostokov Fri, 07 Oct 2016 06:44:57 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-741722 Another example that also shows .cxr command in x64 context: <p align="left">0:006> k # Child-SP RetAddr Call Site 00 000000a9`be019378 00007ffe`1b11918f ntdll!NtWaitForMultipleObjects+0xa 01 000000a9`be019380 00007ffe`1b11908e KERNELBASE!WaitForMultipleObjectsEx+0xef 02 000000a9`be019680 00007ffe`1b92155c KERNELBASE!WaitForMultipleObjects+0xe 03 000000a9`be0196c0 00007ffe`1b921088 kernel32!BasepReportFault+0x54c 04 000000a9`be019c30 00007ffe`1b1403cd kernel32!BasepReportFault+0x78 05 000000a9`be019c60 00007ffe`1dd8dbf6 KERNELBASE!UnhandledExceptionFilter+0x1fd 06 000000a9`be019d60 00007ffe`1dd65680 ntdll!LdrpLogFatalUserCallbackException+0x56 07 000000a9`be019e90 00007ffe`1dd6666d ntdll!KiUserCallbackDispatcherHandler+0x20 08 000000a9`be019ed0 00007ffe`1dce3c00 ntdll!RtlpExecuteHandlerForException+0xd 09 000000a9`be019f00 00007ffe`1dd6577a ntdll!RtlDispatchException+0x370 0a 000000a9`be01a600 00007ffd`f98e8f69 ntdll!KiUserExceptionDispatch+0x3a 0b 000000a9`be01ad00 00007ffd`f98e5c94 edgehtml!CWebPlatformTridentHost::LoadNewWindowContent+0x35 0c 000000a9`be01ad90 00007ffe`1b84b0b3 edgehtml!CWebPlatform::LoadNewWindowContent+0x64 0d 000000a9`be01ae10 00007ffe`1b80521e rpcrt4!Invoke+0x73 0e 000000a9`be01aea0 00007ffe`1b83aaba rpcrt4!NdrStubCall2+0x34e 0f 000000a9`be01b4f0 00007ffe`1d414b1b rpcrt4!NdrStubCall3+0xea 10 000000a9`be01b560 00007ffe`1d4c25b2 combase!CStdStubBuffer_Invoke+0x6b 11 000000a9`be01b5a0 00007ffe`1d490845 combase!CoGetContextToken+0x262 12 000000a9`be01b610 00007ffe`1d47f95e combase!CoCreateFreeThreadedMarshaler+0x5735 13 000000a9`be01b830 00007ffe`1d48219e combase!CoGetObjectContext+0x9bce 14 000000a9`be01bb00 00007ffe`1d4842bf combase!CoGetObjectContext+0xc40e 15 000000a9`be01bcb0 00007ffe`1d47da9c combase!CoGetObjectContext+0xe52f 16 000000a9`be01bf40 00007ffe`1ba300dc combase!CoGetObjectContext+0x7d0c 17 000000a9`be01c090 00007ffe`1ba2fc07 user32!UserCallWinProcCheckWow+0x1fc 18 000000a9`be01c180 00007ffe`1d4865e9 user32!DispatchMessageWorker+0x1a7 19 000000a9`be01c200 00007ffe`1d486b8f combase!CoGetObjectContext+0x10859 1a 000000a9`be01c270 00007ffe`1d491c2d combase!CoGetObjectContext+0x10dff 1b 000000a9`be01c2d0 00007ffe`1d48d7a9 combase!CoCreateFreeThreadedMarshaler+0x6b1d 1c 000000a9`be01c420 00007ffe`1d48e215 combase!CoCreateFreeThreadedMarshaler+0x2699 1d 000000a9`be01c600 00007ffe`1d41475b combase!CoCreateFreeThreadedMarshaler+0x3105 1e 000000a9`be01c7c0 00007ffe`1b8aa340 combase!NdrOleDllGetClassObject+0xf2b 1f 000000a9`be01c830 00007ffe`1d414544 rpcrt4!NdrpClientCall3+0x460 20 000000a9`be01cc20 00007ffe`1d51f192 combase!NdrOleDllGetClassObject+0xd14 21 000000a9`be01cfb0 00007ffe`1d4a8b8d combase!ObjectStublessClient32+0xfc32 22 000000a9`be01d000 00007ffe`1d4a8a65 combase!CoWaitForMultipleHandles+0x3cd 23 000000a9`be01d070 00007ffe`1d49849d combase!CoWaitForMultipleHandles+0x2a5 24 000000a9`be01d110 00007ffe`1d49cc3a combase!CoCreateFreeThreadedMarshaler+0xd38d 25 000000a9`be01d2e0 00007ffe`1d48b6d0 combase!CoCreateFreeThreadedMarshaler+0x11b2a 26 000000a9`be01d3e0 00007ffe`1d4113f7 combase!CoCreateFreeThreadedMarshaler+0x5c0 27 000000a9`be01d430 00007ffe`1d94bd66 combase!CStdStubBuffer2_QueryInterface+0x117 28 000000a9`be01d460 00007ffd`f05ebef0 oleaut32!VariantClear+0x176 29 000000a9`be01d490 00007ffd`f05ed839 eModel!CIEFrameAuto::SetOwner+0x2b0 2a 000000a9`be01d4f0 00007ffd`f05f7892 eModel!CBrowserTabBase::v_OnDestroy+0x69 2b 000000a9`be01d520 00007ffd`f05f5247 eModel!CBrowserTab::v_OnDestroy+0x12 2c 000000a9`be01d550 00007ffd`f05f1b1b eModel!CBrowserTab::v_WndProc+0x447 2d 000000a9`be01d710 00007ffe`1ba300dc eModel!CBrowserTab::s_WndProc+0x5b 2e 000000a9`be01d760 00007ffe`1ba2fe52 user32!UserCallWinProcCheckWow+0x1fc 2f 000000a9`be01d850 00007ffe`1ba3d3fe user32!DispatchClientMessage+0xa2 30 000000a9`be01d8b0 00007ffe`1dd65714 user32!_fnDWORD+0x3e 31 000000a9`be01d910 00007ffe`1ba5061a ntdll!KiUserCallbackDispatcherContinue 32 000000a9`be01d998 00007ffd`f05f6c8c user32!NtUserDestroyWindow+0xa 33 000000a9`be01d9a0 00007ffd`f05f6ebb eModel!CBrowserTab::_DoFinalCleanup+0x35c 34 000000a9`be01da50 00007ffd`f05f6620 eModel!CBrowserTab::_OnConfirmedClose+0x2f 35 000000a9`be01da80 00007ffd`f05cf026 eModel!CBrowserTab::OnClose+0x170 36 000000a9`be01dae0 00007ffd`f063065b eModel!CTabWindow::_TabWindowThreadProc+0x7a6 37 000000a9`be01fd40 00007ffe`1326856f eModel!LCIETab_ThreadProc+0x2bb 38 000000a9`be01fe70 00007ffe`1b912d92 iertutil!IEGetTabWindowExports+0x2f 39 000000a9`be01fea0 00007ffe`1dcd9f64 kernel32!BaseThreadInitThunk+0x22 3a 000000a9`be01fed0 00000000`00000000 ntdll!RtlUserThreadStart+0x34</p> <p align="left">0:006> .cxr 000000a9`be01a600 rax=0000000001000002 rbx=0000000000000009 rcx=0000000000000000 rdx=000000a9be2d1300 rsi=000000a9be01ade0 rdi=0000000000000000 rip=00007ffdf98e8f69 rsp=000000a9be01ad00 rbp=000000a9be2d1190 r8=000000a9be2d1190 r9=000000a9be01ade0 r10=00007ffdf98e5c30 r11=0000000000001000 r12=00007ffdf1b47382 r13=000000a9c01fc358 r14=000000a9be2d1300 r15=000000a9be01b5a0 iopl=0 nv up ei pl zr na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 edgehtml!CWebPlatformTridentHost::LoadNewWindowContent+0x35: 00007ffd`f98e8f69 488b07 mov rax,qword ptr [rdi] ds:00000000`00000000=????????????????</p> <p align="left">0:006> kc *** Stack trace for last set context - .thread/.cxr resets it # Call Site 00 edgehtml!CWebPlatformTridentHost::LoadNewWindowContent 01 edgehtml!CWebPlatform::LoadNewWindowContent 02 rpcrt4!Invoke 03 rpcrt4!NdrStubCall2 04 rpcrt4!NdrStubCall3 05 combase!CStdStubBuffer_Invoke 06 combase!CoGetContextToken 07 combase!CoCreateFreeThreadedMarshaler 08 combase!CoGetObjectContext 09 combase!CoGetObjectContext 0a combase!CoGetObjectContext 0b combase!CoGetObjectContext 0c user32!UserCallWinProcCheckWow 0d user32!DispatchMessageWorker 0e combase!CoGetObjectContext 0f combase!CoGetObjectContext 10 combase!CoCreateFreeThreadedMarshaler 11 combase!CoCreateFreeThreadedMarshaler 12 combase!CoCreateFreeThreadedMarshaler 13 combase!NdrOleDllGetClassObject 14 rpcrt4!NdrpClientCall3 15 combase!NdrOleDllGetClassObject 16 combase!ObjectStublessClient32 17 combase!CoWaitForMultipleHandles 18 combase!CoWaitForMultipleHandles 19 combase!CoCreateFreeThreadedMarshaler 1a combase!CoCreateFreeThreadedMarshaler 1b combase!CoCreateFreeThreadedMarshaler 1c combase!CStdStubBuffer2_QueryInterface 1d oleaut32!VariantClear 1e eModel!CIEFrameAuto::SetOwner 1f eModel!CBrowserTabBase::v_OnDestroy 20 eModel!CBrowserTab::v_OnDestroy 21 eModel!CBrowserTab::v_WndProc 22 eModel!CBrowserTab::s_WndProc 23 user32!UserCallWinProcCheckWow 24 user32!DispatchClientMessage 25 user32!_fnDWORD 26 ntdll!KiUserCallbackDispatcherContinue 27 user32!NtUserDestroyWindow 28 eModel!CBrowserTab::_DoFinalCleanup 29 eModel!CBrowserTab::_OnConfirmedClose 2a eModel!CBrowserTab::OnClose 2b eModel!CTabWindow::_TabWindowThreadProc 2c eModel!LCIETab_ThreadProc 2d iertutil!IEGetTabWindowExports 2e kernel32!BaseThreadInitThunk 2f ntdll!RtlUserThreadStart</p> Another example that also shows .cxr command in x64 context:

0:006> k
# Child-SP RetAddr Call Site
00 000000a9`be019378 00007ffe`1b11918f ntdll!NtWaitForMultipleObjects+0xa
01 000000a9`be019380 00007ffe`1b11908e KERNELBASE!WaitForMultipleObjectsEx+0xef
02 000000a9`be019680 00007ffe`1b92155c KERNELBASE!WaitForMultipleObjects+0xe
03 000000a9`be0196c0 00007ffe`1b921088 kernel32!BasepReportFault+0×54c
04 000000a9`be019c30 00007ffe`1b1403cd kernel32!BasepReportFault+0×78
05 000000a9`be019c60 00007ffe`1dd8dbf6 KERNELBASE!UnhandledExceptionFilter+0×1fd
06 000000a9`be019d60 00007ffe`1dd65680 ntdll!LdrpLogFatalUserCallbackException+0×56
07 000000a9`be019e90 00007ffe`1dd6666d ntdll!KiUserCallbackDispatcherHandler+0×20
08 000000a9`be019ed0 00007ffe`1dce3c00 ntdll!RtlpExecuteHandlerForException+0xd
09 000000a9`be019f00 00007ffe`1dd6577a ntdll!RtlDispatchException+0×370
0a 000000a9`be01a600 00007ffd`f98e8f69 ntdll!KiUserExceptionDispatch+0×3a
0b 000000a9`be01ad00 00007ffd`f98e5c94 edgehtml!CWebPlatformTridentHost::LoadNewWindowContent+0×35
0c 000000a9`be01ad90 00007ffe`1b84b0b3 edgehtml!CWebPlatform::LoadNewWindowContent+0×64
0d 000000a9`be01ae10 00007ffe`1b80521e rpcrt4!Invoke+0×73
0e 000000a9`be01aea0 00007ffe`1b83aaba rpcrt4!NdrStubCall2+0×34e
0f 000000a9`be01b4f0 00007ffe`1d414b1b rpcrt4!NdrStubCall3+0xea
10 000000a9`be01b560 00007ffe`1d4c25b2 combase!CStdStubBuffer_Invoke+0×6b
11 000000a9`be01b5a0 00007ffe`1d490845 combase!CoGetContextToken+0×262
12 000000a9`be01b610 00007ffe`1d47f95e combase!CoCreateFreeThreadedMarshaler+0×5735
13 000000a9`be01b830 00007ffe`1d48219e combase!CoGetObjectContext+0×9bce
14 000000a9`be01bb00 00007ffe`1d4842bf combase!CoGetObjectContext+0xc40e
15 000000a9`be01bcb0 00007ffe`1d47da9c combase!CoGetObjectContext+0xe52f
16 000000a9`be01bf40 00007ffe`1ba300dc combase!CoGetObjectContext+0×7d0c
17 000000a9`be01c090 00007ffe`1ba2fc07 user32!UserCallWinProcCheckWow+0×1fc
18 000000a9`be01c180 00007ffe`1d4865e9 user32!DispatchMessageWorker+0×1a7
19 000000a9`be01c200 00007ffe`1d486b8f combase!CoGetObjectContext+0×10859
1a 000000a9`be01c270 00007ffe`1d491c2d combase!CoGetObjectContext+0×10dff
1b 000000a9`be01c2d0 00007ffe`1d48d7a9 combase!CoCreateFreeThreadedMarshaler+0×6b1d
1c 000000a9`be01c420 00007ffe`1d48e215 combase!CoCreateFreeThreadedMarshaler+0×2699
1d 000000a9`be01c600 00007ffe`1d41475b combase!CoCreateFreeThreadedMarshaler+0×3105
1e 000000a9`be01c7c0 00007ffe`1b8aa340 combase!NdrOleDllGetClassObject+0xf2b
1f 000000a9`be01c830 00007ffe`1d414544 rpcrt4!NdrpClientCall3+0×460
20 000000a9`be01cc20 00007ffe`1d51f192 combase!NdrOleDllGetClassObject+0xd14
21 000000a9`be01cfb0 00007ffe`1d4a8b8d combase!ObjectStublessClient32+0xfc32
22 000000a9`be01d000 00007ffe`1d4a8a65 combase!CoWaitForMultipleHandles+0×3cd
23 000000a9`be01d070 00007ffe`1d49849d combase!CoWaitForMultipleHandles+0×2a5
24 000000a9`be01d110 00007ffe`1d49cc3a combase!CoCreateFreeThreadedMarshaler+0xd38d
25 000000a9`be01d2e0 00007ffe`1d48b6d0 combase!CoCreateFreeThreadedMarshaler+0×11b2a
26 000000a9`be01d3e0 00007ffe`1d4113f7 combase!CoCreateFreeThreadedMarshaler+0×5c0
27 000000a9`be01d430 00007ffe`1d94bd66 combase!CStdStubBuffer2_QueryInterface+0×117
28 000000a9`be01d460 00007ffd`f05ebef0 oleaut32!VariantClear+0×176
29 000000a9`be01d490 00007ffd`f05ed839 eModel!CIEFrameAuto::SetOwner+0×2b0
2a 000000a9`be01d4f0 00007ffd`f05f7892 eModel!CBrowserTabBase::v_OnDestroy+0×69
2b 000000a9`be01d520 00007ffd`f05f5247 eModel!CBrowserTab::v_OnDestroy+0×12
2c 000000a9`be01d550 00007ffd`f05f1b1b eModel!CBrowserTab::v_WndProc+0×447
2d 000000a9`be01d710 00007ffe`1ba300dc eModel!CBrowserTab::s_WndProc+0×5b
2e 000000a9`be01d760 00007ffe`1ba2fe52 user32!UserCallWinProcCheckWow+0×1fc
2f 000000a9`be01d850 00007ffe`1ba3d3fe user32!DispatchClientMessage+0xa2
30 000000a9`be01d8b0 00007ffe`1dd65714 user32!_fnDWORD+0×3e
31 000000a9`be01d910 00007ffe`1ba5061a ntdll!KiUserCallbackDispatcherContinue
32 000000a9`be01d998 00007ffd`f05f6c8c user32!NtUserDestroyWindow+0xa
33 000000a9`be01d9a0 00007ffd`f05f6ebb eModel!CBrowserTab::_DoFinalCleanup+0×35c
34 000000a9`be01da50 00007ffd`f05f6620 eModel!CBrowserTab::_OnConfirmedClose+0×2f
35 000000a9`be01da80 00007ffd`f05cf026 eModel!CBrowserTab::OnClose+0×170
36 000000a9`be01dae0 00007ffd`f063065b eModel!CTabWindow::_TabWindowThreadProc+0×7a6
37 000000a9`be01fd40 00007ffe`1326856f eModel!LCIETab_ThreadProc+0×2bb
38 000000a9`be01fe70 00007ffe`1b912d92 iertutil!IEGetTabWindowExports+0×2f
39 000000a9`be01fea0 00007ffe`1dcd9f64 kernel32!BaseThreadInitThunk+0×22
3a 000000a9`be01fed0 00000000`00000000 ntdll!RtlUserThreadStart+0×34

0:006> .cxr 000000a9`be01a600
rax=0000000001000002 rbx=0000000000000009 rcx=0000000000000000
rdx=000000a9be2d1300 rsi=000000a9be01ade0 rdi=0000000000000000
rip=00007ffdf98e8f69 rsp=000000a9be01ad00 rbp=000000a9be2d1190
r8=000000a9be2d1190 r9=000000a9be01ade0 r10=00007ffdf98e5c30
r11=0000000000001000 r12=00007ffdf1b47382 r13=000000a9c01fc358
r14=000000a9be2d1300 r15=000000a9be01b5a0
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
edgehtml!CWebPlatformTridentHost::LoadNewWindowContent+0×35:
00007ffd`f98e8f69 488b07 mov rax,qword ptr [rdi] ds:00000000`00000000=????????????????

0:006> kc
*** Stack trace for last set context - .thread/.cxr resets it
# Call Site
00 edgehtml!CWebPlatformTridentHost::LoadNewWindowContent
01 edgehtml!CWebPlatform::LoadNewWindowContent
02 rpcrt4!Invoke
03 rpcrt4!NdrStubCall2
04 rpcrt4!NdrStubCall3
05 combase!CStdStubBuffer_Invoke
06 combase!CoGetContextToken
07 combase!CoCreateFreeThreadedMarshaler
08 combase!CoGetObjectContext
09 combase!CoGetObjectContext
0a combase!CoGetObjectContext
0b combase!CoGetObjectContext
0c user32!UserCallWinProcCheckWow
0d user32!DispatchMessageWorker
0e combase!CoGetObjectContext
0f combase!CoGetObjectContext
10 combase!CoCreateFreeThreadedMarshaler
11 combase!CoCreateFreeThreadedMarshaler
12 combase!CoCreateFreeThreadedMarshaler
13 combase!NdrOleDllGetClassObject
14 rpcrt4!NdrpClientCall3
15 combase!NdrOleDllGetClassObject
16 combase!ObjectStublessClient32
17 combase!CoWaitForMultipleHandles
18 combase!CoWaitForMultipleHandles
19 combase!CoCreateFreeThreadedMarshaler
1a combase!CoCreateFreeThreadedMarshaler
1b combase!CoCreateFreeThreadedMarshaler
1c combase!CStdStubBuffer2_QueryInterface
1d oleaut32!VariantClear
1e eModel!CIEFrameAuto::SetOwner
1f eModel!CBrowserTabBase::v_OnDestroy
20 eModel!CBrowserTab::v_OnDestroy
21 eModel!CBrowserTab::v_WndProc
22 eModel!CBrowserTab::s_WndProc
23 user32!UserCallWinProcCheckWow
24 user32!DispatchClientMessage
25 user32!_fnDWORD
26 ntdll!KiUserCallbackDispatcherContinue
27 user32!NtUserDestroyWindow
28 eModel!CBrowserTab::_DoFinalCleanup
29 eModel!CBrowserTab::_OnConfirmedClose
2a eModel!CBrowserTab::OnClose
2b eModel!CTabWindow::_TabWindowThreadProc
2c eModel!LCIETab_ThreadProc
2d iertutil!IEGetTabWindowExports
2e kernel32!BaseThreadInitThunk
2f ntdll!RtlUserThreadStart

]]> By: Crash Dump Analysis » Blog Archive » Icons for Memory Dump Analysis Patterns (Part 10) https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-137591 Crash Dump Analysis » Blog Archive » Icons for Memory Dump Analysis Patterns (Part 10) Wed, 24 Mar 2010 11:16:54 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-137591 [...] we introduce an icon for NULL Pointer (data) [...] […] we introduce an icon for NULL Pointer (data) […]

]]> By: Crash Dump Analysis » Blog Archive » NULL data pointer, stack trace, inline function optimization and platformorphic fault: pattern cooperation https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-86245 Crash Dump Analysis » Blog Archive » NULL data pointer, stack trace, inline function optimization and platformorphic fault: pattern cooperation Mon, 27 Jul 2009 20:03:44 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-86245 [...] clearly have an instance of a NULL pointer data access. If we try to match this stack trace to known faults in database we would probably [...] […] clearly have an instance of a NULL pointer data access. If we try to match this stack trace to known faults in database we would probably […]

]]> By: Crash Dump Analysis » Blog Archive » WOW64 process, NULL data pointer, stack overflow, main thread, incorrect stack trace, nested exceptions, hidden exception, manual dump, multiple exceptions and virtualized system: pattern cooperation https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-84355 Crash Dump Analysis » Blog Archive » WOW64 process, NULL data pointer, stack overflow, main thread, incorrect stack trace, nested exceptions, hidden exception, manual dump, multiple exceptions and virtualized system: pattern cooperation Sun, 12 Jul 2009 17:09:35 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-84355 [...] 32-bit WOW64 process was crashing when accessing a direct NULL data pointer with the following stack [...] […] 32-bit WOW64 process was crashing when accessing a direct NULL data pointer with the following stack […]

]]> By: Crash Dump Analysis » Blog Archive » Null data pointer, pass through functions and platformorphic fault: pattern cooperation https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-79994 Crash Dump Analysis » Blog Archive » Null data pointer, pass through functions and platformorphic fault: pattern cooperation Fri, 19 Jun 2009 23:29:37 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-79994 [...] We got a bugcheck when a accessing a NULL data pointer: [...] […] We got a bugcheck when a accessing a NULL data pointer: […]

]]> By: Crash Dump Analysis » Blog Archive » Sentinel Pointers https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-74280 Crash Dump Analysis » Blog Archive » Sentinel Pointers Wed, 13 May 2009 15:20:58 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-74280 [...] can think that ESI was 0 but it was 0xFFFFFFFF. Adding 0xAC to it produced an effective NULL data pointer 0xAB through integer addition overflow if we consider addition as unsigned. It is easy to see the [...] […] can think that ESI was 0 but it was 0xFFFFFFFF. Adding 0xAC to it produced an effective NULL data pointer 0xAB through integer addition overflow if we consider addition as unsigned. It is easy to see the […]

]]> By: Crash Dump Analysis » Blog Archive » Null data pointer, incorrect stack trace, changed environment, hooked functions and coincidental symbolic information: pattern cooperation https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-72578 Crash Dump Analysis » Blog Archive » Null data pointer, incorrect stack trace, changed environment, hooked functions and coincidental symbolic information: pattern cooperation Tue, 28 Apr 2009 16:55:55 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-72578 [...] GUI-enhancing hooking and patching 3rd-party products. The dump was analyzed and it shows the data NULL pointer access [...] […] GUI-enhancing hooking and patching 3rd-party products. The dump was analyzed and it shows the data NULL pointer access […]

]]> By: Crash Dump Analysis » Blog Archive » NULL Data Pointer Pattern: case study https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-71364 Crash Dump Analysis » Blog Archive » NULL Data Pointer Pattern: case study Wed, 15 Apr 2009 14:05:30 +0000 https://www.dumpanalysis.org/blog/index.php/2009/04/14/crash-dump-analysis-patterns-part-6b/#comment-71364 [...] (0x7DA) - The Year of Dump Analysis Here is the promised case study for the previous post about data NULL pointers. The complete dump has this [...] […] (0×7DA) - The Year of Dump Analysis Here is the promised case study for the previous post about data NULL pointers. The complete dump has this […]

]]>