Crash Dump Analysis Patterns (Part 113)

Sometimes we have very similar abnormal software behaviour dispositions (like crashes with similar stack traces) for different applications or services. In such cases we should also check application or service vendor and copyright in the output of lmv command. Similar to Template Module Same Vendor pattern can be useful to relate such different incidents. Usually in the same company code and people reuse tends to distribute code fragments and code construction styles across different product lines and software defects might surface in different images. For example:

0:000> lmv m ApplicationA
start    end        module name
00400000 00d99000   ApplicationA   (deferred)            
[...]
    Image name: ApplicationA.exe
    Timestamp:        [...]
    CheckSum:         00000000
[...]
    CompanyName:      CompanyA
    ProductName:      CompanyA Application
    LegalCopyright:   Copyright (c) CompanyA
[…]

0:000> lmv m ApplicationB
start    end        module name
00400000 019d0000   ApplicationB  C (no symbols)          
    Image name: ApplicationB.exe
[...]
    CompanyName:      CompanyA
    ProductName:      ApplicationB
    LegalCopyright:   Copyright (c) CompanyA
[…]

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Leave a Reply