0

I am trying to solve one of my applications crashes and top of the call stack looks like this 

0012f480 7739b6e3 0002051e 0000001f 00000000 <Unloaded_A.dll>+0x172b6
0012f4ac 7739b874 15b772b6 0002051e 0000001f user32!InternalCallWinProc+0x28
0012f524 7739c8b8 0b4d074c 15b772b6 0002051e user32!UserCallWinProcCheckWow+0x151 (FPO: [Non-Fpo])
0012f580 7739c9c6 02acfc48 0000001f 00000000 user32!DispatchClientMessage+0xd9 (FPO: [Non-Fpo])
0012f5a8 7c8283c6 0012f5c0 00000018 0012f6f8 user32!__fnDWORD+0x24 (FPO: [Non-Fpo])
0012f5d4 7738a8db 77388416 0002051e 00000000 ntdll!KiUserCallbackDispatcher+0x2e (FPO: [0,0,0])
0012f5ec 0d58c9a6 0002051e 00000000 0012f61c user32!NtUserCallHwndParamLock+0xc

The above is by doing kv on my dump and looks like the module is getting unloaded but there is window that still exists and is not destroyed properly,

I would like to know information regarding my hwnd which here is 002051e like window title, window procedure and other details.

I tried searching for address on the heap to find any information related to it but I am not able to find any.

There are certain extensions like !hwnd available that can display hwnd information but those I guess are internal to Microsoft, are there any extensions that are available to every one to display this information?

Is there any way I can find this information?

user2800803
  • 65
  • 1
  • 9

1 Answers1

2

I don't know any WinDbg built-in commands, so I may point you to SDbgExt which provides exactly the !hwnd command as needed. It outputs, the window title and class, the window style and extended style, the parent window handle and other potentially interesting information. Unfortunately, SDbgExt works only in live debugging because it gets that information from the system rather the memory of the process. If it works in a dump, then there is a collision between your dump and the live system and you will get totally misleading information.

The reason for this is that windows and message queues are handled by the Windows kernel, so you don't have that information in the user mode dump. You would need a kernel dump to get that information - and probably SDbgExt is not designed for that usage.

Thomas Weller
  • 55,411
  • 20
  • 125
  • 222