0

Trying to debug a crash in one of our DLL's. It is loaded into Server Manager and crashes when trying to configure Active Directory Certificate Services (the DLL is a registered provider). I know the crash is an access violation and I have the pdb file, just don't know how to go about debugging this. I've read pages such as this and this (didn't help). I tried to glean the info using windbg (using lm to get the loaded address, which appears to be 8000000:

"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" -z myKSP.dll

Then

0:000> lm 
start             end                 module name
00000001`80000000 00000001`8005e000 ...

Then, since the Event Viewer tells me:

Exception code: 0xc0000005
Fault offset: 0x000000000002a601

I tried to view that:

0:000> ln 80000000+2a601
Browse module
Set bu breakpoint

Nothing is shown.

I have VS2015, so, I tried to attach to the serververmanager.exe process. Next, I tried loading symbols via Tools->Options->Debugging->Symbols and specifying the path, but, when I set a breakpoint, I always receive "no symbols have been loaded". In the previous symbol windows, I set the cache folder, which downloaded a bunch of stuff, but that did not seem to load anything.

Clearly, I'm not using the tools correctly. How do I debug a DLL, compiled in Release mode, PDB is available, that is loaded by the ServerManager.exe or whatever sub-process it might spawn)?

Community
  • 1
  • 1
Jon
  • 1,675
  • 26
  • 57
  • Attach Visual Studio and configure it to break, when a Win32 exception is thrown. You can deal with symbols later, once the debugger has suspended the process. – IInspectable Jul 11 '16 at 19:55
  • Ok, the process has suspended... what should I do now? Still does not load symbols, I don't seem to have a "modules" window and the stack trace that's shown, is nowhere near my dll. – Jon Jul 11 '16 at 20:32
  • You can ask Windows to create a crash dump file for your executable, run it until it crashes then open the file with windbg.exe – alexm Jul 11 '16 at 23:39
  • Okay, I have a crashdump file. I have the PDB that matches the DLL which crashed but, when I open the dump in VS2015, it never seems to load any symbols. When I click on the callstack entry I wish to view, the Disassembly just has a line above the assembler which says "No source file". The modules window also says, for Symbol Status, No symbols. In the Options->Debugging->Symbols, I have the location where my symbol file is located, it's checked and "All modules" is selected. Why then, am I not seeing the symbols loaded for this dll? – Jon Jul 12 '16 at 14:59
  • You didn't get the whole base address. It's 00000001`80000000, not 80000000. – Raymond Chen Jul 14 '16 at 01:17

1 Answers1

0

Start windbg, press Ctrl-D to open your dump file, then type the following. That should give you either a significant stack after one of the kp500, or at least will tell you whether the pdb file doesn't match the binary.

.symfix
.sympath+ <FOLDER_WITH_YOUR_PDB>
.reload
!sym noisy
.reload /v /f myKSP.dll
!sym quiet
kp500
.ecxr
kp500
Nicolas Dietrich
  • 91
  • 2