0

I have an crash issue with one of our customers, and I managed to acquire the logs with adplus -pmn utility, running in monitor mode so that it monitors the process during the crash.

Once I inspected the dump, it shows me the following:

WARNING: Frame IP not in any known module. Following frames may be wrong

enter image description here

The dump file has an access violation. But the callstack only has functions from IE javascript engine.

I am trying to get the correct callstack, and I noticed this article from 2011 that explains the virtual address space in windows, and apparently my program is in another address space.

Any approach on getting the call stack from this crash?

Highly appreciate it.

Loop
  • 233
  • 1
  • 3
  • 13
  • 1
    try !analyze -v first and look at the call stack it outputs process contexts apply only to kernel mode your stack appears to be usermode stack so you probably have a user mode minidump – blabb Sep 11 '18 at 18:45
  • 1
    To add to @blabb comment, be wary that JS engines will JIT code, hence some code might be completely out of any module. Basically the JS engine allocates executable pages, JIT the JS code into those pages and jump into them. – Neitsa Sep 12 '18 at 10:11
  • Useful information, is it possible to debug our C application in that case? It seems to be tricky. – Loop Sep 13 '18 at 08:07

0 Answers0