I have an application which crashes upon a specific action taken by the user. For instance, when I click on a specific button in the application, it crashes.
So, I attached windbg to this application and then performed the same operation which would trigger the crash.
When the crash happened, debugger shows the following output:
0:001> g
ModLoad: 04530000 04565000 C:\Windows\SysWOW64\ws2_32.DLL
ModLoad: 72430000 7246c000 C:\Windows\SysWOW64\mswsock.dll
ModLoad: 723e0000 723e5000 C:\Windows\SysWOW64\wshtcpip.dll
(10b0.1e9c): C++ EH exception - code e06d7363 (first chance)
(10b0.1c94): C++ EH exception - code e06d7363 (first chance)
(10b0.1c94): C++ EH exception - code e06d7363 (!!! second chance !!!)
eax=00000000 ebx=040ee7e0 ecx=00000003 edx=00000000 esi=005c7630 edi=00400000
eip=770715de esp=040ee7cc ebp=040eece4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!ZwRaiseException+0x12:
770715de 83c404 add esp,4
I want to analyze the above output to find out the root cause of this exception. Maybe, I could report it to the developer of this application then? But for my understanding I would like to grasp this output.
I can see that the exe loads the 3 dlls, ws2_32.dll, mswsock.dll and wshtcpip.dll when I click on that button probably because it uses functions exported from these loaded modules.
There are 2 first chance exceptions with the exception code: e06d7363 which is the exception code according to Visual C++ Compiler.
I am not sure why the second chance exception comes and what's exactly going on there?
Below is the view of call stack at this point in the debugger,
0:001> k
ChildEBP RetAddr
03a4e7cc 7706014d ntdll!ZwRaiseException+0x12
03a4e7cc 00000000 ntdll!KiUserExceptionDispatcher+0x29
I pressed g again in the debugger to allow the application to handle the exception and this is the output in debugger,
0:001> g
WARNING: Continuing a non-continuable exception
(114c.390): Unknown exception - code 00000000 (first chance)
(114c.390): Unknown exception - code 00000000 (!!! second chance !!!)
eax=00000000 ebx=03a4e318 ecx=83ee0000 edx=026ce8b8 esi=007073e0 edi=00400000
eip=770715de esp=03a4e304 ebp=03a4ece4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!ZwRaiseException+0x12:
770715de 83c404 add esp,4
So, looks like an unhandled exception by the application?
Here are the details. I have used the kv command to show the parameters on the stack. Hope this information helps you to troubleshoot.
0:001> g
ModLoad: 040a0000 040d5000 C:\Windows\SysWOW64\ws2_32.DLL
ModLoad: 72430000 7246c000 C:\Windows\SysWOW64\mswsock.dll
ModLoad: 723e0000 723e5000 C:\Windows\SysWOW64\wshtcpip.dll
(193c.1810): C++ EH exception - code e06d7363 (first chance)
(193c.1810): C++ EH exception - code e06d7363 (!!! second chance !!!)
eax=00000000 ebx=02c1e7e0 ecx=00000003 edx=00000000 esi=007073e0 edi=00400000
eip=770715de esp=02c1e7cc ebp=02c1ece4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!ZwRaiseException+0x12:
770715de 83c404 add esp,4
0:001> kv
ChildEBP RetAddr Args to Child
02c1e7cc 7706014d 02c1e7e0 02c1e830 00000000 ntdll!ZwRaiseException+0x12 (FPO: [3,0,0])
02c1e7cc 00000000 02c1e7e0 02c1e830 00000000 ntdll!KiUserExceptionDispatcher+0x29 (FPO: [2,0,0]) (CONTEXT @ 0000000c)
0:001> g
WARNING: Continuing a non-continuable exception
(193c.1810): Unknown exception - code 00000000 (first chance)
(193c.1810): Unknown exception - code 00000000 (!!! second chance !!!)
eax=00000000 ebx=02c1e318 ecx=e04b0000 edx=0096e8b8 esi=007073e0 edi=00400000
eip=770715de esp=02c1e304 ebp=02c1ece4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!ZwRaiseException+0x12:
770715de 83c404 add esp,4
