Search code examples
c++visual-studiovisual-studio-2012crashcrash-dumps

Microsoft minidump file not providing much information

I am using Microsoft Minidump feature so I can analyse crashes in released programs.

https://msdn.microsoft.com/en-us/library/windows/desktop/ee416349(v=vs.85).aspx

The code is similar to answer for this stackoverflow question:

How to write a sample code that will crash and produce dump file?

Usually when I have a crash, I can open the crash dump file in Visual Studio and it will take me to the offending line of source code which makes troubleshooting these problems really easy.

But sometimes it is not so easy.

I have a crash dump file where I am not able to locate the offending source line. Why is that? What useful information can I get from this dump file? Any tips on finding the needle in the haystack?

Here is what I am doing.

I checkout the sources for this release by tag.

I copy over the corresponding pdb files to the same folder as the crash dump - file is myprogram.exe.3140.dmp

I then open the crash dump with the compiler used to build the exe, Visual Studio 2012.

I then see some useful information:

Last write time 10/10/2017 15:28:52 Process Architecture: x86 Exception Code 0xC0000005 Exception Information The tread tried to read from or write to a virtual address for which it does not have the appropriate access. Heap Information Present

OS Version 6.1.7601

Modules: myprogram.exe 1.7.41.0 myprogram.dll 1.1.0.27 etc

Then I click Debug with Native Only

I then get the dialog:

Unhandled exception at 0x548BFFD5 in myprogram.exe.3140.dmp: 0xC0000005: Access violation executing location 0x548BFFD5.

The current stack frame was not found in a loaded module. Source cannot be shown for this location.

I click the Break button

It then says Frame not in module. The current stack frame was not found in a loaded module. source cannot be shown for this location.

I then click on view disassembly hyperlink and see:

548BFFD5 ?? ??

What are the question marks? ?? ??. Does that indicate a dangling pointer problem? Something else?

Solution

  • The question marks mean that the data at address 0x548BFFD5 (which your application is attempting to execute) does not disassemble to anything meaningful.

    You likely, as you note, have a dangling pointer or are trying to execute a function pointed to by an object that no longer exists. Or you're attempting to execute a function pointer that does not point to anything.

    If you compiled with symbols, you may be able to go back up the call stack/stack-trace and see where the problem starts.