TechQA.

Debug EXE and DLL files (C++) in Visual Studio using the information from Event Viewer

50 views Asked by At

Faulting application name: Application.exe, version: 28.11.2022.0, time stamp: 0x6507c0c9

Faulting module name: ModuleName.dll, version: 5.5.2021.0, time stamp: 0x60923739

Exception code: 0xc0000409

Fault offset: 0x000659cc

Faulting process id: 0x20b8

Faulting application start time: 0x01da398e25463d19

Faulting application path: C:\Application\program\Application.exe

Faulting module path: c:\Application\program\ModuleName.dll

Report Id: 94094d0c-3eff-4d83-9b04-a32f166caeff

Faulting package full name:

Faulting package-relative application ID:

====================

The application randomly crashed and I got the above information from the Event Viewer. I have the source codes in C++ of the application and the DLL as well as their PDB files.

  • How to debug/find the specific line of code of that fault offset using Visual Studio?
  • What does the meaning of the fault offset? Is that the offset from the base address of Application.exe or ModuleName.dll?

I have tried the method in https://www.youtube.com/watch?v=HkAhFhcLn9Q. It works if the application name and module name are the same. But I cant make it work in this case where the faulting module name is different from the faulting application name. Thanks!

Thanks!

====== Update 04/01/2024 =======

I used MSVS to check the disassembly of the program. The fault offset points to the line 22 below. I think the program is using NtSetInformationThread and RtlNtStatusToDosError in ntdll.dll to set the priority of the thread. The program can still work alright, but it crashes once every a few days when running 24/7.

  1. ?? ??
  2. loopne _RtlpHpFreeHeap@20+0CCh (77289D9Fh)
  3. dec dword ptr [ebx+2EBFC55h]
  4. mov eax,esi
  5. mov ecx,edi
  6. test eax,eax
  7. jne _RtlpHpFreeHeap@20+0E5h (77289DB8h)
  8. lea ecx,[edi+8]
  9. lea eax,[edx+8]
  10. push eax
  11. push 3
  12. push ecx
  13. movzx ecx,byte ptr [edx+2]
  14. mov edx,ebx
  15. and ecx,0Fh
  16. call _RtlpCallInterceptRoutine@20 (77278BE3h)
  17. test eax,eax
  18. js _RtlpHpFreeHeap@20+18Ch (77289E5Fh)
  19. test dword ptr [ebx+0Ch],10000000h
  20. je _RtlpHpFreeHeap@20+12Ch (77289DFFh)
  21. push dword ptr [ebp+8]
  22. mov edx,edi
  23. mov ecx,ebx
  24. call _RtlpHpSizeHeap@12 (7728A63Ch)
  25. cmp eax,0FFFFFFFFh
  26. jne _RtlpHpFreeHeap@20+12Ch (77289DFFh)
  27. push esi
c++ dll crash event-viewer
Original Q&A
0

There are 0 answers

Related Questions in C++

Related Questions in DLL

Related Questions in CRASH

Related Questions in EVENT-VIEWER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions