Client.exe dump file through WinDbg: - windbg

Been trying to solve why this app is crashing on only one Windows 7 computer and running fine when installed on 5 others. The program is part of a camera security system which client.exe contacts an internal server and then brings up cameras into an application viewer. The program connects and starts to load a couple of the streaming video windows then crashes. This is the most recent dump file. Antivirus has been removed. DotNet verifyer tools has been run on the machine. Memory upgraded from 4GB to 8GB. All windows updates are current. Any suggestions would be greatly appreciated.
Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\AppData\Local\CrashDumps\Client.exe.4756.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Sat Jan 16 08:35:29.000 2016 (UTC - 5:00)
System Uptime: not available
Process Uptime: 0 days 0:01:35.000
................................................................
................................................................
................................................................
........................................
Loading unloaded module list
..
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1294.584): Access violation - code c0000005 (first/second chance not available)
ntdll!NtWaitForMultipleObjects+0xa:
00000000`77badf6a c3 ret
0:051> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
*** WARNING: Unable to verify checksum for WindowsBase.ni.dll
*** WARNING: Unable to verify checksum for PresentationFramework.ni.dll
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify checksum for System.Management.ni.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for icudt48.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for atiumd64.dll -
FAULTING_IP:
ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b
00000000`631fbceb c5fa6f0f vmovdqu xmm1,xmmword ptr [rdi]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000631fbceb (ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0x0000000000ee8a4b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000379af220
Attempt to read from address 00000000379af220
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=00000000c0000001 rbx=000000003a37e290 rcx=0000000007200000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000002
rip=0000000077badf6a rsp=000000003a37e158 rbp=0000000000000002
r8=000000003a37d878 r9=000000003a37d9e0 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=000000003a37e200
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0xa:
00000000`77badf6a c3 ret
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: Client.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00000000379af220
READ_ADDRESS: 00000000379af220
FOLLOWUP_IP:
ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b
00000000`631fbceb c5fa6f0f vmovdqu xmm1,xmmword ptr [rdi]
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: client.exe
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x584 (51)
Current frame:
Child-SP RetAddr Caller, Callee
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 00000000630c4029 to 00000000631fbceb
STACK_TEXT:
00000000`3a37f3a0 00000000`630c4029 : 00000000`0000001e 00000000`63070b8e 00000000`1005a720 00000000`0000000d : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xee8a4b
00000000`3a37f820 00000000`63070b8e : 00000000`00000000 00000000`00000050 00000000`00000000 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xdb0d89
00000000`3a37f860 00000000`63072415 : 00000000`00000000 00000000`00000042 00000000`63072290 00000000`63055333 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd5d8ee
00000000`3a37f8d0 00000000`63054988 : 00000000`1005a720 00000000`00000000 00000000`00000000 00000000`079f2f00 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd5f175
00000000`3a37f900 00000000`6305748c : 00000000`1005a720 00000000`1009d9d8 00000000`3a37f9e0 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd416e8
00000000`3a37f960 00000000`63053899 : 00000000`1005a720 00000000`1009d970 00000000`00000000 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd441ec
00000000`3a37fa30 00000000`6cfa1d9f : 00000000`1009d970 00000000`1005a720 00000000`1009d9d8 00000000`1009d9d8 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd405f9
00000000`3a37fa90 00000000`6cfa1e3b : 00000000`6d032ac0 00000000`10076d40 00000000`00000000 00000000`00000000 : msvcr100!endthreadex+0x43
00000000`3a37fac0 00000000`77a559ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msvcr100!endthreadex+0xdf
00000000`3a37faf0 00000000`77b8b831 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`3a37fb20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: imageviewerdotnet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ImageViewerDotNet
IMAGE_NAME: ImageViewerDotNet.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 5187ed93
STACK_COMMAND: ~51s; .ecxr ; kb
FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000005_ImageViewerDotNet.dll!boost::serialization::singleton_NmXerces::CmLibraryInitializer_::get_const_instance
BUCKET_ID: X64_APPLICATION_FAULT_WRONG_SYMBOLS_imageviewerdotnet!boost::serialization::singleton_NmXerces::CmLibraryInitializer_::get_const_instance+ee8a4b
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:wrong_symbols_c0000005_imageviewerdotnet.dll!boost::serialization::singleton_nmxerces::cmlibraryinitializer_::get_const_instance
FAILURE_ID_HASH: {a7d099ff-a825-ee55-6e51-303340f35724}
Followup: MachineOwner
---------

I just solved the issue in a different manner. Used a newer version of the client.exe software which didn't crash and is still compatible with our server. Didn't answer why the above version crashes on only one Windows 7 computer though. Thanks again!!

Related

MATLAB abort when launching many parallel processes from bash file

I am running a bash script launching many MATLAB independent processes in parallel in background. However, some of them shutdown, probably due to memory constraints. This is the report I get from the crash dump file. Do you have any idea on how to prevent this happening? Thanks
--------------------------------------------------------------------------------
abort() detected at Fri Feb 10 03:57:00 2023 +0100
--------------------------------------------------------------------------------
Configuration:
Crash Decoding : Disabled - No sandbox or build area path
Crash Mode : continue (default)
Default Encoding : UTF-8
Deployed : false
GNU C Library : 2.17 stable
Graphics Driver : Unknown software
Graphics card 1 : 0x102b ( 0x102b ) 0x533 Version 0.0.0.0 (0-0-0)
Java Version : Java 1.8.0_202-b08 with Oracle Corporation Java HotSpot(TM) 64-Bit Server VM mixed mode
MATLAB Architecture : glnxa64
MATLAB Entitlement ID : 841490
MATLAB Root : /data/cad/Matlab/R2019b
MATLAB Version : 9.7.0.1319299 (R2019b) Update 5
OpenGL : software
Operating System : "CentOS Linux release 7.4.1708 (Core) "
Process ID : 30261
Processor ID : x86 Family 6 Model 79 Stepping 1, GenuineIntel
Session Key : 29ff05b5-c4c1-448e-b09a-c651244a5c8b
Static TLS mitigation : Disabled: Unnecessary
Window System : No active display
Fault Count: 1
Abnormal termination:
abort()
Register State (from fault):
RAX = 0000000000000000 RBX = 00007fbfcfc36c40
RCX = ffffffffffffffff RDX = 0000000000000006
RSP = 00007fbfcfc367d8 RBP = 0000000000000000
RSI = 0000000000007f51 RDI = 0000000000007635
R8 = 0000000000000038 R9 = 0000000000000038
R10 = 0000000000000008 R11 = 0000000000000206
R12 = 0000000000030005 R13 = 00007fbfcfc36c70
R14 = 0000000000000000 R15 = 0000000000000000
RIP = 00007fbfeeaff1f7 EFL = 0000000000000206
CS = 0033 FS = 0000 GS = 0000
Stack Trace (from fault):
[ 0] 0x00007fbfeeaff1f7 /lib64/libc.so.6+00217591 gsignal+00000055
[ 1] 0x00007fbfeeb008e8 /lib64/libc.so.6+00223464 abort+00000328
[ 2] 0x00007fbfd0593a53 /data/cad/Matlab/R2019b/bin/glnxa64/../../sys/os/glnxa64/libiomp5.so+00731731
[ 3] 0x00007fbfd057fe7f /data/cad/Matlab/R2019b/bin/glnxa64/../../sys/os/glnxa64/libiomp5.so+00650879
[ 4] 0x00007fbfd05c5805 /data/cad/Matlab/R2019b/bin/glnxa64/../../sys/os/glnxa64/libiomp5.so+00935941
[ 5] 0x0000000000001000 <unknown-module>+00000000

How to debug the BSOD with invalid memory reference, specifically, why RSI was set to 0

My Windows 10 laptop has been BSODing recently, almost daily, around the time I am not using it (this is a work PC, so the issue happens from like 10pm to 6am). The crash dumps all look the same:
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000002d30, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 00000000000000e8, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8011be4e0ff, address which referenced memory
...
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
...
LAST_CONTROL_TRANSFER: from fffff8011bf6bba9 to fffff8011bf59dc0
STACK_TEXT:
fffff801`1dc625c8 fffff801`1bf6bba9 : 00000000`0000000a 00000000`00002d30 00000000`000000ff 00000000`000000e8 : nt!KeBugCheckEx
fffff801`1dc625d0 fffff801`1bf6855a : 0000006b`b0e5bb5a fffff801`1dc62940 00000000`00000002 fffff801`1bf3aecc : nt!KiBugCheckDispatch+0x69
fffff801`1dc62710 fffff801`1be4e0ff : 00000000`00000000 fffff801`1bfed7b6 ffffe001`9510d010 ffffe001`97fc14f0 : nt!KiPageFault+0x51a
fffff801`1dc628a0 fffff801`1be4d31b : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000000 : nt!PpmIdleExecuteTransition+0xc2f
fffff801`1dc62b00 fffff801`1bf5d24c : 00000000`00000000 fffff801`1c126180 fffff801`1c19c740 ffffe001`9355c080 : nt!PoIdle+0x33b
fffff801`1dc62c60 00000000`00000000 : fffff801`1dc63000 fffff801`1dc5d000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
0: kd> .trap fffff801`1dc62710
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000012
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8011be4e0ff rsp=fffff8011dc628a0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na po nc
nt!PpmIdleExecuteTransition+0xc2f:
fffff801`1be4e0ff 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h] ds:00000000`00002d30=??
And if I am not mistaken, I should look into why RSI was set to 0 before the fault happened. And the "u" command shows a "call qword ptr [rbp+198h]" instruction may have preceded the fault.
0: kd> ub rip L13
nt!PpmIdleExecuteTransition+0xbe3:
fffff801`1be4e0b3 4032ff xor dil,dil
fffff801`1be4e0b6 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h]
fffff801`1be4e0bd a801 test al,1
fffff801`1be4e0bf 740f je nt!PpmIdleExecuteTransition+0xc00 (fffff801`1be4e0d0)
fffff801`1be4e0c1 a808 test al,8
fffff801`1be4e0c3 750b jne nt!PpmIdleExecuteTransition+0xc00 (fffff801`1be4e0d0)
fffff801`1be4e0c5 33c0 xor eax,eax
fffff801`1be4e0c7 b948000000 mov ecx,48h
fffff801`1be4e0cc 33d2 xor edx,edx
fffff801`1be4e0ce 0f30 wrmsr
fffff801`1be4e0d0 488b8518030000 mov rax,qword ptr [rbp+318h]
fffff801`1be4e0d7 458bc4 mov r8d,r12d
fffff801`1be4e0da 448b8d0c030000 mov r9d,dword ptr [rbp+30Ch]
fffff801`1be4e0e1 8b54244c mov edx,dword ptr [rsp+4Ch]
fffff801`1be4e0e5 488b8c2480000000 mov rcx,qword ptr [rsp+80h]
fffff801`1be4e0ed 4889442420 mov qword ptr [rsp+20h],rax
fffff801`1be4e0f2 ff9598010000 call qword ptr [rbp+198h]
fffff801`1be4e0f8 448be0 mov r12d,eax
fffff801`1be4e0fb 89442444 mov dword ptr [rsp+44h],eax
0: kd> u rip
nt!PpmIdleExecuteTransition+0xc2f:
fffff801`1be4e0ff 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h]
fffff801`1be4e106 a801 test al,1
fffff801`1be4e108 7418 je nt!PpmIdleExecuteTransition+0xc52 (fffff801`1be4e122)
fffff801`1be4e10a a808 test al,8
fffff801`1be4e10c 7514 jne nt!PpmIdleExecuteTransition+0xc52 (fffff801`1be4e122)
fffff801`1be4e10e 41b801000000 mov r8d,1
fffff801`1be4e114 33d2 xor edx,edx
fffff801`1be4e116 418bc0 mov eax,r8d
Appreciate your guidance as to how to debug this BSOD further. My troubleshooting direction may be false, in which case I am all ears for your insights. Thanks in advance!

cannot create parpool in matlab in slurm, ubuntu16.04 server

I have some trouble on creating parpool in matlab in slurm
when I submit the job, it will get stuck :
parpool size: 24
Starting parallel pool (parpool) using the 'local' profile ...
or error
{Error using parpool (line 104)
Failed to start a parallel pool. (For information in addition to the causing
error, validate the profile 'local' in the Cluster Profile Manager.)
Error in run (line 86)
evalin('caller', [script ';']);
Caused by:
Error using parallel.internal.pool.InteractiveClient>iThrowWithCause (line
666)
Failed to initialize the interactive session.
Error using
parallel.internal.pool.InteractiveClient>iThrowIfBadParallelJobStatus
(line 767)
The interactive communicating job failed with no message.
}
There is also a matlab crash dump file
------------------------------------------------------------------------
Segmentation violation detected at Sun Apr 2 11:36:33 2017
------------------------------------------------------------------------
Configuration:
Crash Decoding : Disabled - No sandbox or build area path
Crash Mode : continue (default)
Default Encoding : UTF-8
GNU C Library : 2.23 stable
Host Name : wmc-slave-g2
MATLAB Architecture : glnxa64
MATLAB Root : /opt/matlab/R2017a
MATLAB Version : 9.2.0.538062 (R2017a)
Operating System : Linux 4.4.0-66-generic #87-Ubuntu SMP Fri Mar 3 15:29:05 UTC 2017 x86_64
Processor ID : x86 Family 6 Model 79 Stepping 1, GenuineIntel
Fault Count: 1
Abnormal termination:
Segmentation violation
Register State (from fault):
RAX = 00007f7410256900 RBX = 0000000000000000
RCX = 0000000000000000 RDX = 00007f7410256978
RSP = 00007f741e240868 RBP = 00007f741e240870
RSI = 0000000000000000 RDI = 00007f741e240870
R8 = 0000000000000000 R9 = 0000000000000000
R10 = 00000000000000ed R11 = 00007f743afade60
R12 = 00007f7410256978 R13 = 00007f741e2408a0
R14 = 00007f741e2409f0 R15 = 00007f7410258110
RIP = 00007f743afade60 EFL = 0000000000010202
CS = 0033 FS = 0000 GS = 0000
Stack Trace (from fault):
[ 0] 0x00007f743afade60 /opt/matlab/R2017a/bin/glnxa64/libboost_thread.so.1.56.0+00069216 _ZNK5boost6thread15get_thread_infoEv+00000000
[ 1] 0x0000000000000000 <unknown-module>+00000000
If this problem is reproducible, please submit a Service Request via:
A technical support engineer might contact you with further information.
Thanks
This is usually due to java version incompatibility used for Matlab on Linux. issue:
echo $MATLAB_JAVA
If this variable set, you can unset this option and let Matlab use its own java. you can run a script like this:
#!/bin/sh
unset MATLAB_JAVA
matlab -desktop

ExceptionAddress is 0 in windbg

When I run !analyze -v in Windbg, I find below output:
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000eac
The ExceptionAddress is 0.
Also, the Faulting_IP is wired too.
Can anybody tell me what it means? Thanks!
Full report of !analyze -v
0:000> !analyze -v
***********************************************************************
* *
* Exception Analysis *
* *
***********************************************************************
GetUrlPageData2 (WinHttp) failed: 12029.
Debugger WatsonDb Connection::Open failed 80004005
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000eac
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: MyApp.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_CODE_STR: 80000003
WATSON_BKT_PROCSTAMP: 5541d928
WATSON_BKT_PROCVER: 6.0.1108.7962
PROCESS_VER_PRODUCT: My Application
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: 0
WATSON_BKT_MODSTAMP: bbbbbbb4
BUILD_VERSION_STRING: 6.1.7601.18933 (win7sp1_gdr.150715-0600)
MODLIST_WITH_TSCHKSUM_HASH: xxxxxxxxxxxxxxxxxxx
MODLIST_SHA1_HASH: xxxxxxxxxxxxx
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 3
SUITE_MASK: 400
DUMP_FLAGS: 8000c07
DUMP_TYPE: 0
APP: MyApp.exe
ANALYSIS_SESSION_HOST: MyMachine
ANALYSIS_SESSION_TIME: 12-14-2015 12:56:53.0773
ANALYSIS_VERSION: 10.0.11075.859 amd64fre
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
MANAGED_ANALYSIS_PROVIDER: SOS
MANAGED_THREAD_ID: eac
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
PROBLEM_CLASSES:
Tid [0x0]
Frame [0x00]
String [STATUS_BREAKPOINT]
Data Bucketing
BUGCHECK_STR: STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fefd1610dc to 000000007712d9fa
STACK_TEXT:
00000000`0030e268 000007fe`fd1610dc : 00000001`40096780 00000000`770ffa55 00000001`40c1e6f8 000007fe`ff083858 : ntdll!ZwWaitForSingleObject+0xa
00000000`0030e270 000007fe`ff08affb : 00000000`ffffffff 000007fe`ff08344c 00000000`00000000 00000000`0000025c : KERNELBASE!WaitForSingleObjectEx+0x79
00000000`0030e310 000007fe`ff089d61 : 00000000`00508e60 00000000`0000025c 00000000`00000000 00000000`00000000 : sechost!ScSendResponseReceiveControls+0x13b
00000000`0030e400 000007fe`ff089c16 : 00000000`0030e568 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ScDispatcherLoop+0x121
00000000`0030e510 00000001`40097688 : 00000000`00000001 00000000`00537280 00000000`004fd020 00000000`00000001 : sechost!StartServiceCtrlDispatcherW+0x14e
00000000`0030e560 00000001`3fe95562 : 00000000`00000000 00000000`00000000 00000000`00000001 000007ff`00000000 : MyApp!wmain+0x248
00000000`0030e850 000007fe`f3d617c7 : 00000000`004e7380 000007fe`f3d6d8b7 00000000`00000000 ffffffff`fffffffe : MyApp__tmainCRTStartup+0x11a
00000000`0030e880 000007ff`00255204 : 00000000`00000000 000007ff`001c9d50 00000000`0030eb38 00000000`0030e958 : clr!DoNDirectCall__PatchGetThreadCall+0x7b
00000000`0030e920 000007fe`f3dba9f4 : 13a15f0d`25725be9 00000001`3fdf71e2 13a15eff`0000cf26 000007ff`0003b280 : DomainBoundILStubClass.IL_STUB_PInvoke()+0x34
00000000`0030e9e0 000007fe`f3dbab09 : 00000000`0030ea70 000007fe`f3d64d95 00000000`00000000 00000000`00000000 : clr!CallDescrWorker+0x84
00000000`0030ea20 000007fe`f3dbab85 : 00000000`0030eb38 00000000`00000000 00000000`0030eb40 00000000`0030ed58 : clr!CallDescrWorkerWithHandler+0xa9
00000000`0030eaa0 000007fe`f3dbafdc : 00000000`0030ed58 000007ff`002066e0 00000000`0030ee20 000007fe`f3d6cd9c : clr!MethodDesc::CallDescr+0x2a1
00000000`0030ecd0 000007fe`f3e6530a : 00000000`00000000 00000000`0030f060 00000000`0030ed68 00000000`00000000 : clr!MethodDesc::CallTargetWorker+0x44
00000000`0030ed10 000007fe`f3f50200 : 00000000`004e7380 00000000`004e7380 00000000`00000000 00000000`00000000 : clr!ClassLoader::RunMain+0x276
00000000`0030ef60 000007fe`f3f502b5 : 00000000`0030f560 00000000`00000200 00000000`004fc950 00000000`00000200 : clr!Assembly::ExecuteMainMethod+0xac
00000000`0030f210 000007fe`f3f505e6 : 00000000`00000000 00000001`3fa70000 00000000`00000000 00000000`00000000 : clr!SystemDomain::ExecuteMainMethod+0x468
00000000`0030f7c0 000007fe`f3f50503 : 00000001`3fa70000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!ExecuteEXE+0x43
00000000`0030f820 000007fe`f3f0b649 : 00000000`004e7380 ffffffff`ffffffff 00000000`00000000 00000000`00000000 : clr!_CorExeMainInternal+0xc4
00000000`0030f890 000007fe`f8e63309 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`0030f878 : clr!_CorExeMain+0x15
00000000`0030f8d0 000007fe`f8ef5b21 : 000007fe`f3f0b634 000007fe`f8e632c0 00000000`00000000 00000000`00000000 : mscoreei!_CorExeMain+0x41
00000000`0030f900 00000000`76ed5a4d : 000007fe`f8e60000 00000000`00000000 00000000`00000000 00000000`00000000 : mscoree!_CorExeMain_Exported+0x57
00000000`0030f930 00000000`7710b831 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0030f960 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
STACK_COMMAND: ~0s; .ecxr ; kb
RETRACER_ANALYSIS_TAG_STATUS: DEBUG_FLR_EXCEPTION_CODE is not 0xc0000005
THREAD_SHA1_HASH_MOD_FUNC: 6a9340d603e3e3866649a6a0d84790917bb6dd03
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a1c2d97877512bc7d9699a841301060ee3830e4f
THREAD_SHA1_HASH_MOD: 3779b2e875e4d590e4afafeeeacc4c93bff23146
FOLLOWUP_IP:
sechost!ScSendResponseReceiveControls+13b [d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx # 3379]
000007fe`ff08affb 85c0 test eax,eax
FAULT_INSTR_CODE: 4f74c085
FAULTING_SOURCE_LINE: d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx
FAULTING_SOURCE_FILE: d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx
FAULTING_SOURCE_LINE_NUMBER: 3379
FAULTING_SOURCE_CODE:
No source found for 'd:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx'
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: sechost!ScSendResponseReceiveControls+13b
FOLLOWUP_NAME: wintriag
MODULE_NAME: sechost
IMAGE_NAME: sechost.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5be05e
BUCKET_ID: X64_STATUS_BREAKPOINT_sechost!ScSendResponseReceiveControls+13b
PRIMARY_PROBLEM_CLASS: X64_STATUS_BREAKPOINT_sechost!ScSendResponseReceiveControls+13b
FAILURE_EXCEPTION_CODE: 80000003
BUCKET_ID_MODULE_STR: sechost
FAILURE_FUNCTION_NAME: ScSendResponseReceiveControls
BUCKET_ID_FUNCTION_STR: ScSendResponseReceiveControls
BUCKET_ID_OFFSET: 13b
BUCKET_ID_MODTIMEDATESTAMP: 4a5be05e
BUCKET_ID_MODCHECKSUM: 2b43a
BUCKET_ID_MODVER_STR: 6.1.7600.16385
BUCKET_ID_PREFIX_STR: X64_STATUS_BREAKPOINT_
FAILURE_PROBLEM_CLASS: STATUS_BREAKPOINT
FAILURE_SYMBOL_NAME: sechost.dll!ScSendResponseReceiveControls
FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_sechost.dll!ScSendResponseReceiveControls
WATSON_STAGEONE_URL: xxxxxxxx
TARGET_TIME: 2015-10-25T06:06:55.000Z
OSBUILD: 7601
OSSERVICEPACK: 18933
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer DataCenter SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2015-07-16 02:07:42
BUILDDATESTAMP_STR: 150715-0600
BUILDLAB_STR: win7sp1_gdr
BUILDOSVER_STR: 6.1.7601.18933
ANALYSIS_SESSION_ELAPSED_TIME: 3c73
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_sechost.dll!scsendresponsereceivecontrols
FAILURE_ID_HASH: {bb63494f-e1c6-d49e-12fa-866691bbfd47}
FAILURE_ID_REPORT_LINK: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Followup: wintriag
---------
This is a generic failure 80004005 is E_FAIL and 80000003 is a breakpoint exception, something executed a int 3 or we manually broke in!! This app contains clr on the stack you may want to relate the failure to the .NET context as well.

How to find the source of an 'Access Violation'

To put in a nutshell, I have a C# application doing lots of mciSendString calls ( via dllimport ) to control wav files playback ( essentially open, play, pause, stop, status, close ). And after running for a while, the application crashes without notice with an 'access violation'.
Even though I'm running the app from my vs2012, the exception is not caught by visual studio. Even with the 'force break on an exception' option, I've had no luck in debugging this from the vs2012. So instead I've setup WER to generate me crash dumps and I am using windbg with psscor2.dll plugin to debug it.
Then in sequence, using the following commands, this is what I get ( shorten to the essential for readability purposes ) :
$>.ecxr
eax=00000001 ebx=00000000 ecx=00000401 edx=00000000 esi=049725b8 edi=00000002
eip=4e88159e esp=0a4efa38 ebp=0a4efa54 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216
<Unloaded_mciwave.dll>+0x159e:
4e88159e ?? ???
$>~*kb
# 19 Id: 105c.28cc Suspend: 1 Teb: 7ef06000
Unfrozen
user32!NtUserGetMessage+0x15
user32!GetMessageA+0xa1
winmm!mciwindow+0x102
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x70
ntdll!_RtlUserThreadStart+0x1b
# 30 Id: 105c.15f8 Suspend: 0 Teb: 7ef1b000 Unfrozen
ntdll!ZwWaitForMultipleObjects+0x15
KERNELBASE!WaitForMultipleObjectsEx+0x100
kernel32!WaitForMultipleObjectsExImplementation+0xe0
kernel32!WaitForMultipleObjects+0x18
kernel32!WerpReportFaultInternal+0x186
kernel32!WerpReportFault+0x70
kernel32!BasepReportFault+0x20
kernel32!UnhandledExceptionFilter+0x1af
ntdll!__RtlUserThreadStart+0x62
ntdll!_EH4_CallFilterFunc+0x12
ntdll!_except_handler4+0x8e
ntdll!ExecuteHandler2+0x26
ntdll!ExecuteHandler+0x24
ntdll!RtlDispatchException+0x127
ntdll!KiUserExceptionDispatcher+0xf
WARNING: Frame IP not in any known module. Following frames may be wrong.
<Unloaded_mciwave.dll>+0x159e
# 31 Id: 105c.2310 Suspend: 1 Teb: 7ef00000 Unfrozen
user32!NtUserGetMessage+0x15
user32!GetMessageW+0x33
mciwave!TaskBlock+0x1d
mciwave!PlayFile+0xcb
mciwave!mwTask+0x98
winmm!mmStartTask+0x22
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x70
ntdll!_RtlUserThreadStart+0x1b:
$>!analyze -v
FAULTING_IP:
mciwave_4e880000!TaskBlock+1d
4e88159e ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 4e88159e (mciwave_4e880000!TaskBlock+0x0000001d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 4e88159e
Attempt to execute non-executable address 4e88159e
PROCESS_NAME: Titan.vshost.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000008
EXCEPTION_PARAMETER2: 4e88159e
WRITE_ADDRESS: 4e88159e
FOLLOWUP_IP:
mciwave_4e880000!TaskBlock+1d
4e88159e ?? ???
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x15f8 (30)
====> Exception cxr#a4ef750
FAULTING_THREAD: 000015f8
BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT_CODE_WRONG_SYMBOLS
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT_CODE
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_CODE
LAST_CONTROL_TRANSFER: from 4e881999 to 4e88159e
STACK_TEXT:
0a4efa54 4e881999 0a4efa88 078db198 078db1a4 mciwave_4e880000!TaskBlock+0x1d
0a4efa68 74370ae5 00038edc 00000000 00000000 mciwave_4e880000!mwTask+0x45
0a4efa88 7670338a 078db198 0a4efad4 76f99f72 winmm!mmStartTask+0x22
0a4efa94 76f99f72 078db198 79f84a28 00000000 kernel32!BaseThreadInitThunk+0xe
0a4efad4 76f99f45 74370ac3 078db198 00000000 ntdll!__RtlUserThreadStart+0x70
0a4efaec 00000000 74370ac3 078db198 00000000 ntdll!_RtlUserThreadStart+0x1b
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: mciwave!TaskBlock+1d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mciwave_4e880000
IMAGE_NAME: mciwave.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bcb4a
STACK_COMMAND: ~30s; .ecxr ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_CODE_c0000005_mciwave.dll!TaskBlock
BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_CODE_WRONG_SYMBOLS_mciwave!TaskBlock+1d
Followup: MachineOwner
---------
Exception seems to happen in thread #30 in Unloaded_mciwave.dll, but I have no idea how to push further the debugging.. How can I get a better idea of what's going ??
How can I get what's happening between these two lines ?
ntdll!KiUserExceptionDispatcher+0xf
--> WARNING: Frame IP not in any known module. Following frames may be wrong.
<Unloaded_mciwave.dll>+0x159e
Thank you for your help in advance.
You should get more details by reloading the DLL in the Debugger.
For that you need to do:
lmvm mciwave.dll
start end module name
Unloaded modules:
e6510000 e6548000 mciwave.dll
Timestamp: Fri Oct 14 12:00:00 2011 (4E98E6E2)
Checksum: 0003E937
ImageSize: 00038000
You need to set up the Symbol and Exe-Path so the debugger can find the DLL and PDB (which shouldn't be a problem if you have it in your machine). Then you can do
.reload mciwave.dll=e6510000,00038000
DBGHELP: <path>\mciwave.dll - OK
Now if you do !analyze -v again, it should give you the correct call stack.