ExceptionAddress is 0 in windbg - windbg

When I run !analyze -v in Windbg, I find below output:
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000eac
The ExceptionAddress is 0.
Also, the Faulting_IP is wired too.
Can anybody tell me what it means? Thanks!
Full report of !analyze -v
0:000> !analyze -v
***********************************************************************
* *
* Exception Analysis *
* *
***********************************************************************
GetUrlPageData2 (WinHttp) failed: 12029.
Debugger WatsonDb Connection::Open failed 80004005
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000eac
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: MyApp.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_CODE_STR: 80000003
WATSON_BKT_PROCSTAMP: 5541d928
WATSON_BKT_PROCVER: 6.0.1108.7962
PROCESS_VER_PRODUCT: My Application
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: 0
WATSON_BKT_MODSTAMP: bbbbbbb4
BUILD_VERSION_STRING: 6.1.7601.18933 (win7sp1_gdr.150715-0600)
MODLIST_WITH_TSCHKSUM_HASH: xxxxxxxxxxxxxxxxxxx
MODLIST_SHA1_HASH: xxxxxxxxxxxxx
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 3
SUITE_MASK: 400
DUMP_FLAGS: 8000c07
DUMP_TYPE: 0
APP: MyApp.exe
ANALYSIS_SESSION_HOST: MyMachine
ANALYSIS_SESSION_TIME: 12-14-2015 12:56:53.0773
ANALYSIS_VERSION: 10.0.11075.859 amd64fre
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
MANAGED_ANALYSIS_PROVIDER: SOS
MANAGED_THREAD_ID: eac
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
PROBLEM_CLASSES:
Tid [0x0]
Frame [0x00]
String [STATUS_BREAKPOINT]
Data Bucketing
BUGCHECK_STR: STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fefd1610dc to 000000007712d9fa
STACK_TEXT:
00000000`0030e268 000007fe`fd1610dc : 00000001`40096780 00000000`770ffa55 00000001`40c1e6f8 000007fe`ff083858 : ntdll!ZwWaitForSingleObject+0xa
00000000`0030e270 000007fe`ff08affb : 00000000`ffffffff 000007fe`ff08344c 00000000`00000000 00000000`0000025c : KERNELBASE!WaitForSingleObjectEx+0x79
00000000`0030e310 000007fe`ff089d61 : 00000000`00508e60 00000000`0000025c 00000000`00000000 00000000`00000000 : sechost!ScSendResponseReceiveControls+0x13b
00000000`0030e400 000007fe`ff089c16 : 00000000`0030e568 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ScDispatcherLoop+0x121
00000000`0030e510 00000001`40097688 : 00000000`00000001 00000000`00537280 00000000`004fd020 00000000`00000001 : sechost!StartServiceCtrlDispatcherW+0x14e
00000000`0030e560 00000001`3fe95562 : 00000000`00000000 00000000`00000000 00000000`00000001 000007ff`00000000 : MyApp!wmain+0x248
00000000`0030e850 000007fe`f3d617c7 : 00000000`004e7380 000007fe`f3d6d8b7 00000000`00000000 ffffffff`fffffffe : MyApp__tmainCRTStartup+0x11a
00000000`0030e880 000007ff`00255204 : 00000000`00000000 000007ff`001c9d50 00000000`0030eb38 00000000`0030e958 : clr!DoNDirectCall__PatchGetThreadCall+0x7b
00000000`0030e920 000007fe`f3dba9f4 : 13a15f0d`25725be9 00000001`3fdf71e2 13a15eff`0000cf26 000007ff`0003b280 : DomainBoundILStubClass.IL_STUB_PInvoke()+0x34
00000000`0030e9e0 000007fe`f3dbab09 : 00000000`0030ea70 000007fe`f3d64d95 00000000`00000000 00000000`00000000 : clr!CallDescrWorker+0x84
00000000`0030ea20 000007fe`f3dbab85 : 00000000`0030eb38 00000000`00000000 00000000`0030eb40 00000000`0030ed58 : clr!CallDescrWorkerWithHandler+0xa9
00000000`0030eaa0 000007fe`f3dbafdc : 00000000`0030ed58 000007ff`002066e0 00000000`0030ee20 000007fe`f3d6cd9c : clr!MethodDesc::CallDescr+0x2a1
00000000`0030ecd0 000007fe`f3e6530a : 00000000`00000000 00000000`0030f060 00000000`0030ed68 00000000`00000000 : clr!MethodDesc::CallTargetWorker+0x44
00000000`0030ed10 000007fe`f3f50200 : 00000000`004e7380 00000000`004e7380 00000000`00000000 00000000`00000000 : clr!ClassLoader::RunMain+0x276
00000000`0030ef60 000007fe`f3f502b5 : 00000000`0030f560 00000000`00000200 00000000`004fc950 00000000`00000200 : clr!Assembly::ExecuteMainMethod+0xac
00000000`0030f210 000007fe`f3f505e6 : 00000000`00000000 00000001`3fa70000 00000000`00000000 00000000`00000000 : clr!SystemDomain::ExecuteMainMethod+0x468
00000000`0030f7c0 000007fe`f3f50503 : 00000001`3fa70000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!ExecuteEXE+0x43
00000000`0030f820 000007fe`f3f0b649 : 00000000`004e7380 ffffffff`ffffffff 00000000`00000000 00000000`00000000 : clr!_CorExeMainInternal+0xc4
00000000`0030f890 000007fe`f8e63309 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`0030f878 : clr!_CorExeMain+0x15
00000000`0030f8d0 000007fe`f8ef5b21 : 000007fe`f3f0b634 000007fe`f8e632c0 00000000`00000000 00000000`00000000 : mscoreei!_CorExeMain+0x41
00000000`0030f900 00000000`76ed5a4d : 000007fe`f8e60000 00000000`00000000 00000000`00000000 00000000`00000000 : mscoree!_CorExeMain_Exported+0x57
00000000`0030f930 00000000`7710b831 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0030f960 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
STACK_COMMAND: ~0s; .ecxr ; kb
RETRACER_ANALYSIS_TAG_STATUS: DEBUG_FLR_EXCEPTION_CODE is not 0xc0000005
THREAD_SHA1_HASH_MOD_FUNC: 6a9340d603e3e3866649a6a0d84790917bb6dd03
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a1c2d97877512bc7d9699a841301060ee3830e4f
THREAD_SHA1_HASH_MOD: 3779b2e875e4d590e4afafeeeacc4c93bff23146
FOLLOWUP_IP:
sechost!ScSendResponseReceiveControls+13b [d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx # 3379]
000007fe`ff08affb 85c0 test eax,eax
FAULT_INSTR_CODE: 4f74c085
FAULTING_SOURCE_LINE: d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx
FAULTING_SOURCE_FILE: d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx
FAULTING_SOURCE_LINE_NUMBER: 3379
FAULTING_SOURCE_CODE:
No source found for 'd:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx'
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: sechost!ScSendResponseReceiveControls+13b
FOLLOWUP_NAME: wintriag
MODULE_NAME: sechost
IMAGE_NAME: sechost.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5be05e
BUCKET_ID: X64_STATUS_BREAKPOINT_sechost!ScSendResponseReceiveControls+13b
PRIMARY_PROBLEM_CLASS: X64_STATUS_BREAKPOINT_sechost!ScSendResponseReceiveControls+13b
FAILURE_EXCEPTION_CODE: 80000003
BUCKET_ID_MODULE_STR: sechost
FAILURE_FUNCTION_NAME: ScSendResponseReceiveControls
BUCKET_ID_FUNCTION_STR: ScSendResponseReceiveControls
BUCKET_ID_OFFSET: 13b
BUCKET_ID_MODTIMEDATESTAMP: 4a5be05e
BUCKET_ID_MODCHECKSUM: 2b43a
BUCKET_ID_MODVER_STR: 6.1.7600.16385
BUCKET_ID_PREFIX_STR: X64_STATUS_BREAKPOINT_
FAILURE_PROBLEM_CLASS: STATUS_BREAKPOINT
FAILURE_SYMBOL_NAME: sechost.dll!ScSendResponseReceiveControls
FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_sechost.dll!ScSendResponseReceiveControls
WATSON_STAGEONE_URL: xxxxxxxx
TARGET_TIME: 2015-10-25T06:06:55.000Z
OSBUILD: 7601
OSSERVICEPACK: 18933
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer DataCenter SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2015-07-16 02:07:42
BUILDDATESTAMP_STR: 150715-0600
BUILDLAB_STR: win7sp1_gdr
BUILDOSVER_STR: 6.1.7601.18933
ANALYSIS_SESSION_ELAPSED_TIME: 3c73
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_sechost.dll!scsendresponsereceivecontrols
FAILURE_ID_HASH: {bb63494f-e1c6-d49e-12fa-866691bbfd47}
FAILURE_ID_REPORT_LINK: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Followup: wintriag
---------

This is a generic failure 80004005 is E_FAIL and 80000003 is a breakpoint exception, something executed a int 3 or we manually broke in!! This app contains clr on the stack you may want to relate the failure to the .NET context as well.

Related

MCU damaged after FLASH->OPTR register changed

I have changed STM32G431CBT6's default BOOT0/PB8 pin disable via changed FLASH->OPTR register
nswboot0 bit from factory default 1 to 0, however after that I have already damaged (or something else such as locked) 3 MCUs.
Now connect with STM32CubeProgrammer, it's reject with below messages.
16:37:24 : Disconnected from device.
16:37:25 : ST-LINK SN : 50FF73064986495117442387
16:37:25 : ST-LINK FW : V2J37S7
16:37:25 : Board : --
16:37:25 : Voltage : 3.24V
16:37:25 : SWD freq : 4000 KHz
16:37:25 : Connect mode: Normal
16:37:25 : Reset mode : Software reset
16:37:25 : Device ID : 0x468
16:37:25 : Revision ID : Rev Y
16:37:25 : UPLOADING OPTION BYTES DATA ...
16:37:25 : Bank : 0x00
16:37:25 : Address : 0x40022020
16:37:25 : Size : 20 Bytes
16:37:25 : Bank : 0x01
16:37:25 : Address : 0x40022070
16:37:25 : Size : 4 Bytes
16:37:25 : UPLOADING ...
16:37:25 : Size : 1024 Bytes
16:37:25 : Address : 0x8000000
16:37:25 : Read progress:
16:37:25 : Error: Data read failed
Regards,
Tiger

retrieving RDS license

I have a question, iam running a PowerShell command to retrieved RDS LicenseKeyPack details, according to win32-tslicensekeypack KeyPackType should a number between 0 and 6, yet i am getting 7 on some outputs. What dose this mean?.
Example output:
KeyPackId : 3
KeyPackType : 2
ProductVersion : Windows Server 2016
TypeAndModel : RDS Per User CAL
AvailableLicenses : 48
IssuedLicenses : 1202
ExpirationDate : 20380101000000.000000-000
KeyPackId : 5
KeyPackType : 7
ProductVersion : Windows Server 2012
TypeAndModel : RDS Per User CAL
AvailableLicenses : 0
IssuedLicenses : 1
ExpirationDate : 20380119031407.000000-000
KeyPackId : 7
KeyPackType : 7
ProductVersion : Windows Server 2016
TypeAndModel : RDS Per User CAL
AvailableLicenses : 0
IssuedLicenses : 49
ExpirationDate : 20380119031407.000000-000"

How to debug the BSOD with invalid memory reference, specifically, why RSI was set to 0

My Windows 10 laptop has been BSODing recently, almost daily, around the time I am not using it (this is a work PC, so the issue happens from like 10pm to 6am). The crash dumps all look the same:
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000002d30, memory referenced
Arg2: 00000000000000ff, IRQL
Arg3: 00000000000000e8, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8011be4e0ff, address which referenced memory
...
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
...
LAST_CONTROL_TRANSFER: from fffff8011bf6bba9 to fffff8011bf59dc0
STACK_TEXT:
fffff801`1dc625c8 fffff801`1bf6bba9 : 00000000`0000000a 00000000`00002d30 00000000`000000ff 00000000`000000e8 : nt!KeBugCheckEx
fffff801`1dc625d0 fffff801`1bf6855a : 0000006b`b0e5bb5a fffff801`1dc62940 00000000`00000002 fffff801`1bf3aecc : nt!KiBugCheckDispatch+0x69
fffff801`1dc62710 fffff801`1be4e0ff : 00000000`00000000 fffff801`1bfed7b6 ffffe001`9510d010 ffffe001`97fc14f0 : nt!KiPageFault+0x51a
fffff801`1dc628a0 fffff801`1be4d31b : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000000 : nt!PpmIdleExecuteTransition+0xc2f
fffff801`1dc62b00 fffff801`1bf5d24c : 00000000`00000000 fffff801`1c126180 fffff801`1c19c740 ffffe001`9355c080 : nt!PoIdle+0x33b
fffff801`1dc62c60 00000000`00000000 : fffff801`1dc63000 fffff801`1dc5d000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
0: kd> .trap fffff801`1dc62710
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000012
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8011be4e0ff rsp=fffff8011dc628a0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na po nc
nt!PpmIdleExecuteTransition+0xc2f:
fffff801`1be4e0ff 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h] ds:00000000`00002d30=??
And if I am not mistaken, I should look into why RSI was set to 0 before the fault happened. And the "u" command shows a "call qword ptr [rbp+198h]" instruction may have preceded the fault.
0: kd> ub rip L13
nt!PpmIdleExecuteTransition+0xbe3:
fffff801`1be4e0b3 4032ff xor dil,dil
fffff801`1be4e0b6 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h]
fffff801`1be4e0bd a801 test al,1
fffff801`1be4e0bf 740f je nt!PpmIdleExecuteTransition+0xc00 (fffff801`1be4e0d0)
fffff801`1be4e0c1 a808 test al,8
fffff801`1be4e0c3 750b jne nt!PpmIdleExecuteTransition+0xc00 (fffff801`1be4e0d0)
fffff801`1be4e0c5 33c0 xor eax,eax
fffff801`1be4e0c7 b948000000 mov ecx,48h
fffff801`1be4e0cc 33d2 xor edx,edx
fffff801`1be4e0ce 0f30 wrmsr
fffff801`1be4e0d0 488b8518030000 mov rax,qword ptr [rbp+318h]
fffff801`1be4e0d7 458bc4 mov r8d,r12d
fffff801`1be4e0da 448b8d0c030000 mov r9d,dword ptr [rbp+30Ch]
fffff801`1be4e0e1 8b54244c mov edx,dword ptr [rsp+4Ch]
fffff801`1be4e0e5 488b8c2480000000 mov rcx,qword ptr [rsp+80h]
fffff801`1be4e0ed 4889442420 mov qword ptr [rsp+20h],rax
fffff801`1be4e0f2 ff9598010000 call qword ptr [rbp+198h]
fffff801`1be4e0f8 448be0 mov r12d,eax
fffff801`1be4e0fb 89442444 mov dword ptr [rsp+44h],eax
0: kd> u rip
nt!PpmIdleExecuteTransition+0xc2f:
fffff801`1be4e0ff 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h]
fffff801`1be4e106 a801 test al,1
fffff801`1be4e108 7418 je nt!PpmIdleExecuteTransition+0xc52 (fffff801`1be4e122)
fffff801`1be4e10a a808 test al,8
fffff801`1be4e10c 7514 jne nt!PpmIdleExecuteTransition+0xc52 (fffff801`1be4e122)
fffff801`1be4e10e 41b801000000 mov r8d,1
fffff801`1be4e114 33d2 xor edx,edx
fffff801`1be4e116 418bc0 mov eax,r8d
Appreciate your guidance as to how to debug this BSOD further. My troubleshooting direction may be false, in which case I am all ears for your insights. Thanks in advance!

From the SCCM client system, can you list the deployment(s) currently associated to a missing patches?

I'm attempting to build a PowerShell module to help diagnose SCCM issues without giving the system admins access to the SCCM console. The code below currently finds all missing patches on a system but i want to be able to organize them:
Organize patches by deployment name
Display the deployment install deadline
List the Patches missing
Code that gets all missing patches:
$Results = (get-wmiobject -ComputerName $env:ComputerName -query "SELECT * FROM CCM_UpdateStatus" -namespace "root\ccm\SoftwareUpdates\UpdatesStore" | Where-Object {$_.Status -eq "Missing"})
Output Snippet:
__GENUS : 2
__CLASS : CCM_UpdateStatus
__SUPERCLASS :
__DYNASTY : CCM_UpdateStatus
__RELPATH : CCM_UpdateStatus.UniqueId="4ffd2339-7fa5-4716-b64e-78e3dce16d59"
__PROPERTY_COUNT : 15
__DERIVATION : {}
__SERVER : ………………………………
__NAMESPACE : ROOT\ccm\SoftwareUpdates\UpdatesStore
__PATH : \\………………………………\ROOT\ccm\SoftwareUpdates\UpdatesStore:CCM_UpdateStatus.UniqueId="4ffd2339-7fa5-4716-b64e-78e3dce16d59"
Article : 3178662
Bulletin :
ExcludeForStateReporting : False
Language :
ProductID : e6cf1350-c01b-414d-a61f-263d14d133b4
RevisionNumber : 200
ScanTime : 20180320184935.000000+000
Sources : {{7D052A75-2032-4F02-BAC9-9EDA4DBD58DE}}
SourceType : 2
SourceUniqueId : {7D052A75-2032-4F02-BAC9-9EDA4DBD58DE}
SourceVersion : 68
Status : Missing
Title : Update for Microsoft Office 2016 (KB3178662) 32-Bit Edition
UniqueId : 4ffd2339-7fa5-4716-b64e-78e3dce16d59
UpdateClassification : e6cf1350-c01b-414d-a61f-263d14d133b4
PSComputerName : WGC1107B87PH2
I cannot determine how to get a patches associated deployment name or that patches install deployment deadline. Once I can get those two associations I would like to have output something like below:
Baseline Patch Deployment:
Install Deadline: Apr 12, 2018
Missing Patches:
Patch1
Patch2
Patch3
Office 2016 April Patch Deployment:
Install Deadline: Apr 27, 2018
Missing Patches:
Patch1
Patch2
Patch3
Missing but Unapproved Patches:
Install Deadline: None
Missing Patches
Patch1
Patch2
Patch3

Client.exe dump file through WinDbg:

Been trying to solve why this app is crashing on only one Windows 7 computer and running fine when installed on 5 others. The program is part of a camera security system which client.exe contacts an internal server and then brings up cameras into an application viewer. The program connects and starts to load a couple of the streaming video windows then crashes. This is the most recent dump file. Antivirus has been removed. DotNet verifyer tools has been run on the machine. Memory upgraded from 4GB to 8GB. All windows updates are current. Any suggestions would be greatly appreciated.
Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Administrator\AppData\Local\CrashDumps\Client.exe.4756.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Sat Jan 16 08:35:29.000 2016 (UTC - 5:00)
System Uptime: not available
Process Uptime: 0 days 0:01:35.000
................................................................
................................................................
................................................................
........................................
Loading unloaded module list
..
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1294.584): Access violation - code c0000005 (first/second chance not available)
ntdll!NtWaitForMultipleObjects+0xa:
00000000`77badf6a c3 ret
0:051> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
*** WARNING: Unable to verify checksum for WindowsBase.ni.dll
*** WARNING: Unable to verify checksum for PresentationFramework.ni.dll
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify checksum for System.Management.ni.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for icudt48.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for atiumd64.dll -
FAULTING_IP:
ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b
00000000`631fbceb c5fa6f0f vmovdqu xmm1,xmmword ptr [rdi]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00000000631fbceb (ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0x0000000000ee8a4b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000379af220
Attempt to read from address 00000000379af220
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=00000000c0000001 rbx=000000003a37e290 rcx=0000000007200000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000002
rip=0000000077badf6a rsp=000000003a37e158 rbp=0000000000000002
r8=000000003a37d878 r9=000000003a37d9e0 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=000000003a37e200
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!NtWaitForMultipleObjects+0xa:
00000000`77badf6a c3 ret
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: Client.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 00000000379af220
READ_ADDRESS: 00000000379af220
FOLLOWUP_IP:
ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b
00000000`631fbceb c5fa6f0f vmovdqu xmm1,xmmword ptr [rdi]
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: client.exe
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
MANAGED_STACK: !dumpstack -EE
OS Thread Id: 0x584 (51)
Current frame:
Child-SP RetAddr Caller, Callee
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 00000000630c4029 to 00000000631fbceb
STACK_TEXT:
00000000`3a37f3a0 00000000`630c4029 : 00000000`0000001e 00000000`63070b8e 00000000`1005a720 00000000`0000000d : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xee8a4b
00000000`3a37f820 00000000`63070b8e : 00000000`00000000 00000000`00000050 00000000`00000000 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xdb0d89
00000000`3a37f860 00000000`63072415 : 00000000`00000000 00000000`00000042 00000000`63072290 00000000`63055333 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd5d8ee
00000000`3a37f8d0 00000000`63054988 : 00000000`1005a720 00000000`00000000 00000000`00000000 00000000`079f2f00 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd5f175
00000000`3a37f900 00000000`6305748c : 00000000`1005a720 00000000`1009d9d8 00000000`3a37f9e0 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd416e8
00000000`3a37f960 00000000`63053899 : 00000000`1005a720 00000000`1009d970 00000000`00000000 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd441ec
00000000`3a37fa30 00000000`6cfa1d9f : 00000000`1009d970 00000000`1005a720 00000000`1009d9d8 00000000`1009d9d8 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd405f9
00000000`3a37fa90 00000000`6cfa1e3b : 00000000`6d032ac0 00000000`10076d40 00000000`00000000 00000000`00000000 : msvcr100!endthreadex+0x43
00000000`3a37fac0 00000000`77a559ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msvcr100!endthreadex+0xdf
00000000`3a37faf0 00000000`77b8b831 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`3a37fb20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: imageviewerdotnet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ImageViewerDotNet
IMAGE_NAME: ImageViewerDotNet.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 5187ed93
STACK_COMMAND: ~51s; .ecxr ; kb
FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000005_ImageViewerDotNet.dll!boost::serialization::singleton_NmXerces::CmLibraryInitializer_::get_const_instance
BUCKET_ID: X64_APPLICATION_FAULT_WRONG_SYMBOLS_imageviewerdotnet!boost::serialization::singleton_NmXerces::CmLibraryInitializer_::get_const_instance+ee8a4b
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:wrong_symbols_c0000005_imageviewerdotnet.dll!boost::serialization::singleton_nmxerces::cmlibraryinitializer_::get_const_instance
FAILURE_ID_HASH: {a7d099ff-a825-ee55-6e51-303340f35724}
Followup: MachineOwner
---------
I just solved the issue in a different manner. Used a newer version of the client.exe software which didn't crash and is still compatible with our server. Didn't answer why the above version crashes on only one Windows 7 computer though. Thanks again!!