ExceptionAddress is 0 in windbg - windbg
When I run !analyze -v in Windbg, I find below output:
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000eac
The ExceptionAddress is 0.
Also, the Faulting_IP is wired too.
Can anybody tell me what it means? Thanks!
Full report of !analyze -v
0:000> !analyze -v
***********************************************************************
* *
* Exception Analysis *
* *
***********************************************************************
GetUrlPageData2 (WinHttp) failed: 12029.
Debugger WatsonDb Connection::Open failed 80004005
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000eac
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: MyApp.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_CODE_STR: 80000003
WATSON_BKT_PROCSTAMP: 5541d928
WATSON_BKT_PROCVER: 6.0.1108.7962
PROCESS_VER_PRODUCT: My Application
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: 0
WATSON_BKT_MODSTAMP: bbbbbbb4
BUILD_VERSION_STRING: 6.1.7601.18933 (win7sp1_gdr.150715-0600)
MODLIST_WITH_TSCHKSUM_HASH: xxxxxxxxxxxxxxxxxxx
MODLIST_SHA1_HASH: xxxxxxxxxxxxx
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 3
SUITE_MASK: 400
DUMP_FLAGS: 8000c07
DUMP_TYPE: 0
APP: MyApp.exe
ANALYSIS_SESSION_HOST: MyMachine
ANALYSIS_SESSION_TIME: 12-14-2015 12:56:53.0773
ANALYSIS_VERSION: 10.0.11075.859 amd64fre
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
MANAGED_ANALYSIS_PROVIDER: SOS
MANAGED_THREAD_ID: eac
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
PROBLEM_CLASSES:
Tid [0x0]
Frame [0x00]
String [STATUS_BREAKPOINT]
Data Bucketing
BUGCHECK_STR: STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 000007fefd1610dc to 000000007712d9fa
STACK_TEXT:
00000000`0030e268 000007fe`fd1610dc : 00000001`40096780 00000000`770ffa55 00000001`40c1e6f8 000007fe`ff083858 : ntdll!ZwWaitForSingleObject+0xa
00000000`0030e270 000007fe`ff08affb : 00000000`ffffffff 000007fe`ff08344c 00000000`00000000 00000000`0000025c : KERNELBASE!WaitForSingleObjectEx+0x79
00000000`0030e310 000007fe`ff089d61 : 00000000`00508e60 00000000`0000025c 00000000`00000000 00000000`00000000 : sechost!ScSendResponseReceiveControls+0x13b
00000000`0030e400 000007fe`ff089c16 : 00000000`0030e568 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ScDispatcherLoop+0x121
00000000`0030e510 00000001`40097688 : 00000000`00000001 00000000`00537280 00000000`004fd020 00000000`00000001 : sechost!StartServiceCtrlDispatcherW+0x14e
00000000`0030e560 00000001`3fe95562 : 00000000`00000000 00000000`00000000 00000000`00000001 000007ff`00000000 : MyApp!wmain+0x248
00000000`0030e850 000007fe`f3d617c7 : 00000000`004e7380 000007fe`f3d6d8b7 00000000`00000000 ffffffff`fffffffe : MyApp__tmainCRTStartup+0x11a
00000000`0030e880 000007ff`00255204 : 00000000`00000000 000007ff`001c9d50 00000000`0030eb38 00000000`0030e958 : clr!DoNDirectCall__PatchGetThreadCall+0x7b
00000000`0030e920 000007fe`f3dba9f4 : 13a15f0d`25725be9 00000001`3fdf71e2 13a15eff`0000cf26 000007ff`0003b280 : DomainBoundILStubClass.IL_STUB_PInvoke()+0x34
00000000`0030e9e0 000007fe`f3dbab09 : 00000000`0030ea70 000007fe`f3d64d95 00000000`00000000 00000000`00000000 : clr!CallDescrWorker+0x84
00000000`0030ea20 000007fe`f3dbab85 : 00000000`0030eb38 00000000`00000000 00000000`0030eb40 00000000`0030ed58 : clr!CallDescrWorkerWithHandler+0xa9
00000000`0030eaa0 000007fe`f3dbafdc : 00000000`0030ed58 000007ff`002066e0 00000000`0030ee20 000007fe`f3d6cd9c : clr!MethodDesc::CallDescr+0x2a1
00000000`0030ecd0 000007fe`f3e6530a : 00000000`00000000 00000000`0030f060 00000000`0030ed68 00000000`00000000 : clr!MethodDesc::CallTargetWorker+0x44
00000000`0030ed10 000007fe`f3f50200 : 00000000`004e7380 00000000`004e7380 00000000`00000000 00000000`00000000 : clr!ClassLoader::RunMain+0x276
00000000`0030ef60 000007fe`f3f502b5 : 00000000`0030f560 00000000`00000200 00000000`004fc950 00000000`00000200 : clr!Assembly::ExecuteMainMethod+0xac
00000000`0030f210 000007fe`f3f505e6 : 00000000`00000000 00000001`3fa70000 00000000`00000000 00000000`00000000 : clr!SystemDomain::ExecuteMainMethod+0x468
00000000`0030f7c0 000007fe`f3f50503 : 00000001`3fa70000 00000000`00000000 00000000`00000000 00000000`00000000 : clr!ExecuteEXE+0x43
00000000`0030f820 000007fe`f3f0b649 : 00000000`004e7380 ffffffff`ffffffff 00000000`00000000 00000000`00000000 : clr!_CorExeMainInternal+0xc4
00000000`0030f890 000007fe`f8e63309 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`0030f878 : clr!_CorExeMain+0x15
00000000`0030f8d0 000007fe`f8ef5b21 : 000007fe`f3f0b634 000007fe`f8e632c0 00000000`00000000 00000000`00000000 : mscoreei!_CorExeMain+0x41
00000000`0030f900 00000000`76ed5a4d : 000007fe`f8e60000 00000000`00000000 00000000`00000000 00000000`00000000 : mscoree!_CorExeMain_Exported+0x57
00000000`0030f930 00000000`7710b831 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd
00000000`0030f960 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d
STACK_COMMAND: ~0s; .ecxr ; kb
RETRACER_ANALYSIS_TAG_STATUS: DEBUG_FLR_EXCEPTION_CODE is not 0xc0000005
THREAD_SHA1_HASH_MOD_FUNC: 6a9340d603e3e3866649a6a0d84790917bb6dd03
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: a1c2d97877512bc7d9699a841301060ee3830e4f
THREAD_SHA1_HASH_MOD: 3779b2e875e4d590e4afafeeeacc4c93bff23146
FOLLOWUP_IP:
sechost!ScSendResponseReceiveControls+13b [d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx # 3379]
000007fe`ff08affb 85c0 test eax,eax
FAULT_INSTR_CODE: 4f74c085
FAULTING_SOURCE_LINE: d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx
FAULTING_SOURCE_FILE: d:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx
FAULTING_SOURCE_LINE_NUMBER: 3379
FAULTING_SOURCE_CODE:
No source found for 'd:\win7_rtm\minkernel\screg\sc\client\lib\minwin\scapi.cxx'
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: sechost!ScSendResponseReceiveControls+13b
FOLLOWUP_NAME: wintriag
MODULE_NAME: sechost
IMAGE_NAME: sechost.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5be05e
BUCKET_ID: X64_STATUS_BREAKPOINT_sechost!ScSendResponseReceiveControls+13b
PRIMARY_PROBLEM_CLASS: X64_STATUS_BREAKPOINT_sechost!ScSendResponseReceiveControls+13b
FAILURE_EXCEPTION_CODE: 80000003
BUCKET_ID_MODULE_STR: sechost
FAILURE_FUNCTION_NAME: ScSendResponseReceiveControls
BUCKET_ID_FUNCTION_STR: ScSendResponseReceiveControls
BUCKET_ID_OFFSET: 13b
BUCKET_ID_MODTIMEDATESTAMP: 4a5be05e
BUCKET_ID_MODCHECKSUM: 2b43a
BUCKET_ID_MODVER_STR: 6.1.7600.16385
BUCKET_ID_PREFIX_STR: X64_STATUS_BREAKPOINT_
FAILURE_PROBLEM_CLASS: STATUS_BREAKPOINT
FAILURE_SYMBOL_NAME: sechost.dll!ScSendResponseReceiveControls
FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_sechost.dll!ScSendResponseReceiveControls
WATSON_STAGEONE_URL: xxxxxxxx
TARGET_TIME: 2015-10-25T06:06:55.000Z
OSBUILD: 7601
OSSERVICEPACK: 18933
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 7
OSEDITION: Windows 7 Server (Service Pack 1) TerminalServer DataCenter SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2015-07-16 02:07:42
BUILDDATESTAMP_STR: 150715-0600
BUILDLAB_STR: win7sp1_gdr
BUILDOSVER_STR: 6.1.7601.18933
ANALYSIS_SESSION_ELAPSED_TIME: 3c73
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:status_breakpoint_80000003_sechost.dll!scsendresponsereceivecontrols
FAILURE_ID_HASH: {bb63494f-e1c6-d49e-12fa-866691bbfd47}
FAILURE_ID_REPORT_LINK: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Followup: wintriag
---------
This is a generic failure 80004005 is E_FAIL and 80000003 is a breakpoint exception, something executed a int 3 or we manually broke in!! This app contains clr on the stack you may want to relate the failure to the .NET context as well.
Related
MCU damaged after FLASH->OPTR register changed
I have changed STM32G431CBT6's default BOOT0/PB8 pin disable via changed FLASH->OPTR register nswboot0 bit from factory default 1 to 0, however after that I have already damaged (or something else such as locked) 3 MCUs. Now connect with STM32CubeProgrammer, it's reject with below messages. 16:37:24 : Disconnected from device. 16:37:25 : ST-LINK SN : 50FF73064986495117442387 16:37:25 : ST-LINK FW : V2J37S7 16:37:25 : Board : -- 16:37:25 : Voltage : 3.24V 16:37:25 : SWD freq : 4000 KHz 16:37:25 : Connect mode: Normal 16:37:25 : Reset mode : Software reset 16:37:25 : Device ID : 0x468 16:37:25 : Revision ID : Rev Y 16:37:25 : UPLOADING OPTION BYTES DATA ... 16:37:25 : Bank : 0x00 16:37:25 : Address : 0x40022020 16:37:25 : Size : 20 Bytes 16:37:25 : Bank : 0x01 16:37:25 : Address : 0x40022070 16:37:25 : Size : 4 Bytes 16:37:25 : UPLOADING ... 16:37:25 : Size : 1024 Bytes 16:37:25 : Address : 0x8000000 16:37:25 : Read progress: 16:37:25 : Error: Data read failed Regards, Tiger
retrieving RDS license
I have a question, iam running a PowerShell command to retrieved RDS LicenseKeyPack details, according to win32-tslicensekeypack KeyPackType should a number between 0 and 6, yet i am getting 7 on some outputs. What dose this mean?. Example output: KeyPackId : 3 KeyPackType : 2 ProductVersion : Windows Server 2016 TypeAndModel : RDS Per User CAL AvailableLicenses : 48 IssuedLicenses : 1202 ExpirationDate : 20380101000000.000000-000 KeyPackId : 5 KeyPackType : 7 ProductVersion : Windows Server 2012 TypeAndModel : RDS Per User CAL AvailableLicenses : 0 IssuedLicenses : 1 ExpirationDate : 20380119031407.000000-000 KeyPackId : 7 KeyPackType : 7 ProductVersion : Windows Server 2016 TypeAndModel : RDS Per User CAL AvailableLicenses : 0 IssuedLicenses : 49 ExpirationDate : 20380119031407.000000-000"
How to debug the BSOD with invalid memory reference, specifically, why RSI was set to 0
My Windows 10 laptop has been BSODing recently, almost daily, around the time I am not using it (this is a work PC, so the issue happens from like 10pm to 6am). The crash dumps all look the same: IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000000000002d30, memory referenced Arg2: 00000000000000ff, IRQL Arg3: 00000000000000e8, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff8011be4e0ff, address which referenced memory ... DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: System ... LAST_CONTROL_TRANSFER: from fffff8011bf6bba9 to fffff8011bf59dc0 STACK_TEXT: fffff801`1dc625c8 fffff801`1bf6bba9 : 00000000`0000000a 00000000`00002d30 00000000`000000ff 00000000`000000e8 : nt!KeBugCheckEx fffff801`1dc625d0 fffff801`1bf6855a : 0000006b`b0e5bb5a fffff801`1dc62940 00000000`00000002 fffff801`1bf3aecc : nt!KiBugCheckDispatch+0x69 fffff801`1dc62710 fffff801`1be4e0ff : 00000000`00000000 fffff801`1bfed7b6 ffffe001`9510d010 ffffe001`97fc14f0 : nt!KiPageFault+0x51a fffff801`1dc628a0 fffff801`1be4d31b : 00000000`00000000 00000000`00000002 00000000`00000000 00000000`00000000 : nt!PpmIdleExecuteTransition+0xc2f fffff801`1dc62b00 fffff801`1bf5d24c : 00000000`00000000 fffff801`1c126180 fffff801`1c19c740 ffffe001`9355c080 : nt!PoIdle+0x33b fffff801`1dc62c60 00000000`00000000 : fffff801`1dc63000 fffff801`1dc5d000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c 0: kd> .trap fffff801`1dc62710 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000012 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8011be4e0ff rsp=fffff8011dc628a0 rbp=0000000000000000 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up di ng nz na po nc nt!PpmIdleExecuteTransition+0xc2f: fffff801`1be4e0ff 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h] ds:00000000`00002d30=?? And if I am not mistaken, I should look into why RSI was set to 0 before the fault happened. And the "u" command shows a "call qword ptr [rbp+198h]" instruction may have preceded the fault. 0: kd> ub rip L13 nt!PpmIdleExecuteTransition+0xbe3: fffff801`1be4e0b3 4032ff xor dil,dil fffff801`1be4e0b6 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h] fffff801`1be4e0bd a801 test al,1 fffff801`1be4e0bf 740f je nt!PpmIdleExecuteTransition+0xc00 (fffff801`1be4e0d0) fffff801`1be4e0c1 a808 test al,8 fffff801`1be4e0c3 750b jne nt!PpmIdleExecuteTransition+0xc00 (fffff801`1be4e0d0) fffff801`1be4e0c5 33c0 xor eax,eax fffff801`1be4e0c7 b948000000 mov ecx,48h fffff801`1be4e0cc 33d2 xor edx,edx fffff801`1be4e0ce 0f30 wrmsr fffff801`1be4e0d0 488b8518030000 mov rax,qword ptr [rbp+318h] fffff801`1be4e0d7 458bc4 mov r8d,r12d fffff801`1be4e0da 448b8d0c030000 mov r9d,dword ptr [rbp+30Ch] fffff801`1be4e0e1 8b54244c mov edx,dword ptr [rsp+4Ch] fffff801`1be4e0e5 488b8c2480000000 mov rcx,qword ptr [rsp+80h] fffff801`1be4e0ed 4889442420 mov qword ptr [rsp+20h],rax fffff801`1be4e0f2 ff9598010000 call qword ptr [rbp+198h] fffff801`1be4e0f8 448be0 mov r12d,eax fffff801`1be4e0fb 89442444 mov dword ptr [rsp+44h],eax 0: kd> u rip nt!PpmIdleExecuteTransition+0xc2f: fffff801`1be4e0ff 0fb686302d0000 movzx eax,byte ptr [rsi+2D30h] fffff801`1be4e106 a801 test al,1 fffff801`1be4e108 7418 je nt!PpmIdleExecuteTransition+0xc52 (fffff801`1be4e122) fffff801`1be4e10a a808 test al,8 fffff801`1be4e10c 7514 jne nt!PpmIdleExecuteTransition+0xc52 (fffff801`1be4e122) fffff801`1be4e10e 41b801000000 mov r8d,1 fffff801`1be4e114 33d2 xor edx,edx fffff801`1be4e116 418bc0 mov eax,r8d Appreciate your guidance as to how to debug this BSOD further. My troubleshooting direction may be false, in which case I am all ears for your insights. Thanks in advance!
From the SCCM client system, can you list the deployment(s) currently associated to a missing patches?
I'm attempting to build a PowerShell module to help diagnose SCCM issues without giving the system admins access to the SCCM console. The code below currently finds all missing patches on a system but i want to be able to organize them: Organize patches by deployment name Display the deployment install deadline List the Patches missing Code that gets all missing patches: $Results = (get-wmiobject -ComputerName $env:ComputerName -query "SELECT * FROM CCM_UpdateStatus" -namespace "root\ccm\SoftwareUpdates\UpdatesStore" | Where-Object {$_.Status -eq "Missing"}) Output Snippet: __GENUS : 2 __CLASS : CCM_UpdateStatus __SUPERCLASS : __DYNASTY : CCM_UpdateStatus __RELPATH : CCM_UpdateStatus.UniqueId="4ffd2339-7fa5-4716-b64e-78e3dce16d59" __PROPERTY_COUNT : 15 __DERIVATION : {} __SERVER : ……………………………… __NAMESPACE : ROOT\ccm\SoftwareUpdates\UpdatesStore __PATH : \\………………………………\ROOT\ccm\SoftwareUpdates\UpdatesStore:CCM_UpdateStatus.UniqueId="4ffd2339-7fa5-4716-b64e-78e3dce16d59" Article : 3178662 Bulletin : ExcludeForStateReporting : False Language : ProductID : e6cf1350-c01b-414d-a61f-263d14d133b4 RevisionNumber : 200 ScanTime : 20180320184935.000000+000 Sources : {{7D052A75-2032-4F02-BAC9-9EDA4DBD58DE}} SourceType : 2 SourceUniqueId : {7D052A75-2032-4F02-BAC9-9EDA4DBD58DE} SourceVersion : 68 Status : Missing Title : Update for Microsoft Office 2016 (KB3178662) 32-Bit Edition UniqueId : 4ffd2339-7fa5-4716-b64e-78e3dce16d59 UpdateClassification : e6cf1350-c01b-414d-a61f-263d14d133b4 PSComputerName : WGC1107B87PH2 I cannot determine how to get a patches associated deployment name or that patches install deployment deadline. Once I can get those two associations I would like to have output something like below: Baseline Patch Deployment: Install Deadline: Apr 12, 2018 Missing Patches: Patch1 Patch2 Patch3 Office 2016 April Patch Deployment: Install Deadline: Apr 27, 2018 Missing Patches: Patch1 Patch2 Patch3 Missing but Unapproved Patches: Install Deadline: None Missing Patches Patch1 Patch2 Patch3
Client.exe dump file through WinDbg:
Been trying to solve why this app is crashing on only one Windows 7 computer and running fine when installed on 5 others. The program is part of a camera security system which client.exe contacts an internal server and then brings up cameras into an application viewer. The program connects and starts to load a couple of the streaming video windows then crashes. This is the most recent dump file. Antivirus has been removed. DotNet verifyer tools has been run on the machine. Memory upgraded from 4GB to 8GB. All windows updates are current. Any suggestions would be greatly appreciated. Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\Administrator\AppData\Local\CrashDumps\Client.exe.4756.dmp] User Mini Dump File: Only registers, stack and portions of memory are available ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols Symbol search path is: SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: SingleUserTS Machine Name: Debug session time: Sat Jan 16 08:35:29.000 2016 (UTC - 5:00) System Uptime: not available Process Uptime: 0 days 0:01:35.000 ................................................................ ................................................................ ................................................................ ........................................ Loading unloaded module list .. This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (1294.584): Access violation - code c0000005 (first/second chance not available) ntdll!NtWaitForMultipleObjects+0xa: 00000000`77badf6a c3 ret 0:051> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* *** WARNING: Unable to verify checksum for mscorlib.ni.dll *** WARNING: Unable to verify checksum for WindowsBase.ni.dll *** WARNING: Unable to verify checksum for PresentationFramework.ni.dll *** WARNING: Unable to verify checksum for System.ni.dll *** WARNING: Unable to verify checksum for System.Management.ni.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for icudt48.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for atiumd64.dll - FAULTING_IP: ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b 00000000`631fbceb c5fa6f0f vmovdqu xmm1,xmmword ptr [rdi] EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 00000000631fbceb (ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0x0000000000ee8a4b) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000379af220 Attempt to read from address 00000000379af220 CONTEXT: 0000000000000000 -- (.cxr 0x0;r) rax=00000000c0000001 rbx=000000003a37e290 rcx=0000000007200000 rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000002 rip=0000000077badf6a rsp=000000003a37e158 rbp=0000000000000002 r8=000000003a37d878 r9=000000003a37d9e0 r10=0000000000000000 r11=0000000000000246 r12=0000000000000000 r13=000000003a37e200 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 ntdll!NtWaitForMultipleObjects+0xa: 00000000`77badf6a c3 ret DEFAULT_BUCKET_ID: WRONG_SYMBOLS PROCESS_NAME: Client.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 00000000379af220 READ_ADDRESS: 00000000379af220 FOLLOWUP_IP: ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b 00000000`631fbceb c5fa6f0f vmovdqu xmm1,xmmword ptr [rdi] NTGLOBALFLAG: 0 APPLICATION_VERIFIER_FLAGS: 0 APP: client.exe ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre MANAGED_STACK: !dumpstack -EE OS Thread Id: 0x584 (51) Current frame: Child-SP RetAddr Caller, Callee PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS LAST_CONTROL_TRANSFER: from 00000000630c4029 to 00000000631fbceb STACK_TEXT: 00000000`3a37f3a0 00000000`630c4029 : 00000000`0000001e 00000000`63070b8e 00000000`1005a720 00000000`0000000d : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xee8a4b 00000000`3a37f820 00000000`63070b8e : 00000000`00000000 00000000`00000050 00000000`00000000 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xdb0d89 00000000`3a37f860 00000000`63072415 : 00000000`00000000 00000000`00000042 00000000`63072290 00000000`63055333 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd5d8ee 00000000`3a37f8d0 00000000`63054988 : 00000000`1005a720 00000000`00000000 00000000`00000000 00000000`079f2f00 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd5f175 00000000`3a37f900 00000000`6305748c : 00000000`1005a720 00000000`1009d9d8 00000000`3a37f9e0 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd416e8 00000000`3a37f960 00000000`63053899 : 00000000`1005a720 00000000`1009d970 00000000`00000000 00000000`00000000 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd441ec 00000000`3a37fa30 00000000`6cfa1d9f : 00000000`1009d970 00000000`1005a720 00000000`1009d9d8 00000000`1009d9d8 : ImageViewerDotNet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+0xd405f9 00000000`3a37fa90 00000000`6cfa1e3b : 00000000`6d032ac0 00000000`10076d40 00000000`00000000 00000000`00000000 : msvcr100!endthreadex+0x43 00000000`3a37fac0 00000000`77a559ed : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msvcr100!endthreadex+0xdf 00000000`3a37faf0 00000000`77b8b831 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd 00000000`3a37fb20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: imageviewerdotnet!boost::serialization::singleton<NmXerces::CmLibraryInitializer>::get_const_instance+ee8a4b FOLLOWUP_NAME: MachineOwner MODULE_NAME: ImageViewerDotNet IMAGE_NAME: ImageViewerDotNet.dll DEBUG_FLR_IMAGE_TIMESTAMP: 5187ed93 STACK_COMMAND: ~51s; .ecxr ; kb FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000005_ImageViewerDotNet.dll!boost::serialization::singleton_NmXerces::CmLibraryInitializer_::get_const_instance BUCKET_ID: X64_APPLICATION_FAULT_WRONG_SYMBOLS_imageviewerdotnet!boost::serialization::singleton_NmXerces::CmLibraryInitializer_::get_const_instance+ee8a4b ANALYSIS_SOURCE: UM FAILURE_ID_HASH_STRING: um:wrong_symbols_c0000005_imageviewerdotnet.dll!boost::serialization::singleton_nmxerces::cmlibraryinitializer_::get_const_instance FAILURE_ID_HASH: {a7d099ff-a825-ee55-6e51-303340f35724} Followup: MachineOwner ---------
I just solved the issue in a different manner. Used a newer version of the client.exe software which didn't crash and is still compatible with our server. Didn't answer why the above version crashes on only one Windows 7 computer though. Thanks again!!