Corrupted stacks are no fun at all – when you get a crash dump or a live exception in an application, pretty much the first thing you do is take a look at the call stack. When the stack itself is corrupted, your primary investigation tool is taken away. Still, it is sometimes possible to reconstruct the stack even in face of a corruption. I’ve been showing how in the .NET Debugging and C++ Debugging courses, but by popular demand will show one example here as well. You can follow along on your own with the dump file, symbol file, and sources from here.Here we go – open the dump file in WinDbg (32-bit) obtains the following output:User Mini Dump File: Only registers, stack and portions of memory are available
. . . 0:000> dds ESP
002af1a8 00000000
002af1ac 002af120
002af1b0 00000000
002af1b4 014cfe90
002af1b8 002af0fc
002af1bc 742fd594 uxtheme!StreamInit+0x36
002af1c0 002af180
002af1c4 01850815
002af1c8 0000029e
002af1cc 00000000
002af1d0 00000000
002af1d4 737990fa
002af1d8 002af210
002af1dc 013719be BatteryMeter!RecurseDeep+0x4e [...\batterymeterdlg.cpp @ 135]
002af1e0 00000004
002af1e4 77dbc290 mfc100u!AfxDlgProc [...\dlgcore.cpp @ 22]
Read more: .NET Zone
QR:
. . . 0:000> dds ESP
002af1a8 00000000
002af1ac 002af120
002af1b0 00000000
002af1b4 014cfe90
002af1b8 002af0fc
002af1bc 742fd594 uxtheme!StreamInit+0x36
002af1c0 002af180
002af1c4 01850815
002af1c8 0000029e
002af1cc 00000000
002af1d0 00000000
002af1d4 737990fa
002af1d8 002af210
002af1dc 013719be BatteryMeter!RecurseDeep+0x4e [...\batterymeterdlg.cpp @ 135]
002af1e0 00000004
002af1e4 77dbc290 mfc100u!AfxDlgProc [...\dlgcore.cpp @ 22]
Read more: .NET Zone
QR: