vDos crashing every now and then running dbase/foxpro app
Jan 21, 2021 13:57:28 GMT 1
Post by nitech on Jan 21, 2021 13:57:28 GMT 1
We are running a dbase/foxpro app on vDos. From time to time it crashes randomly without any specific action being taken.
I had a look in the C:\Users\%username%\AppData\Local\CrashDumps folder and found seemingly one .dmp file for each crash. I also had a look at EventViewer and found some trace of the crash.
Although a developer myself, analyzing .dmp-files is totally new to me. I therefore just "clicked about" and found a tool called WinDbg, which did an analysis of the .dmp-file located in CrashDumps. It outputted the following:
These are the related events from Event Viewer:
How can I go about debugging this?
I had a look in the C:\Users\%username%\AppData\Local\CrashDumps folder and found seemingly one .dmp file for each crash. I also had a look at EventViewer and found some trace of the crash.
Although a developer myself, analyzing .dmp-files is totally new to me. I therefore just "clicked about" and found a tool called WinDbg, which did an analysis of the .dmp-file located in CrashDumps. It outputted the following:
Microsoft (R) Windows Debugger Version 10.0.20153.1000 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\temp\vDos.exe.4144.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 19042 MP (6 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Debug session time: Thu Jan 21 11:24:05.000 2021 (UTC + 1:00)
System Uptime: not available
Process Uptime: 0 days 3:11:58.000
...........................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1030.664): Security check failure or stack buffer overrun - code c0000409 (first/second chance not available)
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
For analysis of this file, run !analyze -v
eax=018a91d4 ebx=00000000 ecx=00000003 edx=00000000 esi=018de6c0 edi=00000001
eip=77bd8e46 esp=0019f5fc ebp=0019f630 iopl=0 nv up ei ng nz na pe cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000287
ntdll!RtlDeleteTimer+0x136:
77bd8e46 cd29 int 29h
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1264
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on AMATEC-R90S6GVS
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 26435
Key : Analysis.Memory.CommitPeak.Mb
Value: 89
Key : Analysis.System
Value: CreateObject
Key : Timeline.Process.Start.DeltaSec
Value: 11518
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
Key : WER.Process.Version
Value: 0.0.0.0
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: (.ecxr)
eax=018a91d4 ebx=00000000 ecx=00000003 edx=00000000 esi=018de6c0 edi=00000001
eip=77bd8e46 esp=0019f5fc ebp=0019f630 iopl=0 nv up ei ng nz na pe cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000287
ntdll!RtlDeleteTimer+0x136:
77bd8e46 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 77bd8e46 (ntdll!RtlDeleteTimer+0x00000136)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 00000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
PROCESS_NAME: vDos.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 00000003
STACK_TEXT:
0019f630 76b9a116 018a91c8 018de6c0 00000000 ntdll!RtlDeleteTimer+0x136
0019f644 0042e1db 00000000 018de6c0 00000000 KERNELBASE!DeleteTimerQueueTimer+0x26
WARNING: Stack unwind information not available. Following frames may be wrong.
0019f68c 0042fe97 00000b30 0000061e 0042a64e vDos+0x2e1db
0019f7e0 00428411 0019f800 01697a52 00000000 vDos+0x2fe97
0019fc04 004276ee 0019f80a 00000000 018a9228 vDos+0x28411
0019fc38 004278ee 0019fc50 00000b30 00477280 vDos+0x276ee
0019fd10 00427c10 00000000 0000000a 00287000 vDos+0x278ee
0019feb0 0042ee28 018b1870 00000000 00000004 vDos+0x27c10
0019fec8 0042d2c7 00000000 0000000a 00287000 vDos+0x2ee28
0019ff24 0044e136 00400000 00000000 01892703 vDos+0x2d2c7
0019ff70 7758fa29 00287000 7758fa10 0019ffdc vDos+0x4e136
0019ff80 77c175f4 00287000 0b774b0e 00000000 kernel32!BaseThreadInitThunk+0x19
0019ffdc 77c175c4 ffffffff 77c37359 00000000 ntdll!__RtlUserThreadStart+0x2f
0019ffec 00000000 0044e1ba 00287000 00000000 ntdll!_RtlUserThreadStart+0x1b
SYMBOL_NAME: vdos+2e1db
MODULE_NAME: vDos
IMAGE_NAME: vDos.exe
STACK_COMMAND: ~0s ; .ecxr ; kb
FAILURE_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY_c0000409_vDos.exe!Unknown
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x86
OSNAME: Windows 10
FAILURE_ID_HASH: {e51749bf-573f-88d6-8f61-252b35930368}
Followup: MachineOwner
--------
These are the related events from Event Viewer:
Loggnavn: Application
Kilde: Application Error
Dato: 21.01.2021 11:24:04
Hendelses-ID: 1000
Oppgavekategori:(100)
Nivå: Feil
Nøkkelord: Klassisk
Bruker: I/T
Datamaskin: AMATEC-PC1AVX52.amatec.asp1.pcsupport.no
Beskrivelse:
Programnavn med feil: vDos.exe, versjon: 0.0.0.0, tidsangivelse: 0x5e67ef0f
Modulnavn med feil: ntdll.dll, versjon: 10.0.19041.662, tidsangivelse: 0x5f641e44
Unntakskode: 0xc0000409
Feilforskyvning: 0x00028e46
Feil prosess-ID: 0x1030
Feil starttid for program: 0x01d6efc4ba44b452
Feil programbane: R:\vDos\vDos.exe
Feil modulbane: C:\WINDOWS\SYSTEM32\ntdll.dll
Rapport-ID: 26f05005-ec65-43b1-a742-f7bf851eccf7
Fullstendig navn på feilpakke:
Relativ program-ID for feilpakke:
Hendelses-XML-fil:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>100</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2021-01-21T10:24:04.5229030Z" />
<EventRecordID>16427</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>AMATEC-PC1AVX52.amatec.asp1.pcsupport.no</Computer>
<Security />
</System>
<EventData>
<Data>vDos.exe</Data>
<Data>0.0.0.0</Data>
<Data>5e67ef0f</Data>
<Data>ntdll.dll</Data>
<Data>10.0.19041.662</Data>
<Data>5f641e44</Data>
<Data>c0000409</Data>
<Data>00028e46</Data>
<Data>1030</Data>
<Data>01d6efc4ba44b452</Data>
<Data>R:\vDos\vDos.exe</Data>
<Data>C:\WINDOWS\SYSTEM32\ntdll.dll</Data>
<Data>26f05005-ec65-43b1-a742-f7bf851eccf7</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
Loggnavn: Application
Kilde: Windows Error Reporting
Dato: 21.01.2021 11:24:05
Hendelses-ID: 1001
Oppgavekategori:Ingen
Nivå: Informasjon
Nøkkelord: Klassisk
Bruker: I/T
Datamaskin: AMATEC-PC1AVX52.amatec.asp1.pcsupport.no
Beskrivelse:
Feil-bucket , type 0
Hendelsesnavn: BEX
Svar: Ikke tilgjengelig
Cab-ID: 0
Problemsignatur:
P1: vDos.exe
P2: 0.0.0.0
P3: 5e67ef0f
P4: ntdll.dll
P5: 10.0.19041.662
P6: 5f641e44
P7: 00028e46
P8: c0000409
P9: 00000003
P10:
Vedlagte filer:
Disse filene er kanskje tilgjengelige her:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vDos.exe_fa7d525cfda89dd0cb118c9725afac3fdabeb75c_878995f4_1a1ae186-6c1e-499d-badb-c47bef54dc0d
Analysesymbol:
Leter etter løsning en gang til: 0
Rapport-ID: 26f05005-ec65-43b1-a742-f7bf851eccf7
Rapportstatus: 4
Hashet bucket:
Cab-Guid: 0
Hendelses-XML-fil:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2021-01-21T10:24:05.0235516Z" />
<EventRecordID>16428</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>AMATEC-PC1AVX52.amatec.asp1.pcsupport.no</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>0</Data>
<Data>BEX</Data>
<Data>Ikke tilgjengelig</Data>
<Data>0</Data>
<Data>vDos.exe</Data>
<Data>0.0.0.0</Data>
<Data>5e67ef0f</Data>
<Data>ntdll.dll</Data>
<Data>10.0.19041.662</Data>
<Data>5f641e44</Data>
<Data>00028e46</Data>
<Data>c0000409</Data>
<Data>00000003</Data>
<Data>
</Data>
<Data>
</Data>
<Data>\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vDos.exe_fa7d525cfda89dd0cb118c9725afac3fdabeb75c_878995f4_1a1ae186-6c1e-499d-badb-c47bef54dc0d</Data>
<Data>
</Data>
<Data>0</Data>
<Data>26f05005-ec65-43b1-a742-f7bf851eccf7</Data>
<Data>4</Data>
<Data>
</Data>
<Data>0</Data>
</EventData>
</Event>
Loggnavn: Application
Kilde: Windows Error Reporting
Dato: 21.01.2021 11:24:06
Hendelses-ID: 1001
Oppgavekategori:Ingen
Nivå: Informasjon
Nøkkelord: Klassisk
Bruker: I/T
Datamaskin: AMATEC-PC1AVX52.amatec.asp1.pcsupport.no
Beskrivelse:
Feil-bucket 1381148358618108004, type 5
Hendelsesnavn: BEX
Svar: Ikke tilgjengelig
Cab-ID: 0
Problemsignatur:
P1: vDos.exe
P2: 0.0.0.0
P3: 5e67ef0f
P4: ntdll.dll
P5: 10.0.19041.662
P6: 5f641e44
P7: 00028e46
P8: c0000409
P9: 00000003
P10:
Vedlagte filer:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER278B.tmp.WERInternalMetadata.xml
Disse filene er kanskje tilgjengelige her:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_vDos.exe_fa7d525cfda89dd0cb118c9725afac3fdabeb75c_878995f4_1a1ae186-6c1e-499d-badb-c47bef54dc0d
Analysesymbol:
Leter etter løsning en gang til: 0
Rapport-ID: 26f05005-ec65-43b1-a742-f7bf851eccf7
Rapportstatus: 268435456
Hashet bucket: db06615cbb8c9f44432ad31d518bd064
Cab-Guid: 0
Hendelses-XML-fil:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows Error Reporting" />
<EventID Qualifiers="0">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2021-01-21T10:24:06.7443074Z" />
<EventRecordID>16429</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>AMATEC-PC1AVX52.amatec.asp1.pcsupport.no</Computer>
<Security />
</System>
<EventData>
<Data>1381148358618108004</Data>
<Data>5</Data>
<Data>BEX</Data>
<Data>Ikke tilgjengelig</Data>
<Data>0</Data>
<Data>vDos.exe</Data>
<Data>0.0.0.0</Data>
<Data>5e67ef0f</Data>
<Data>ntdll.dll</Data>
<Data>10.0.19041.662</Data>
<Data>5f641e44</Data>
<Data>00028e46</Data>
<Data>c0000409</Data>
<Data>00000003</Data>
<Data>
</Data>
<Data>
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER278B.tmp.WERInternalMetadata.xml</Data>
<Data>\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_vDos.exe_fa7d525cfda89dd0cb118c9725afac3fdabeb75c_878995f4_1a1ae186-6c1e-499d-badb-c47bef54dc0d</Data>
<Data>
</Data>
<Data>0</Data>
<Data>26f05005-ec65-43b1-a742-f7bf851eccf7</Data>
<Data>268435456</Data>
<Data>db06615cbb8c9f44432ad31d518bd064</Data>
<Data>0</Data>
</EventData>
</Event>
How can I go about debugging this?