Reputation: 183
Understanding Windbg output from call stack
From analyzing a crash dump in Windbg, the following is the last call on the stack (obtained using clrstack):
00000000`1eeee410 00000000`ffffffff mscorlib_ni!System.Threading.WaitHandle.WaitOne+0x23
I would like to know what do the different sections of this output imply exactly (More particularly on +0x23).
Upvotes: 10
Views: 3226
Answers (1)
Reputation: 676
You are debugging a 64 bit process so you have two pointers printed out for each frame
the first one is 000000001eeee410 - is a child stack pointer, you can read more on how you can manually use it to recover previous framews manually here http://www.codeproject.com/Articles/331050/Assembly-Helps-Debug-NET-Applications but unless you are dealing with weird corrupted state memory dumps, its not really important :)
the second one is the current instruction pointer for the frame, pointing to the assembly instruction that will be executed next. You can get a mode detailed info by disasemblying the code at this address using the !U command like this
!U /d 00000000ffffffff
Lastly, the WaitOne+0x23 means that the current asembly command being executed is located at the adress of System.Threading.WaitHandle.WaitOne method's start (which means its probably this method being executed) and an offset of 0x23 after that - since you have no symbols for mscorlib, you cant get a line number for this offset
Upvotes: 8
Related Questions
- WinDbg not showing entire call stack?
- windbg log system calls
- How to examine user thread call stack from windbg kernel debugger?
- Call stack is show as hex when using WinDbg to analyze a crash dump
- windbg not showing call stack source args
- WinDbg and inlined functions
- Windbg native call stack trace does not make sense
- WinDbg showing different call stacks when attached to process when compared to crash dump
- call stack and disassembly doubt
- Windbg help -> how can I read the code at this callstack?