windbg conflicting information

2k views Asked by At

I have WinDBG 6.12.0002.633 x86 and I'm using it to view a post-mortem kdmp from a Windows Mobile 6 ARMV4I application.

When I go to analyze the callstack I get a lot of unknowns. In the analysis, I can see in the *FAULTING_IP* section that the fault is in the tcpstk module. (for which I also have symbols. But, in the *STACK_TEXT* section, the tcpstk addresses appear as just addresses, no symbols.

Also, in the *MODULE_NAME* section, I get another unknown even though it just said the faulting module was in tcpstk.

The result of the !analyze -v command is:

1:128:armce> !analyze -v
***snip!***
FAULTING_IP: 
tcpstk!_DerefIF+38 [\private\winceos\comm\tcpipw\ip\iproute.c @ 1032]
01b0d6f0 ???????? ???
***snip!***
IP_ON_HEAP:  07b00090
The fault address in not in any loaded module, please check your build's rebase
log at <releasedir>\bin\build_logs\timebuild\ntrebase.log for module which may
contain the address if it were loaded.

FRAME_ONE_INVALID: 1

STACK_TEXT:  
761efa6c 07b00090 : 7b858453 00000003 00000000 00000000 : 0x7b0d6f0
761efa7c 07b0020c : 7b858453 506f010a 00000000 00000000 : 0x7b00090
761efacc 78012d38 : 7b858453 506f010a 00000000 00000000 : 0x7b0020c
761efaf4 78013cdc module_78010000!AdapterBindingManager::NetUp+0xb4 [bar.cpp @ 268]
761efb34 78014b78 module_78010000!AdapterBindingManager::EnterState+0x5e4 [bar.cpp @ 1327]
761efda4 78015c08 module_78010000!AdapterBindingManager::ProcessEvent+0x8e4 [bar.cpp @ 1298]
761efdd8 03f668dc module_78010000!MediaSense+0x25c [foo.cpp @ 673]
761efe94 00000000 coredll_3f49000!ThreadBaseFunc+0x98 [\private\winceos\coreos\core\dll\apis.c @ 633]


MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

STACK_COMMAND:  ~128s ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_WRITE_c0000005_Unknown_Image!Unknown

If I switch to the kp command, I suddenly can see that part of the callstack

1:128:armce> kp
Child-SP RetAddr  Call Site
761efa6c 01b0d6e0 tcpstk!_DerefIF(struct Interface * IF = 0x7b858453)+0x38 [\private\winceos\comm\tcpipw\ip\iproute.c @ 1032]
761efa6c 00000000 tcpstk!_DerefIF(struct Interface * IF = 0x7b858453)+0x28 [\private\winceos\comm\tcpipw\ip\iproute.c @ 1026]

Why isn't the !analyze -v command able to show the fully decoded callstack? Why does it show so many unknowns?

1

There are 1 answers

2
EdChum On

I think that WinDBG cannot debug ARM I have not seen any documentation that states it is capable of debugging ARM, only x86 and x64 applications.

There is a Windbg provided in the ARM toolkit that is the windowed version of armsd which is not related to the microsoft WindDbg.