tags:

views:

230

answers:

2
+1  Q: 

WinDbg showing different call stacks when attached to process when compared to crash dump

I'm analysing a deadlock that's occurring when using a native library alongside managed code. I'm using WinDbg to debug the problem with the intention of saving a dump such that the vendor might observe the issue on their premises.

When attaching to the problematic process I see the following message before any call stacks:

WARNING: Stack unwind information not available. Following frames may be wrong.

The frames actually look correct when attached directly to the process. However, when I take a dump of this file and then open the dump in WinDbg on another machine, one of the stack frames is different (the above error is displayed too.) This originally had the vendor stumped, as the code path seemed impossible.

I took the dump using:

.dump /ma filename.dmp

What would cause this discrepancy, and is there anything I can do to reliably analyse a dump file's call stacks? Might there be any other misrepresented data I should be aware of?

+2  A: 

This sounds like you might have mismatched pdbs. Have you tried the !chksym and !itoldyouso commands? eg see the Bugslayer article

Another thing to try is !sym noisy that should show you which pdb files are being loaded.

See also MSDN blog

the_mandrill  2009-11-03 09:24:27
+1  A: 

The warning is telling you that the debugger cannot associate one or more addresses on the stack with existing module information. As managed code is compiled on the fly by the CLR there are no corresponding modules for the code and thus the warning.

The SOS command !clrstack has the necessary info from the CLR to display a meaningful stack (or at least without the warning). If you use any of the native stack dump command, you'll see this warning for managed code.

The upcoming book Advanced .NET Debugging has additional details. See http://advanceddotnetdebugging.com/

Brian Rasmussen  2009-11-03 09:30:17
Thanks Brian. So I should expect that warning whenever debugging threads running managed code in WinDbg? That's good to know, however the issue I'm seeing is that an unmanaged stack frame is different when debugging locally when compared to debugging the dump file on a different machine. Thanks for the link -- I'll have a read.
Drew Noakes  2009-11-03 09:51:59
I figured you were debugging managed code because of the .NET tag. You will see the warning if you dump the native stack for a thread running managed code as WinDbg doesn't recognize the managed calls. With SOS you get the correct managed view and thus no warning. However, it can still be useful to dump the native stack in which case you just have to ignore the warning. As for your other question: Could you elaborate a little on how the stacks differ between local debug and dump debug.
Brian Rasmussen  2009-11-03 09:59:29
I'm debugging a mixture of .NET and native code via interop. I'll provide some more info when I'm able to repro the issue. Thanks again.
Drew Noakes  2009-11-03 11:35:43

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?