This article describes how to use the new COM+ Process Dump
feature. With this feature, you can obtain automatic memory dumps on a COM+
FailFast, which is the internal error handling feature in COM+. This article
describes how you can locate the access violation that may trigger such a dump.
The example in this article uses a .dll file named
DoBadStuff, a class named
CNaughty, and a method named
AV. To create an access violation and to trigger a COM+ Process
Dump, follow these steps:
- Open the dump file in a debugger such as
Windbg.exe.
- Type the command ~*kb
400.
- Find the call stack that has this structure:
ChildEBP RetAddr Args to Child
00dbe7f0 77f7f4af 77e7788b 000001a0 00000000 SharedUserData!SystemCallStub+0x4
00dbe7f4 77e7788b 000001a0 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc
00dbe858 77e79d6a 000001a0 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xa8
00dbe868 757bb368 000001a0 ffffffff 757f15d0 kernel32!WaitForSingleObject+0xf
00dbecec 757bb663 757f1868 757f187c 000009fc COMSVCS!FF_RunCmd+0x7b
00dbefac 757bb6d5 00dbefc0 00000001 00000001 COMSVCS!FF_DumpProcess_MD+0x1a3
00dbf1ec 757bb998 7574c2f9 00000001 00085558 COMSVCS!FF_DumpProcess+0x2f
00dbf1f0 7574c2f9 00000001 00085558 771be20c COMSVCS!FailFast+0x42
00dbf208 75761fce 00dbf27c 00000000 00000000 COMSVCS!ComSvcsExceptionFilter+0xa1
00dbf218 7725673c 000ae498 00dbf27c c0000005 COMSVCS!CContext::ServerException+0xd
- Dump the first two elements (8 bytes) of this structure.
These two elements contain a pointer to an EXCEPTION_RECORD structure and a pointer to a CONTEXT.
0:017> dd 00dbf27c L2
00dbf27c 00dbf36c 00dbf388
- Execute the .exr and the .cxr commands to dump the exception and the context records
respectively. The .cxr command sets the register context to this context record.
0:017> .exr 00dbf36c
ExceptionAddress: 10007d72 (DoBadStuff!CCNaughty::AV+0x00000042)
ExceptionCode: c0000005
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 014d52af
Attempt to write to address 014d52af<BR/>
0:017> .cxr 00dbf388
eax=00963e90 ebx=00dbfad8 ecx=00963e90 edx=00963e90 esi=00dbf6d0 edi=00dbf6a8
eip=10007d72 esp=00dbf654 ebp=00dbf6a8 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202
DoBadStuff!CCNaughty::AV+42:
10007d72 c6811f14b70065 mov byte ptr [ecx+0xb7141f],0x65
- Use the kb command to display the
stack trace for the faulting thread:
0:017> kb
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
00dbf6a8 77cc2f58 009627f8 02020202 00000001 DoBadStuff!CCNaughty::AV+0x42
00dbf6c0 77d281a5 100012e9 00dbf6d4 00000001 RPCRT4!Invoke+0x30
00dbfaa0 77d28d3e 000b1b08 000b57ac 00098628 RPCRT4!NdrStubCall2+0x1fb
00dbfaf8 7713bb3d 000b1b08 00098628 000b57ac RPCRT4!CStdStubBuffer_Invoke+0x3f
00dbfb58 772aec81 00098628 000a9508 000ac4a8 OLEAUT32!CUnivStubWrapper::Invoke+0xe1
00dbfe84 77d7c076 77d5b720 00000000 00dbfef4 ole32!StubInvoke+0xa5
00dbfee4 77d7c076 77d5b730 ffffffff 00dbff2c USER32!__except_handler3
00dbffa4 77c33eaf 77c140c8 00000000 00dbffec USER32!__except_handler3
00dbffdc 77e9bb85 77e95b80 00000000 00000000 msvcrt!__except_handler2+0xb7
ffffffff 00000000 00000000 00000000 00000000 kernel32!CreateDBWinMutex+0x1d7
For more information, see the following Microsoft Web
sites:
Back to the top
