Created
February 8, 2019 06:35
-
-
Save Daniel15/c8c31b9e46d8c2eea6385d7dd1ba6c40 to your computer and use it in GitHub Desktop.
Debugging GPGME with WinDbg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64 | |
Copyright (c) Microsoft Corporation. All rights reserved. | |
CommandLine: "C:\Users\danlo\Dropbox (Personal)\src\gpgme-sharp\Examples\PgpEncryptDecrypt\bin\Debug\net40\PgpEncryptDecrypt.exe" | |
Symbol search path is: srv* | |
Executable search path is: | |
ModLoad: 00000000`00070000 00000000`00078000 PgpEncryptDecrypt.exe | |
ModLoad: 00007ffb`d88c0000 00007ffb`d8aad000 ntdll.dll | |
ModLoad: 00000000`774a0000 00000000`7763c000 ntdll.dll | |
ModLoad: 00007ffb`d5be0000 00007ffb`d5c33000 C:\windows\System32\wow64.dll | |
ModLoad: 00007ffb`d6260000 00007ffb`d62dc000 C:\windows\System32\wow64win.dll | |
(28a8.590c): Break instruction exception - code 80000003 (first chance) | |
ntdll!LdrpDoDebuggerBreak+0x30: | |
00007ffb`d8992cbc cc int 3 | |
0:000> g | |
ModLoad: 00000000`77490000 00000000`77499000 C:\windows\System32\wow64cpu.dll | |
ModLoad: 00000000`71db0000 00000000`71e03000 C:\windows\SysWOW64\MSCOREE.DLL | |
ModLoad: 00000000`762d0000 00000000`763b0000 C:\windows\SysWOW64\KERNEL32.dll | |
ModLoad: 00000000`75560000 00000000`75759000 C:\windows\SysWOW64\KERNELBASE.dll | |
(28a8.590c): WOW64 breakpoint - code 4000001f (first chance) | |
First chance exceptions are reported before any exception handling. | |
This exception may be expected and handled. | |
ntdll_774a0000!LdrpDoDebuggerBreak+0x2b: | |
7754f126 cc int 3 | |
0:000:x86> g | |
ModLoad: 74b30000 74bae000 C:\windows\SysWOW64\ADVAPI32.dll | |
ModLoad: 75d50000 75e10000 C:\windows\SysWOW64\msvcrt.dll | |
ModLoad: 00000000`77270000 00000000`772e9000 C:\windows\SysWOW64\sechost.dll | |
ModLoad: 00000000`76ae0000 00000000`76b9f000 C:\windows\SysWOW64\RPCRT4.dll | |
ModLoad: 00000000`74b10000 00000000`74b30000 C:\windows\SysWOW64\SspiCli.dll | |
ModLoad: 00000000`74b00000 00000000`74b0a000 C:\windows\SysWOW64\CRYPTBASE.dll | |
ModLoad: 00000000`76ba0000 00000000`76c02000 C:\windows\SysWOW64\bcryptPrimitives.dll | |
ModLoad: 00000000`71a40000 00000000`71abd000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll | |
ModLoad: 00000000`75770000 00000000`757b4000 C:\windows\SysWOW64\SHLWAPI.dll | |
ModLoad: 00000000`75fc0000 00000000`76238000 C:\windows\SysWOW64\combase.dll | |
ModLoad: 00000000`75e90000 00000000`75fb3000 C:\windows\SysWOW64\ucrtbase.dll | |
ModLoad: 00000000`75490000 00000000`754b3000 C:\windows\SysWOW64\GDI32.dll | |
ModLoad: 00000000`75120000 00000000`75287000 C:\windows\SysWOW64\gdi32full.dll | |
ModLoad: 00000000`75bd0000 00000000`75c50000 C:\windows\SysWOW64\msvcp_win.dll | |
ModLoad: 00000000`772f0000 00000000`77489000 C:\windows\SysWOW64\USER32.dll | |
ModLoad: 00000000`74bb0000 00000000`74bc7000 C:\windows\SysWOW64\win32u.dll | |
ModLoad: 00000000`75530000 00000000`75555000 C:\windows\SysWOW64\IMM32.DLL | |
ModLoad: 00000000`763b0000 00000000`763bf000 C:\windows\SysWOW64\kernel.appcore.dll | |
ModLoad: 00000000`73a60000 00000000`73a68000 C:\windows\SysWOW64\VERSION.dll | |
ModLoad: 00000000`70e00000 00000000`714ef000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll | |
ModLoad: 00000000`71940000 00000000`71a35000 C:\windows\SysWOW64\MSVCR120_CLR0400.dll | |
(28a8.590c): Unknown exception - code 04242420 (first chance) | |
ModLoad: 00000000`6fa60000 00000000`70df3000 C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll | |
ModLoad: 00000000`769e0000 00000000`76adc000 C:\windows\SysWOW64\ole32.dll | |
ModLoad: 00000000`6be70000 00000000`6bef0000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll | |
ModLoad: 00000000`75ad0000 00000000`75b6b000 C:\windows\SysWOW64\OLEAUT32.dll | |
ModLoad: 00000000`04930000 00000000`04954000 gpgme-sharp.dll | |
ModLoad: 00000000`04960000 00000000`04984000 gpgme-sharp.dll | |
ModLoad: 00000000`00740000 00000000`00754000 GPGME.Native.Shared.dll | |
ModLoad: 00000000`02420000 00000000`02434000 GPGME.Native.Shared.dll | |
ModLoad: 00000000`6f050000 00000000`6fa60000 C:\windows\assembly\NativeImages_v4.0.30319_32\System\b6fb56a7c01747453c8e9e9d960dc295\System.ni.dll | |
ModLoad: 00000000`006a0000 00000000`006aa000 GPGME.Native.Unix.dll | |
ModLoad: 00000000`00740000 00000000`0074a000 GPGME.Native.Unix.dll | |
ModLoad: 00000000`006a0000 00000000`006aa000 GPGME.Native.Win32.dll | |
ModLoad: 00000000`00750000 00000000`0075a000 GPGME.Native.Win32.dll | |
ModLoad: 00000000`6edb0000 00000000`6ee0b000 C:\Program Files (x86)\GnuPG\bin\libgpgme-11.dll | |
ModLoad: 00000000`74bd0000 00000000`7511d000 C:\windows\SysWOW64\SHELL32.dll | |
ModLoad: 00000000`75b70000 00000000`75bab000 C:\windows\SysWOW64\cfgmgr32.dll | |
ModLoad: 00000000`76240000 00000000`762c9000 C:\windows\SysWOW64\shcore.dll | |
ModLoad: 00000000`763c0000 00000000`769bb000 C:\windows\SysWOW64\windows.storage.dll | |
ModLoad: 00000000`769c0000 00000000`769dc000 C:\windows\SysWOW64\profapi.dll | |
ModLoad: 00000000`75430000 00000000`75484000 C:\windows\SysWOW64\powrprof.dll | |
ModLoad: 00000000`75bb0000 00000000`75bc2000 C:\windows\SysWOW64\cryptsp.dll | |
ModLoad: 00000000`75e30000 00000000`75e8f000 C:\windows\SysWOW64\WS2_32.dll | |
ModLoad: 00000000`65770000 00000000`65789000 C:\Program Files (x86)\GnuPG\bin\libassuan-0.dll | |
ModLoad: 00000000`6b0e0000 00000000`6b10f000 C:\Program Files (x86)\GnuPG\bin\libgpg-error-0.dll | |
(28a8.590c): Access violation - code c0000005 (first chance) | |
First chance exceptions are reported before any exception handling. | |
This exception may be expected and handled. | |
004fef7c 0100 add dword ptr [eax],eax ds:002b:00000000=???????? | |
0:000:x86> !analyze -v | |
******************************************************************************* | |
* * | |
* Exception Analysis * | |
* * | |
******************************************************************************* | |
*** WARNING: Unable to verify checksum for PgpEncryptDecrypt.exe | |
GetUrlPageData2 (WinHttp) failed: 12002. | |
DUMP_CLASS: 2 | |
DUMP_QUALIFIER: 0 | |
FAULTING_IP: | |
+0 | |
004fef7c 0100 add dword ptr [eax],eax | |
EXCEPTION_RECORD: (.exr -1) | |
ExceptionAddress: 004fef7c | |
ExceptionCode: c0000005 (Access violation) | |
ExceptionFlags: 00000000 | |
NumberParameters: 2 | |
Parameter[0]: 00000008 | |
Parameter[1]: 004fef7c | |
Attempt to execute non-executable address 004fef7c | |
FAULTING_THREAD: 0000590c | |
PROCESS_NAME: PgpEncryptDecrypt.exe | |
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. | |
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. | |
EXCEPTION_CODE_STR: c0000005 | |
EXCEPTION_PARAMETER1: 00000008 | |
EXCEPTION_PARAMETER2: 004fef7c | |
FOLLOWUP_IP: | |
+0 | |
004fef7c 0100 add dword ptr [eax],eax | |
FAILED_INSTRUCTION_ADDRESS: | |
+0 | |
004fef7c 0100 add dword ptr [eax],eax | |
WATSON_BKT_PROCSTAMP: eebcc658 | |
WATSON_BKT_PROCVER: 1.0.0.0 | |
PROCESS_VER_PRODUCT: PgpEncryptDecrypt | |
WATSON_BKT_MODULE: unknown | |
WATSON_BKT_MODVER: 0.0.0.0 | |
WATSON_BKT_MODOFFSET: 4fef7c | |
WATSON_BKT_MODSTAMP: bbbbbbb4 | |
BUILD_VERSION_STRING: 10.0.17763.1 (WinBuild.160101.0800) | |
MODLIST_WITH_TSCHKSUM_HASH: a82aa4af458355d8b701a15ea447da475cce8f19 | |
MODLIST_SHA1_HASH: f5e270daa35b0cd8fdcf02294b16ec66e2aa4e4b | |
NTGLOBALFLAG: 70 | |
APPLICATION_VERIFIER_FLAGS: 0 | |
PRODUCT_TYPE: 1 | |
SUITE_MASK: 272 | |
MISSING_CLR_SYMBOL: 0 | |
ANALYSIS_SESSION_HOST: W2KS8CK1024 | |
ANALYSIS_SESSION_TIME: 02-07-2019 22:31:24.0549 | |
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre | |
IP_ON_STACK: | |
+0 | |
004fef7c 0100 add dword ptr [eax],eax | |
MANAGED_CODE: 1 | |
MANAGED_ENGINE_MODULE: clr | |
THREAD_ATTRIBUTES: | |
OS_LOCALE: ENU | |
PROBLEM_CLASSES: | |
STACKIMMUNE | |
Tid [0x0] | |
Frame [0x00] | |
Failure Bucketing | |
SOFTWARE_NX_FAULT | |
Tid [0x590c] | |
Frame [0x00]: unknown!unknown | |
ZEROED_STACK | |
Tid [0x590c] | |
Frame [0x00]: unknown!unknown | |
NOSOS | |
Tid [0x590c] | |
CODE | |
Tid [0x590c] | |
Frame [0x00]: unknown!unknown | |
BUGCHECK_STR: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE | |
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_NOSOS_CODE | |
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD] | |
LAST_CONTROL_TRANSFER: from 00000000 to 00000000 | |
STACK_TEXT: | |
WARNING: Frame IP not in any known module. Following frames may be wrong. | |
004fef74 6ede3a82 00000001 00000001 006743d8 0x4fef7c | |
004fef94 6edb88e9 004fefd8 00000005 6edf1f92 libgpgme_11!_gpgme_debug_frame_end+0x12 | |
004feff4 6edb932e 00673b6c 00000000 004ff018 libgpgme_11!_gpgme_run_io_cb+0x167 | |
004ff034 6edb9473 00673078 00000000 00000000 libgpgme_11!_gpgme_wait_on_condition+0x17f | |
004ff054 6edbc958 00673078 00000001 00000000 libgpgme_11!_gpgme_wait_one+0x21 | |
004ff0a4 0066bb11 00673078 00673c10 00679338 libgpgme_11!gpgme_op_decrypt+0x142 | |
004ff110 0066b6dc 00679338 00000000 00000000 0x66bb11 | |
004ff214 00660cc7 02458d28 024572d4 00000000 0x66b6dc | |
004ff318 70e0ebb6 007d8798 004ff378 70e11e10 0x660cc7 | |
004ff324 70e11e10 004ff3b4 004ff368 70ee9b20 clr!CallDescrWorkerInternal+0x34 | |
004ff378 70e17994 00000000 00000000 00000001 clr!CallDescrWorkerWithHandler+0x6b | |
004ff3e0 70f85026 004ff4d4 6bee3301 00614d3c clr!MethodDescCallSite::CallTargetWorker+0x16a | |
004ff50c 70f85707 004ff530 00000000 6bee332d clr!RunMain+0x1ad | |
004ff780 70f855ed 00000000 6bee319d 00070000 clr!Assembly::ExecuteMainMethod+0x124 | |
004ffc78 70f858d3 6bee3add 00000000 00000000 clr!SystemDomain::ExecuteMainMethod+0x631 | |
004ffcd0 70f85819 6bee3b1d 00000000 70f559f0 clr!ExecuteEXE+0x4c | |
004ffd10 70f55a0c 6bee3b41 00000000 70f559f0 clr!_CorExeMainInternal+0xdc | |
004ffd4c 71a4d93b ea48ee78 71dc43f0 71a4d8c0 clr!_CorExeMain+0x4d | |
004ffd88 71dbe80e 71dc43f0 71a40000 004ffdb0 mscoreei!_CorExeMain+0x10e | |
004ffd98 71dc43f8 71dc43f0 762efe09 0030f000 MSCOREE!ShellShim__CorExeMain+0x9e | |
004ffda0 762efe09 0030f000 762efdf0 004ffe0c MSCOREE!_CorExeMain_Exported+0x8 | |
004ffdb0 7750662d 0030f000 4a65daca 00000000 KERNEL32!BaseThreadInitThunk+0x19 | |
004ffe0c 775065fd ffffffff 775251a6 00000000 ntdll_774a0000!__RtlUserThreadStart+0x2f | |
004ffe1c 00000000 71dc43f0 0030f000 00000000 ntdll_774a0000!_RtlUserThreadStart+0x1b | |
THREAD_SHA1_HASH_MOD_FUNC: e4094df2d03ecab2161898f95c7e9e3d8178c60b | |
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 290409c7c826a9107b0cc16040dc76d65292e414 | |
THREAD_SHA1_HASH_MOD: afc2de90aa9f0996a94510e35317259df3ab7ae9 | |
SYMBOL_STACK_INDEX: 0 | |
SYMBOL_NAME: PgpEncryptDecrypt.exe!unknown_error_in_process | |
FOLLOWUP_NAME: MachineOwner | |
MODULE_NAME: PgpEncryptDecrypt | |
IMAGE_NAME: PgpEncryptDecrypt.exe | |
DEBUG_FLR_IMAGE_TIMESTAMP: 0 | |
STACK_COMMAND: ~0s ; kb | |
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_NOSOS_CODE_c0000005_PgpEncryptDecrypt.exe!unknown_error_in_process | |
BUCKET_ID: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_PgpEncryptDecrypt.exe!unknown_error_in_process | |
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_PgpEncryptDecrypt.exe!unknown_error_in_process | |
FAILURE_EXCEPTION_CODE: c0000005 | |
FAILURE_IMAGE_NAME: PgpEncryptDecrypt.exe | |
BUCKET_ID_IMAGE_STR: PgpEncryptDecrypt.exe | |
FAILURE_MODULE_NAME: PgpEncryptDecrypt | |
BUCKET_ID_MODULE_STR: PgpEncryptDecrypt | |
FAILURE_FUNCTION_NAME: unknown_error_in_process | |
BUCKET_ID_FUNCTION_STR: unknown_error_in_process | |
BUCKET_ID_OFFSET: 0 | |
BUCKET_ID_MODTIMEDATESTAMP: 0 | |
BUCKET_ID_MODCHECKSUM: 0 | |
BUCKET_ID_MODVER_STR: 1.0.0.0 | |
BUCKET_ID_PREFIX_STR: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_ | |
FAILURE_PROBLEM_CLASS: SOFTWARE_NX_FAULT_NOSOS_CODE | |
FAILURE_SYMBOL_NAME: PgpEncryptDecrypt.exe!unknown_error_in_process | |
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/PgpEncryptDecrypt.exe/1.0.0.0/eebcc658/unknown/0.0.0.0/bbbbbbb4/c0000005/004fef7c.htm?Retriage=1 | |
TARGET_TIME: 2019-02-08T06:31:37.000Z | |
OSBUILD: 17763 | |
OSSERVICEPACK: 1 | |
SERVICEPACK_NUMBER: 0 | |
OS_REVISION: 0 | |
OSPLATFORM_TYPE: x64 | |
OSNAME: Windows 10 | |
OSEDITION: Windows 10 WinNt SingleUserTS | |
USER_LCID: 0 | |
OSBUILD_TIMESTAMP: 1986-05-26 07:46:28 | |
BUILDDATESTAMP_STR: 160101.0800 | |
BUILDLAB_STR: WinBuild | |
BUILDOSVER_STR: 10.0.17763.1 | |
ANALYSIS_SESSION_ELAPSED_TIME: 8642 | |
ANALYSIS_SOURCE: UM | |
FAILURE_ID_HASH_STRING: um:software_nx_fault_nosos_code_c0000005_pgpencryptdecrypt.exe!unknown_error_in_process | |
FAILURE_ID_HASH: {c1d17f3f-306e-3910-9cd7-8e5a13169d09} | |
Followup: MachineOwner | |
--------- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment