Skip to content

Instantly share code, notes, and snippets.

@Daniel15
Created February 8, 2019 06:35
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save Daniel15/c8c31b9e46d8c2eea6385d7dd1ba6c40 to your computer and use it in GitHub Desktop.
Debugging GPGME with WinDbg
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: "C:\Users\danlo\Dropbox (Personal)\src\gpgme-sharp\Examples\PgpEncryptDecrypt\bin\Debug\net40\PgpEncryptDecrypt.exe"
Symbol search path is: srv*
Executable search path is:
ModLoad: 00000000`00070000 00000000`00078000 PgpEncryptDecrypt.exe
ModLoad: 00007ffb`d88c0000 00007ffb`d8aad000 ntdll.dll
ModLoad: 00000000`774a0000 00000000`7763c000 ntdll.dll
ModLoad: 00007ffb`d5be0000 00007ffb`d5c33000 C:\windows\System32\wow64.dll
ModLoad: 00007ffb`d6260000 00007ffb`d62dc000 C:\windows\System32\wow64win.dll
(28a8.590c): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffb`d8992cbc cc int 3
0:000> g
ModLoad: 00000000`77490000 00000000`77499000 C:\windows\System32\wow64cpu.dll
ModLoad: 00000000`71db0000 00000000`71e03000 C:\windows\SysWOW64\MSCOREE.DLL
ModLoad: 00000000`762d0000 00000000`763b0000 C:\windows\SysWOW64\KERNEL32.dll
ModLoad: 00000000`75560000 00000000`75759000 C:\windows\SysWOW64\KERNELBASE.dll
(28a8.590c): WOW64 breakpoint - code 4000001f (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll_774a0000!LdrpDoDebuggerBreak+0x2b:
7754f126 cc int 3
0:000:x86> g
ModLoad: 74b30000 74bae000 C:\windows\SysWOW64\ADVAPI32.dll
ModLoad: 75d50000 75e10000 C:\windows\SysWOW64\msvcrt.dll
ModLoad: 00000000`77270000 00000000`772e9000 C:\windows\SysWOW64\sechost.dll
ModLoad: 00000000`76ae0000 00000000`76b9f000 C:\windows\SysWOW64\RPCRT4.dll
ModLoad: 00000000`74b10000 00000000`74b30000 C:\windows\SysWOW64\SspiCli.dll
ModLoad: 00000000`74b00000 00000000`74b0a000 C:\windows\SysWOW64\CRYPTBASE.dll
ModLoad: 00000000`76ba0000 00000000`76c02000 C:\windows\SysWOW64\bcryptPrimitives.dll
ModLoad: 00000000`71a40000 00000000`71abd000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
ModLoad: 00000000`75770000 00000000`757b4000 C:\windows\SysWOW64\SHLWAPI.dll
ModLoad: 00000000`75fc0000 00000000`76238000 C:\windows\SysWOW64\combase.dll
ModLoad: 00000000`75e90000 00000000`75fb3000 C:\windows\SysWOW64\ucrtbase.dll
ModLoad: 00000000`75490000 00000000`754b3000 C:\windows\SysWOW64\GDI32.dll
ModLoad: 00000000`75120000 00000000`75287000 C:\windows\SysWOW64\gdi32full.dll
ModLoad: 00000000`75bd0000 00000000`75c50000 C:\windows\SysWOW64\msvcp_win.dll
ModLoad: 00000000`772f0000 00000000`77489000 C:\windows\SysWOW64\USER32.dll
ModLoad: 00000000`74bb0000 00000000`74bc7000 C:\windows\SysWOW64\win32u.dll
ModLoad: 00000000`75530000 00000000`75555000 C:\windows\SysWOW64\IMM32.DLL
ModLoad: 00000000`763b0000 00000000`763bf000 C:\windows\SysWOW64\kernel.appcore.dll
ModLoad: 00000000`73a60000 00000000`73a68000 C:\windows\SysWOW64\VERSION.dll
ModLoad: 00000000`70e00000 00000000`714ef000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
ModLoad: 00000000`71940000 00000000`71a35000 C:\windows\SysWOW64\MSVCR120_CLR0400.dll
(28a8.590c): Unknown exception - code 04242420 (first chance)
ModLoad: 00000000`6fa60000 00000000`70df3000 C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
ModLoad: 00000000`769e0000 00000000`76adc000 C:\windows\SysWOW64\ole32.dll
ModLoad: 00000000`6be70000 00000000`6bef0000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
ModLoad: 00000000`75ad0000 00000000`75b6b000 C:\windows\SysWOW64\OLEAUT32.dll
ModLoad: 00000000`04930000 00000000`04954000 gpgme-sharp.dll
ModLoad: 00000000`04960000 00000000`04984000 gpgme-sharp.dll
ModLoad: 00000000`00740000 00000000`00754000 GPGME.Native.Shared.dll
ModLoad: 00000000`02420000 00000000`02434000 GPGME.Native.Shared.dll
ModLoad: 00000000`6f050000 00000000`6fa60000 C:\windows\assembly\NativeImages_v4.0.30319_32\System\b6fb56a7c01747453c8e9e9d960dc295\System.ni.dll
ModLoad: 00000000`006a0000 00000000`006aa000 GPGME.Native.Unix.dll
ModLoad: 00000000`00740000 00000000`0074a000 GPGME.Native.Unix.dll
ModLoad: 00000000`006a0000 00000000`006aa000 GPGME.Native.Win32.dll
ModLoad: 00000000`00750000 00000000`0075a000 GPGME.Native.Win32.dll
ModLoad: 00000000`6edb0000 00000000`6ee0b000 C:\Program Files (x86)\GnuPG\bin\libgpgme-11.dll
ModLoad: 00000000`74bd0000 00000000`7511d000 C:\windows\SysWOW64\SHELL32.dll
ModLoad: 00000000`75b70000 00000000`75bab000 C:\windows\SysWOW64\cfgmgr32.dll
ModLoad: 00000000`76240000 00000000`762c9000 C:\windows\SysWOW64\shcore.dll
ModLoad: 00000000`763c0000 00000000`769bb000 C:\windows\SysWOW64\windows.storage.dll
ModLoad: 00000000`769c0000 00000000`769dc000 C:\windows\SysWOW64\profapi.dll
ModLoad: 00000000`75430000 00000000`75484000 C:\windows\SysWOW64\powrprof.dll
ModLoad: 00000000`75bb0000 00000000`75bc2000 C:\windows\SysWOW64\cryptsp.dll
ModLoad: 00000000`75e30000 00000000`75e8f000 C:\windows\SysWOW64\WS2_32.dll
ModLoad: 00000000`65770000 00000000`65789000 C:\Program Files (x86)\GnuPG\bin\libassuan-0.dll
ModLoad: 00000000`6b0e0000 00000000`6b10f000 C:\Program Files (x86)\GnuPG\bin\libgpg-error-0.dll
(28a8.590c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
004fef7c 0100 add dword ptr [eax],eax ds:002b:00000000=????????
0:000:x86> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for PgpEncryptDecrypt.exe
GetUrlPageData2 (WinHttp) failed: 12002.
DUMP_CLASS: 2
DUMP_QUALIFIER: 0
FAULTING_IP:
+0
004fef7c 0100 add dword ptr [eax],eax
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 004fef7c
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 004fef7c
Attempt to execute non-executable address 004fef7c
FAULTING_THREAD: 0000590c
PROCESS_NAME: PgpEncryptDecrypt.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 00000008
EXCEPTION_PARAMETER2: 004fef7c
FOLLOWUP_IP:
+0
004fef7c 0100 add dword ptr [eax],eax
FAILED_INSTRUCTION_ADDRESS:
+0
004fef7c 0100 add dword ptr [eax],eax
WATSON_BKT_PROCSTAMP: eebcc658
WATSON_BKT_PROCVER: 1.0.0.0
PROCESS_VER_PRODUCT: PgpEncryptDecrypt
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: 4fef7c
WATSON_BKT_MODSTAMP: bbbbbbb4
BUILD_VERSION_STRING: 10.0.17763.1 (WinBuild.160101.0800)
MODLIST_WITH_TSCHKSUM_HASH: a82aa4af458355d8b701a15ea447da475cce8f19
MODLIST_SHA1_HASH: f5e270daa35b0cd8fdcf02294b16ec66e2aa4e4b
NTGLOBALFLAG: 70
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 1
SUITE_MASK: 272
MISSING_CLR_SYMBOL: 0
ANALYSIS_SESSION_HOST: W2KS8CK1024
ANALYSIS_SESSION_TIME: 02-07-2019 22:31:24.0549
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
IP_ON_STACK:
+0
004fef7c 0100 add dword ptr [eax],eax
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
PROBLEM_CLASSES:
STACKIMMUNE
Tid [0x0]
Frame [0x00]
Failure Bucketing
SOFTWARE_NX_FAULT
Tid [0x590c]
Frame [0x00]: unknown!unknown
ZEROED_STACK
Tid [0x590c]
Frame [0x00]: unknown!unknown
NOSOS
Tid [0x590c]
CODE
Tid [0x590c]
Frame [0x00]: unknown!unknown
BUGCHECK_STR: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_NOSOS_CODE
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 00000000 to 00000000
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
004fef74 6ede3a82 00000001 00000001 006743d8 0x4fef7c
004fef94 6edb88e9 004fefd8 00000005 6edf1f92 libgpgme_11!_gpgme_debug_frame_end+0x12
004feff4 6edb932e 00673b6c 00000000 004ff018 libgpgme_11!_gpgme_run_io_cb+0x167
004ff034 6edb9473 00673078 00000000 00000000 libgpgme_11!_gpgme_wait_on_condition+0x17f
004ff054 6edbc958 00673078 00000001 00000000 libgpgme_11!_gpgme_wait_one+0x21
004ff0a4 0066bb11 00673078 00673c10 00679338 libgpgme_11!gpgme_op_decrypt+0x142
004ff110 0066b6dc 00679338 00000000 00000000 0x66bb11
004ff214 00660cc7 02458d28 024572d4 00000000 0x66b6dc
004ff318 70e0ebb6 007d8798 004ff378 70e11e10 0x660cc7
004ff324 70e11e10 004ff3b4 004ff368 70ee9b20 clr!CallDescrWorkerInternal+0x34
004ff378 70e17994 00000000 00000000 00000001 clr!CallDescrWorkerWithHandler+0x6b
004ff3e0 70f85026 004ff4d4 6bee3301 00614d3c clr!MethodDescCallSite::CallTargetWorker+0x16a
004ff50c 70f85707 004ff530 00000000 6bee332d clr!RunMain+0x1ad
004ff780 70f855ed 00000000 6bee319d 00070000 clr!Assembly::ExecuteMainMethod+0x124
004ffc78 70f858d3 6bee3add 00000000 00000000 clr!SystemDomain::ExecuteMainMethod+0x631
004ffcd0 70f85819 6bee3b1d 00000000 70f559f0 clr!ExecuteEXE+0x4c
004ffd10 70f55a0c 6bee3b41 00000000 70f559f0 clr!_CorExeMainInternal+0xdc
004ffd4c 71a4d93b ea48ee78 71dc43f0 71a4d8c0 clr!_CorExeMain+0x4d
004ffd88 71dbe80e 71dc43f0 71a40000 004ffdb0 mscoreei!_CorExeMain+0x10e
004ffd98 71dc43f8 71dc43f0 762efe09 0030f000 MSCOREE!ShellShim__CorExeMain+0x9e
004ffda0 762efe09 0030f000 762efdf0 004ffe0c MSCOREE!_CorExeMain_Exported+0x8
004ffdb0 7750662d 0030f000 4a65daca 00000000 KERNEL32!BaseThreadInitThunk+0x19
004ffe0c 775065fd ffffffff 775251a6 00000000 ntdll_774a0000!__RtlUserThreadStart+0x2f
004ffe1c 00000000 71dc43f0 0030f000 00000000 ntdll_774a0000!_RtlUserThreadStart+0x1b
THREAD_SHA1_HASH_MOD_FUNC: e4094df2d03ecab2161898f95c7e9e3d8178c60b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 290409c7c826a9107b0cc16040dc76d65292e414
THREAD_SHA1_HASH_MOD: afc2de90aa9f0996a94510e35317259df3ab7ae9
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: PgpEncryptDecrypt.exe!unknown_error_in_process
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: PgpEncryptDecrypt
IMAGE_NAME: PgpEncryptDecrypt.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: ~0s ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_NOSOS_CODE_c0000005_PgpEncryptDecrypt.exe!unknown_error_in_process
BUCKET_ID: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_PgpEncryptDecrypt.exe!unknown_error_in_process
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_PgpEncryptDecrypt.exe!unknown_error_in_process
FAILURE_EXCEPTION_CODE: c0000005
FAILURE_IMAGE_NAME: PgpEncryptDecrypt.exe
BUCKET_ID_IMAGE_STR: PgpEncryptDecrypt.exe
FAILURE_MODULE_NAME: PgpEncryptDecrypt
BUCKET_ID_MODULE_STR: PgpEncryptDecrypt
FAILURE_FUNCTION_NAME: unknown_error_in_process
BUCKET_ID_FUNCTION_STR: unknown_error_in_process
BUCKET_ID_OFFSET: 0
BUCKET_ID_MODTIMEDATESTAMP: 0
BUCKET_ID_MODCHECKSUM: 0
BUCKET_ID_MODVER_STR: 1.0.0.0
BUCKET_ID_PREFIX_STR: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_
FAILURE_PROBLEM_CLASS: SOFTWARE_NX_FAULT_NOSOS_CODE
FAILURE_SYMBOL_NAME: PgpEncryptDecrypt.exe!unknown_error_in_process
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/PgpEncryptDecrypt.exe/1.0.0.0/eebcc658/unknown/0.0.0.0/bbbbbbb4/c0000005/004fef7c.htm?Retriage=1
TARGET_TIME: 2019-02-08T06:31:37.000Z
OSBUILD: 17763
OSSERVICEPACK: 1
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 1986-05-26 07:46:28
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.1
ANALYSIS_SESSION_ELAPSED_TIME: 8642
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:software_nx_fault_nosos_code_c0000005_pgpencryptdecrypt.exe!unknown_error_in_process
FAILURE_ID_HASH: {c1d17f3f-306e-3910-9cd7-8e5a13169d09}
Followup: MachineOwner
---------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment