Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Debugging GPGME with WinDbg
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: "C:\Users\danlo\Dropbox (Personal)\src\gpgme-sharp\Examples\PgpEncryptDecrypt\bin\Debug\net40\PgpEncryptDecrypt.exe"
Symbol search path is: srv*
Executable search path is:
ModLoad: 00000000`00070000 00000000`00078000 PgpEncryptDecrypt.exe
ModLoad: 00007ffb`d88c0000 00007ffb`d8aad000 ntdll.dll
ModLoad: 00000000`774a0000 00000000`7763c000 ntdll.dll
ModLoad: 00007ffb`d5be0000 00007ffb`d5c33000 C:\windows\System32\wow64.dll
ModLoad: 00007ffb`d6260000 00007ffb`d62dc000 C:\windows\System32\wow64win.dll
(28a8.590c): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffb`d8992cbc cc int 3
0:000> g
ModLoad: 00000000`77490000 00000000`77499000 C:\windows\System32\wow64cpu.dll
ModLoad: 00000000`71db0000 00000000`71e03000 C:\windows\SysWOW64\MSCOREE.DLL
ModLoad: 00000000`762d0000 00000000`763b0000 C:\windows\SysWOW64\KERNEL32.dll
ModLoad: 00000000`75560000 00000000`75759000 C:\windows\SysWOW64\KERNELBASE.dll
(28a8.590c): WOW64 breakpoint - code 4000001f (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll_774a0000!LdrpDoDebuggerBreak+0x2b:
7754f126 cc int 3
0:000:x86> g
ModLoad: 74b30000 74bae000 C:\windows\SysWOW64\ADVAPI32.dll
ModLoad: 75d50000 75e10000 C:\windows\SysWOW64\msvcrt.dll
ModLoad: 00000000`77270000 00000000`772e9000 C:\windows\SysWOW64\sechost.dll
ModLoad: 00000000`76ae0000 00000000`76b9f000 C:\windows\SysWOW64\RPCRT4.dll
ModLoad: 00000000`74b10000 00000000`74b30000 C:\windows\SysWOW64\SspiCli.dll
ModLoad: 00000000`74b00000 00000000`74b0a000 C:\windows\SysWOW64\CRYPTBASE.dll
ModLoad: 00000000`76ba0000 00000000`76c02000 C:\windows\SysWOW64\bcryptPrimitives.dll
ModLoad: 00000000`71a40000 00000000`71abd000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
ModLoad: 00000000`75770000 00000000`757b4000 C:\windows\SysWOW64\SHLWAPI.dll
ModLoad: 00000000`75fc0000 00000000`76238000 C:\windows\SysWOW64\combase.dll
ModLoad: 00000000`75e90000 00000000`75fb3000 C:\windows\SysWOW64\ucrtbase.dll
ModLoad: 00000000`75490000 00000000`754b3000 C:\windows\SysWOW64\GDI32.dll
ModLoad: 00000000`75120000 00000000`75287000 C:\windows\SysWOW64\gdi32full.dll
ModLoad: 00000000`75bd0000 00000000`75c50000 C:\windows\SysWOW64\msvcp_win.dll
ModLoad: 00000000`772f0000 00000000`77489000 C:\windows\SysWOW64\USER32.dll
ModLoad: 00000000`74bb0000 00000000`74bc7000 C:\windows\SysWOW64\win32u.dll
ModLoad: 00000000`75530000 00000000`75555000 C:\windows\SysWOW64\IMM32.DLL
ModLoad: 00000000`763b0000 00000000`763bf000 C:\windows\SysWOW64\kernel.appcore.dll
ModLoad: 00000000`73a60000 00000000`73a68000 C:\windows\SysWOW64\VERSION.dll
ModLoad: 00000000`70e00000 00000000`714ef000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
ModLoad: 00000000`71940000 00000000`71a35000 C:\windows\SysWOW64\MSVCR120_CLR0400.dll
(28a8.590c): Unknown exception - code 04242420 (first chance)
ModLoad: 00000000`6fa60000 00000000`70df3000 C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
ModLoad: 00000000`769e0000 00000000`76adc000 C:\windows\SysWOW64\ole32.dll
ModLoad: 00000000`6be70000 00000000`6bef0000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
ModLoad: 00000000`75ad0000 00000000`75b6b000 C:\windows\SysWOW64\OLEAUT32.dll
ModLoad: 00000000`04930000 00000000`04954000 gpgme-sharp.dll
ModLoad: 00000000`04960000 00000000`04984000 gpgme-sharp.dll
ModLoad: 00000000`00740000 00000000`00754000 GPGME.Native.Shared.dll
ModLoad: 00000000`02420000 00000000`02434000 GPGME.Native.Shared.dll
ModLoad: 00000000`6f050000 00000000`6fa60000 C:\windows\assembly\NativeImages_v4.0.30319_32\System\b6fb56a7c01747453c8e9e9d960dc295\System.ni.dll
ModLoad: 00000000`006a0000 00000000`006aa000 GPGME.Native.Unix.dll
ModLoad: 00000000`00740000 00000000`0074a000 GPGME.Native.Unix.dll
ModLoad: 00000000`006a0000 00000000`006aa000 GPGME.Native.Win32.dll
ModLoad: 00000000`00750000 00000000`0075a000 GPGME.Native.Win32.dll
ModLoad: 00000000`6edb0000 00000000`6ee0b000 C:\Program Files (x86)\GnuPG\bin\libgpgme-11.dll
ModLoad: 00000000`74bd0000 00000000`7511d000 C:\windows\SysWOW64\SHELL32.dll
ModLoad: 00000000`75b70000 00000000`75bab000 C:\windows\SysWOW64\cfgmgr32.dll
ModLoad: 00000000`76240000 00000000`762c9000 C:\windows\SysWOW64\shcore.dll
ModLoad: 00000000`763c0000 00000000`769bb000 C:\windows\SysWOW64\windows.storage.dll
ModLoad: 00000000`769c0000 00000000`769dc000 C:\windows\SysWOW64\profapi.dll
ModLoad: 00000000`75430000 00000000`75484000 C:\windows\SysWOW64\powrprof.dll
ModLoad: 00000000`75bb0000 00000000`75bc2000 C:\windows\SysWOW64\cryptsp.dll
ModLoad: 00000000`75e30000 00000000`75e8f000 C:\windows\SysWOW64\WS2_32.dll
ModLoad: 00000000`65770000 00000000`65789000 C:\Program Files (x86)\GnuPG\bin\libassuan-0.dll
ModLoad: 00000000`6b0e0000 00000000`6b10f000 C:\Program Files (x86)\GnuPG\bin\libgpg-error-0.dll
(28a8.590c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
004fef7c 0100 add dword ptr [eax],eax ds:002b:00000000=????????
0:000:x86> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for PgpEncryptDecrypt.exe
GetUrlPageData2 (WinHttp) failed: 12002.
DUMP_CLASS: 2
DUMP_QUALIFIER: 0
FAULTING_IP:
+0
004fef7c 0100 add dword ptr [eax],eax
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 004fef7c
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000008
Parameter[1]: 004fef7c
Attempt to execute non-executable address 004fef7c
FAULTING_THREAD: 0000590c
PROCESS_NAME: PgpEncryptDecrypt.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 00000008
EXCEPTION_PARAMETER2: 004fef7c
FOLLOWUP_IP:
+0
004fef7c 0100 add dword ptr [eax],eax
FAILED_INSTRUCTION_ADDRESS:
+0
004fef7c 0100 add dword ptr [eax],eax
WATSON_BKT_PROCSTAMP: eebcc658
WATSON_BKT_PROCVER: 1.0.0.0
PROCESS_VER_PRODUCT: PgpEncryptDecrypt
WATSON_BKT_MODULE: unknown
WATSON_BKT_MODVER: 0.0.0.0
WATSON_BKT_MODOFFSET: 4fef7c
WATSON_BKT_MODSTAMP: bbbbbbb4
BUILD_VERSION_STRING: 10.0.17763.1 (WinBuild.160101.0800)
MODLIST_WITH_TSCHKSUM_HASH: a82aa4af458355d8b701a15ea447da475cce8f19
MODLIST_SHA1_HASH: f5e270daa35b0cd8fdcf02294b16ec66e2aa4e4b
NTGLOBALFLAG: 70
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 1
SUITE_MASK: 272
MISSING_CLR_SYMBOL: 0
ANALYSIS_SESSION_HOST: W2KS8CK1024
ANALYSIS_SESSION_TIME: 02-07-2019 22:31:24.0549
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
IP_ON_STACK:
+0
004fef7c 0100 add dword ptr [eax],eax
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
PROBLEM_CLASSES:
STACKIMMUNE
Tid [0x0]
Frame [0x00]
Failure Bucketing
SOFTWARE_NX_FAULT
Tid [0x590c]
Frame [0x00]: unknown!unknown
ZEROED_STACK
Tid [0x590c]
Frame [0x00]: unknown!unknown
NOSOS
Tid [0x590c]
CODE
Tid [0x590c]
Frame [0x00]: unknown!unknown
BUGCHECK_STR: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT_NOSOS_CODE
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 00000000 to 00000000
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
004fef74 6ede3a82 00000001 00000001 006743d8 0x4fef7c
004fef94 6edb88e9 004fefd8 00000005 6edf1f92 libgpgme_11!_gpgme_debug_frame_end+0x12
004feff4 6edb932e 00673b6c 00000000 004ff018 libgpgme_11!_gpgme_run_io_cb+0x167
004ff034 6edb9473 00673078 00000000 00000000 libgpgme_11!_gpgme_wait_on_condition+0x17f
004ff054 6edbc958 00673078 00000001 00000000 libgpgme_11!_gpgme_wait_one+0x21
004ff0a4 0066bb11 00673078 00673c10 00679338 libgpgme_11!gpgme_op_decrypt+0x142
004ff110 0066b6dc 00679338 00000000 00000000 0x66bb11
004ff214 00660cc7 02458d28 024572d4 00000000 0x66b6dc
004ff318 70e0ebb6 007d8798 004ff378 70e11e10 0x660cc7
004ff324 70e11e10 004ff3b4 004ff368 70ee9b20 clr!CallDescrWorkerInternal+0x34
004ff378 70e17994 00000000 00000000 00000001 clr!CallDescrWorkerWithHandler+0x6b
004ff3e0 70f85026 004ff4d4 6bee3301 00614d3c clr!MethodDescCallSite::CallTargetWorker+0x16a
004ff50c 70f85707 004ff530 00000000 6bee332d clr!RunMain+0x1ad
004ff780 70f855ed 00000000 6bee319d 00070000 clr!Assembly::ExecuteMainMethod+0x124
004ffc78 70f858d3 6bee3add 00000000 00000000 clr!SystemDomain::ExecuteMainMethod+0x631
004ffcd0 70f85819 6bee3b1d 00000000 70f559f0 clr!ExecuteEXE+0x4c
004ffd10 70f55a0c 6bee3b41 00000000 70f559f0 clr!_CorExeMainInternal+0xdc
004ffd4c 71a4d93b ea48ee78 71dc43f0 71a4d8c0 clr!_CorExeMain+0x4d
004ffd88 71dbe80e 71dc43f0 71a40000 004ffdb0 mscoreei!_CorExeMain+0x10e
004ffd98 71dc43f8 71dc43f0 762efe09 0030f000 MSCOREE!ShellShim__CorExeMain+0x9e
004ffda0 762efe09 0030f000 762efdf0 004ffe0c MSCOREE!_CorExeMain_Exported+0x8
004ffdb0 7750662d 0030f000 4a65daca 00000000 KERNEL32!BaseThreadInitThunk+0x19
004ffe0c 775065fd ffffffff 775251a6 00000000 ntdll_774a0000!__RtlUserThreadStart+0x2f
004ffe1c 00000000 71dc43f0 0030f000 00000000 ntdll_774a0000!_RtlUserThreadStart+0x1b
THREAD_SHA1_HASH_MOD_FUNC: e4094df2d03ecab2161898f95c7e9e3d8178c60b
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 290409c7c826a9107b0cc16040dc76d65292e414
THREAD_SHA1_HASH_MOD: afc2de90aa9f0996a94510e35317259df3ab7ae9
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: PgpEncryptDecrypt.exe!unknown_error_in_process
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: PgpEncryptDecrypt
IMAGE_NAME: PgpEncryptDecrypt.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: ~0s ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_NOSOS_CODE_c0000005_PgpEncryptDecrypt.exe!unknown_error_in_process
BUCKET_ID: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_PgpEncryptDecrypt.exe!unknown_error_in_process
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_PgpEncryptDecrypt.exe!unknown_error_in_process
FAILURE_EXCEPTION_CODE: c0000005
FAILURE_IMAGE_NAME: PgpEncryptDecrypt.exe
BUCKET_ID_IMAGE_STR: PgpEncryptDecrypt.exe
FAILURE_MODULE_NAME: PgpEncryptDecrypt
BUCKET_ID_MODULE_STR: PgpEncryptDecrypt
FAILURE_FUNCTION_NAME: unknown_error_in_process
BUCKET_ID_FUNCTION_STR: unknown_error_in_process
BUCKET_ID_OFFSET: 0
BUCKET_ID_MODTIMEDATESTAMP: 0
BUCKET_ID_MODCHECKSUM: 0
BUCKET_ID_MODVER_STR: 1.0.0.0
BUCKET_ID_PREFIX_STR: SOFTWARE_NX_FAULT_ZEROED_STACK_NOSOS_CODE_BAD_IP_
FAILURE_PROBLEM_CLASS: SOFTWARE_NX_FAULT_NOSOS_CODE
FAILURE_SYMBOL_NAME: PgpEncryptDecrypt.exe!unknown_error_in_process
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/PgpEncryptDecrypt.exe/1.0.0.0/eebcc658/unknown/0.0.0.0/bbbbbbb4/c0000005/004fef7c.htm?Retriage=1
TARGET_TIME: 2019-02-08T06:31:37.000Z
OSBUILD: 17763
OSSERVICEPACK: 1
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 1986-05-26 07:46:28
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.17763.1
ANALYSIS_SESSION_ELAPSED_TIME: 8642
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:software_nx_fault_nosos_code_c0000005_pgpencryptdecrypt.exe!unknown_error_in_process
FAILURE_ID_HASH: {c1d17f3f-306e-3910-9cd7-8e5a13169d09}
Followup: MachineOwner
---------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.