VC Debugger, A wierd DUMP

conglin
#1 / 2

A wierd DUMP

Hi,
I analyzed a user.dmp generated by Dr.Waton in NT4. It's quite wierd.
1. Windbg told me the last error occured in the Exe file. I
unassemblied the exe file and found the error place was out of the code
block(looks like in some place useless). Looks like some de{*filter*} or virus
writing some information to the remain block. So the information of input
parameter is no use.
2. The Windbg told me there's only one thread in the dump. But
actually I don't think it's the only thread.
3. The stack seems to be totally destroy. I digged the stack and
only found the only useful address - just the start of WinMainCrtStart.
Any advice would help.
Thanks.

Regards,
congling

Wed, 01 Jun 2005 19:10:25 GMT

Pavel Lebedinsk
#2 / 2

A wierd DUMP

More information about the problem would be helpful.

What's the output of the following commands:

r
u .-20 .+10
kb

Quote:

> Hi,
> I analyzed a user.dmp generated by Dr.Waton in NT4. It's quite wierd.
> 1. Windbg told me the last error occured in the Exe file. I
> unassemblied the exe file and found the error place was out of the code
> block(looks like in some place useless). Looks like some de{*filter*} or virus
> writing some information to the remain block. So the information of input
> parameter is no use.
> 2. The Windbg told me there's only one thread in the dump. But
> actually I don't think it's the only thread.
> 3. The stack seems to be totally destroy. I digged the stack and
> only found the only useful address - just the start of WinMainCrtStart.
> Any advice would help.
> Thanks.

> Regards,
> congling

Sat, 04 Jun 2005 08:20:20 GMT