O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Unloaded Module

One of the frequent problems is an access violation at an address that belongs to an unloaded module. Here's an example that recently happened on our machine during an auto-update of the popular software package so we immediately attached a debugger after seeing a WER dialog box:

 0:000> ~*k . 0 Id: bc8.bcc Suspend: 1 Teb: 7efdd000 Unfrozen ChildEBP RetAddr 0035f1c4 771a0bdd ntdll!ZwWaitForMultipleObjects+0x15 0035f260 75771a2c KERNELBASE!WaitForMultipleObjectsEx+0x100 0035f2a8 75774208 kernel32!WaitForMultipleObjectsExImplementation+0xe0 0035f2c4 757980a4 kernel32!WaitForMultipleObjects+0x18 0035f330 75797f63 kernel32!WerpReportFaultInternal+0x186 0035f344 75797858 kernel32!WerpReportFault+0x70 0035f354 757977d7 kernel32!BasepReportFault+0x20 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required