netcat
12 days agoBronze II
WinDbg: Ep.4 – Debugging a Windows Crash
Hi
Q7: Identify the invalid reference to a memory address that causes the crash. instead of instructions, what characters are shown at this location?
It seems I have issues understanding the question. From WinDbg:
1: kd> !analyze -v
[...]
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffff828b0e60658f, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8047dcebb37, If non-zero, the instruction address which referenced the bad memory address.
Arg4: 0000000000000002, (reserved)
Arg1 has nothing (dc <addr> -> ????????????????)
Arg3 has asm (da <addr> -> ".....D.eH.sD..f....."), (u <addr> -> movzx ebx,word ptr [rsi]). The TRAP_FRAME says both ebx and rsi are 0.
In short, I have no idea what reference I should identify. Can anyone give me a hint?