Windows Crash Dump call stack only shows wow64

Asked 7/8, 2015 at 23:53 Answered 8/8, 2015 at 19:52

Solved windows windbg coredump crash-dumps

Problem

I have a Windows application that we developed for in house use. Thanks to Windows Error Handling, the window stays open and I can easily generate a crash dump from the task manager.

I have used crash-dumps on linux through eclipse once before, but this is the first time on Windows.

Hardware

The server is Windows 2012, and my development machine is Windows 7.

Windbg

When I load the crash dump in Windbg, load my symbols, then choose to look at the call stack, the only listings are:

How can I see my application call stack specifically?

Memoir answered 7/8, 2015 at 23:53 Comment(0)

Looks like your applications is a 32Bit application and you used the 64Bit Taskmgr to generate a dump.

You should use ProcessExplorer instead, it cares about the bitness:

Process Explorer v15.3: It also creates dump files that match the bitness of the target process

Or run the 32Bit Taskmgr from C:\Windows\SysWOW64 to generate the dump.

Labio answered 8/8, 2015 at 5:32 Comment(5)

So Simple, its brilliant! I didn't even consider that the TaskMgr was 64Bit when i launched it from the command line. This is also not the first time that the 64 bit version has bit me when I needed the 32 bit version (im looking at you ODBC) – Memoir 8/8, 2015 at 5:53

ok, if it fixed your issue, accept it to "close" the question – Labio 8/8, 2015 at 17:14

I'll gladly accept if it works (which i expect it will). please allow me to confirm when i get back to office on monday (since this is weekend) – Memoir 8/8, 2015 at 17:27

I left the application hanging over the weekend, so i was able to generate the 32bit version first thing this morning. I ended up using the 32bit version of Taskmgr instead of the ProcessExplorer. Worked perfectly. – Memoir 10/8, 2015 at 16:41

btw, you can also force WER to generate crash dumps automatically: msdn.microsoft.com/en-us/library/bb787181%28VS.85%29.aspx – Labio 11/8, 2015 at 4:8

As already answered, you have taken a 64 bit dump of a 32 bit application. There are multiple options to take a 32 bit dump of a 32 bit application on 64 bit OS, just choose the one which is most comfortable to you.

Update: this answer describes how to use soswow64 to fix the bitness issue.

If this is the only dump you have and there's hardly a chance to get a better dump, you can try !sw to switch to 32 bit mode:

0:014> !sw
Switched to 32bit mode
0:014:x86>

Note how the command prompt changed. IMHO the exact same effect can be achieved by .effmach

0:014> .effmach x86
Effective machine: x86 compatible (x86)
0:014:x86>

except that you specify the mode explicitly where the !sw command toggles between the two.

In case of a .NET application, none of these ever helped me, since SOS cannot work with dumps of incorrect bitness.

Glenine answered 8/8, 2015 at 19:52 Comment(1)

+1 Thats a great tip! I wish I could have accepted both answers, but in the end I went with @Labio since switching the mode (in my case) did not seem to result in a full call stack (although I may have done something wrong). – Memoir 10/8, 2015 at 16:43

Problem

Hardware

Windbg

Recommended topics

Hot tags