"Deep" Debugging
I have the following error message (from native C++):
http://ariasamp.net/hold2/DAgent_bomb2.bmp
Since I am unable to use a debug executable (and unable to attach the remote debugger), I need to use a more advanced debugging technique. But I don't know what my options are. Is there a way to make/capture a "core dump?" If yes, what is the name of the tool?
Or perhaps there is an article someone has that teaches how to correlate the registers and stack dump (seen in the prior link) into a location within my code.
To address this problem, I'd like to know my options for both deprecated systems (98, XP) and current systems (W2K, 64 bit XP, etc) - both managed and unmanaged code. Thanks!
Thankyou for the reply. I now have a few questions. What fountain of knowledge should I consult, so that I also know how to decipher the EIP address as you did? Also, the crash in question occurred in Win98, where both my VS2005 and WinDbg are unable to debug. If I follow your instructions using a WinXP box instead ("start debugging with Debug + Step Into"), will the EIP address still correlate correctly to the point in code, where the failure occurred in Win98? Or is the EIP OS/Platform specific?
For that matter, is there an older-version debug tool you might recommend I use on Windows98, that will allow me to use the "enter the EIP address" trick you described? Perhaps I can install VC++ 6.0 on the Win98 box, and have it use the PDB files that were generated with VS2005? Are the PDB files compatible in that regard?
And is there a way to extract a "savedump" from the Win98 crash I presented, that I can analyze with WinDbg?
EIP (Effective Instruction Point) is a cpu register. It references the address of the current instruction being executed. I normally use the remote debugger in VS2003 to debug on win98/me. You can doing using the msvcmon.exe remote debugging utility in native/tcpip mode.
There are two other things you can do aside from that. Use the SetUnhandledExceptionFilter and the WriteMiniDump API to have your program automatically create a mini dump for you.. (You will probably want to distribute dbghelp.dll w/ your program (get the latest one from the windbg folder that you installed on your xp machine).
Inside your unhandled exception filter put something like this
MINIDUMP_EXCEPTION_INFORMATION info = {0};
info.ClientPointers = TRUE;
info.ExceptionPointers = ExceptionInfo;
info.ThreadId = ::GetCurrentThreadId();
BOOL bDumped = ::MiniDumpWriteDump(::GetCurrentProcess(),
::GetCurrentProcessId(),
hFile,
MiniDumpWithFullMemory,
&info,
NULL,
NULL);
::FlushFileBuffers(hFile);
::CloseHandle(hFile);
Then simple copy the crash dump to your machine open if like its a visual studio project in vs2k5. Then it will show you what you want to know.
Alternatively you can doit the other way. Just load up your exe in the debugger in winxp and break, goto the dissasembly page and then goto the address of EIP(from the 98 crash info), .. see what code is there.. (just make sure the exe you are running on your xp box is the exact same binary as the one on your 98 machine).
Also, the remote debugger for vs2k5 (in tcpip/native only mode) may work on your win98 machine, but i am not sure.
