Author: sa2000
Subject: VMMap 3.11 crashes soon after launching process
Posted: 22 February 2014 at 2:35pm
I am trying to use VMMAP 3.11 on Windows 7 Ultimate SP1 64-bit PC to try and see exactly when Private Data allocation jumps for a specific 32-bit application
Subject: VMMap 3.11 crashes soon after launching process
Posted: 22 February 2014 at 2:35pm
I am trying to use VMMAP 3.11 on Windows 7 Ultimate SP1 64-bit PC to try and see exactly when Private Data allocation jumps for a specific 32-bit application
Each time I use it to launch the application through the 'Launch and Trace a New Process', it starts ok but within a short while or when trying to use the Trace or Call Tree or Refresh the view, an exception error occurs : eg Visual C++ Runtime Error or just a window pops saying it stopped working and I would have to close it
The system is up to date with all Microsoft Update patches.
Is there a fix? Advice on what I need to do to use the function of running the app process from within VMMap so I can trace the Private Data memory allocation
I checked what i have installed in terms of Visual C++ Runtime Libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ 8.0 Runtime Setup Package (x64)
The last 2 are for AVG
VMMap 3.11 Crash Summary for today's crash:
Faulting application name: vmmap.exe, version: 3.11.0.0, time stamp: 0x4fac855c
Faulting module name: vmmap.exe, version: 3.11.0.0, time stamp: 0x4fac855c
Exception code: 0xc0000005
Fault offset: 0x00029324
Faulting process id: 0x19a8
Faulting application start time: 0x01cf2fc9d54d7160
Faulting application path: C:\Users\plex\Desktop\VMMap-Unzipped_v3.11\vmmap.exe
Windbg Summary:
FAULTING_IP:
vmmap+29324
00419324 8b08 mov ecx,dword ptr [eax]
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 00419324 (vmmap+0x00029324)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
DEFAULT_BUCKET_ID: NULL_POINTER_READ
PROCESS_NAME: vmmap.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
READ_ADDRESS: 00000000
FOLLOWUP_IP:
vmmap+29324
00419324 8b08 mov ecx,dword ptr [eax]
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 400
APPLICATION_VERIFIER_FLAGS: 0
FAULTING_THREAD: 00002bf4
PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ
LAST_CONTROL_TRANSFER: from 00419721 to 00419324
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
002be830 00419721 002beb94 1edc8518 00000000 vmmap+0x29324
002bea5c 003f9100 00001000 00000000 0043f8bc vmmap+0x29721
002bea80 003f91b7 002beb94 7c825ec0 0fb391c8 vmmap+0x9100
002beaa8 003f94df 002beb94 61bdda50 0faef718 vmmap+0x91b7
002beb50 003fa012 002beb94 002bed26 00000104 vmmap+0x94df
002beb78 004109cb 002beb94 b3e403ec 002bed26 vmmap+0xa012
002beba8 004114c0 002bec4c b3e40620 00009c5f vmmap+0x209cb
002bee64 00413fc6 00000000 00000001 b3e4063c vmmap+0x214c0
002bf1a8 770462fa 00260c1a 00000111 00009c5f vmmap+0x23fc6
002bf1d4 77046d3a 004136ed 00260c1a 00000111 user32!InternalCallWinProc+0x23
002bf24c 77050d27 00000000 004136ed 00260c1a user32!UserCallWinProcCheckWow+0x109
002bf284 77050d4d 004136ed 00260c1a 00000111 user32!CallWindowProcAorW+0xab
002bf2a4 00408568 004136ed 00260c1a 00000111 user32!CallWindowProcW+0x1b
002bf2e0 770462fa 00260c1a 00000111 00009c5f vmmap+0x18568
002bf30c 77046d3a 00408335 00260c1a 00000111 user32!InternalCallWinProc+0x23
002bf384 770477c4 00000000 00408335 00260c1a user32!UserCallWinProcCheckWow+0x109
002bf3e4 7704788a 00408335 00000000 002bf420 user32!DispatchMessageWorker+0x3bc
002bf3f4 7706c81f 002bf464 00000000 770478e2 user32!DispatchMessageW+0xf
002bf420 00415809 00260c1a 00000000 fffffffe user32!IsDialogMessageW+0x5f6
002bf710 00420897 003f0000 00000000 00862abf vmmap+0x25809
002bf7a0 76d1336a 7efde000 002bf7ec 77569f72 vmmap+0x30897
002bf7ac 77569f72 7efde000 70370994 00000000 kernel32!BaseThreadInitThunk+0xe
002bf7ec 77569f45 00420902 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
002bf804 00000000 00420902 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: vmmap+29324
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: vmmap
IMAGE_NAME: vmmap.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4fac855c
FAILURE_BUCKET_ID: NULL_POINTER_READ_c0000005_vmmap.exe!Unknown
BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_vmmap+29324
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/vmmap_exe/3_11_0_0/4fac855c/vmmap_exe/3_11_0_0/4fac855c/c0000005/00029324.htm?Retriage=1
0:000> .ecxr
eax=00000000 ebx=7c825e48 ecx=00000000 edx=00000001 esi=002be840 edi=002be83c
eip=00419324 esp=002be7fc ebp=002be830 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210246
vmmap+0x29324:
00419324 8b08 mov ecx,dword ptr [eax] ds:002b:00000000=????????
Summary of VMMAP 3.11 crash from yesterday:
Faulting application name: vmmap.exe, version: 3.11.0.0, time stamp: 0x4fac855c
Faulting module name: vmmap.exe, version: 3.11.0.0, time stamp: 0x4fac855c
Exception code: 0x40000015
Fault offset: 0x000341c0
Faulting process id: 0x21d4
Faulting application start time: 0x01cf2e9842e106c0
Faulting application path: C:\Users\plex\Desktop\VMMap-Unzipped_v3.11\vmmap.exe
Faulting module path: C:\Users\plex\Desktop\VMMap-Unzipped_v3.11\vmmap.exe
Windbg Summary:
FAULTING_IP:
KERNELBASE!RaiseException+58
7589c42d c9 leave
EXCEPTION_RECORD: 001cdefc -- (.exr 0x1cdefc)
ExceptionAddress: 7589c42d (KERNELBASE!RaiseException+0x00000058)
ExceptionCode: e06d7363 (C++ EH exception)
ExceptionFlags: 00000001
NumberParameters: 3
Parameter[0]: 19930520
Parameter[1]: 001ce2cc
Parameter[2]: 00e73bb8
pExceptionObject: 001ce2cc
_s_ThrowInfo : 00e73bb8
Type : class std::bad_alloc
Type : class std::exception
DEFAULT_BUCKET_ID: STATUS_FATAL_APP_EXIT
PROCESS_NAME: vmmap.exe
ERROR_CODE: (NTSTATUS) 0x40000015 - {Fatal Application Exit} %hs
EXCEPTION_CODE: (NTSTATUS) 0x40000015 (1073741845) - {Fatal Application Exit} %hs
MOD_LIST: <ANALYSIS/>
NTGLOBALFLAG: 400
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: 001cdf4c -- (.cxr 0x1cdf4c)
eax=001ce234 ebx=001ce370 ecx=00000003 edx=00000000 esi=00e7a8bc edi=001ce3dc
eip=7589c42d esp=001ce234 ebp=001ce284 iopl=0 nv up ei pl nz ac po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200212
KERNELBASE!RaiseException+0x58:
7589c42d c9 leave
Resetting default scope
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] frouploads/48274/VMMap3.11_Dumps_2014-02-22.zipm Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 00e50f2a to 7589c42d
FAULTING_THREAD: ffffffff
PRIMARY_PROBLEM_CLASS: STATUS_FATAL_APP_EXIT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_FATAL_APP_EXIT
STACK_TEXT:
001ce234 7589c42d kernelbase!RaiseException+0x58
001ce28c 00e50f2a vmmap+0x30f2a
001ce2c4 00e4d975 vmmap+0x2d975
001ce2e0 00e41db2 vmmap+0x21db2
001ce510 00e2b702 vmmap+0xb702
001ce538 00e2b8cb vmmap+0xb8cb
001cec94 00e42716 vmmap+0x22716
001ceed4 00e43eb4 vmmap+0x23eb4
001cf210 76e262fa user32!InternalCallWinProc+0x23
001cf23c 76e26d3a user32!UserCallWinProcCheckWow+0x109
001cf2b4 76e30d27 user32!CallWindowProcAorW+0xab
001cf2ec 76e30d4d user32!CallWindowProcW+0x1b
001cf30c 00e38568 vmmap+0x18568
001cf348 76e262fa user32!InternalCallWinProc+0x23
001cf374 76e26d3a user32!UserCallWinProcCheckWow+0x109
001cf3ec 76e277c4 user32!DispatchMessageWorker+0x3bc
001cf44c 76e2788a user32!DispatchMessageW+0xf
001cf45c 76e4c81f user32!IsDialogMessageW+0x5f6
001cf488 00e45809 vmmap+0x25809
001cf778 00e50897 vmmap+0x30897
001cf808 74fb336a kernel32!BaseThreadInitThunk+0xe
001cf814 774b9f72 ntdll!__RtlUserThreadStart+0x70
001cf854 774b9f45 ntdll!_RtlUserThreadStart+0x1b
FOLLOWUP_IP:
KERNELBASE!RaiseException+0
7589c3d5 8bff mov edi,edi
SYMBOL_NAME: kernelbase!RaiseException+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: KERNELBASE
IMAGE_NAME: KERNELBASE.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 521eab25
STACK_COMMAND: .cxr 001CDF4C ; kb ; dds 1ce234 ; kb
FAILURE_BUCKET_ID: STATUS_FATAL_APP_EXIT_40000015_KERNELBASE.dll!RaiseException
BUCKET_ID: APPLICATION_FAULT_STATUS_FATAL_APP_EXIT_kernelbase!RaiseException+0
WATSON_IBUCKET: -1314887184
WATSON_IBUCKETTABLE: 1
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/vmmap_exe/3_11_0_0/4fac855c/vmmap_exe/3_11_0_0/4fac855c/40000015/000341c0.htm?Retriage=1
0:000> .ecxr
eax=00000000 ebx=001cddfc ecx=00000000 edx=00000000 esi=7508030c edi=00e5cbe1
eip=00e541c0 esp=001cdd10 ebp=001cdd3c iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200202
vmmap+0x341c0:
00e541c0 e8a4000000 call vmmap+0x34269 (00e54269)