Hi S,
I am using a full minidump and I have verified all symbols for binaries are loaded, either my own private symbol for the code I wrote or the public symbol of OS.
In this situation, I am confused about two things,
I think this situation you mentioned – “Either the memory isn’t present in the dump and can’t be found in any binary that can be downloaded from the symbol server (if you are debugging a minimal minidump)” is not applied in my situation? Correct?
“it’s just plain not valid (i.e. a PAGE_NOACCESS page)” I donot quite understand this. What means plain not valid? Could you provide more description please? Why PAGE_NOACCESS? Not valid address or protected by OS kernel do you mean?
“This can also happen in kernel mode if the requested address was paged out.” – I am debugging a user mode x86 application, the code which causes access violation belongs to my own code (when I access some member variable for a class instance). So, in this situation, is it still possible that ??? output is because of “in kernel mode if the requested address was paged out”?
“!address to map out the address space” – confused about your words. map out you mean page out? I think !address command in my experience just check memory address/page property, not doing anything like page out. 
regards,
George
----- Original Message ----
From: Skywing
To: Kernel Debugging Interest List
Sent: Sunday, November 23, 2008 1:05:42 PM
Subject: RE: [windbg] access violation exception dump debug
Either the memory isn’t present in the dump and can’t be found in any binary that can be downloaded from the symbol server (if you are debugging a minimal minidump), or it’s just plain not valid (i.e. a PAGE_NOACCESS page).? This can also happen in kernel mode if the requested address was paged out.
Depending on whether the dump file was written with enough information, you may be able to use !address to map out the address space.? Most minidumps won’t have enough data to do this and the command will fail.? Full minidumps (e.g. generated by ``.dump /ma’') should have enough data to run !address, as I recall.
- S
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Lin George
Sent: Saturday, November 22, 2008 11:28 PM
To: Kernel Debugging Interest List
Subject: [windbg] access violation exception dump debug
Hello everyone,
I am debugging an access violation exception dump (code xxxxxxxx access violation for memory address, exception code 0x00000005). It is 32-bit x86 code release version. I have used the command dd to examine the memory address (not code address) which reports access violaton. The content of the address is displayed as ??? in debugger.
I double checked for the memory, it does not belong to any stack (using k on each thread) memory address space, does not belong to any binary code (using lm command to verify).
My question is, for memory address which reports access violation and which content is ???,
1. is it the memory address not allocated (or reserved) in current process virtual memory space?
2. or the memory address deleted? I have made some test that for the memory deleted on heap, its content will be marked with 0xfe, not ?. But I am not sure whether when the heap memory is recycled by OS memory mamagement system, it will be remarked as ???
3. Or something else possible?
thanks in advance,
George
? ? ?
—
You are currently subscribed to windbg as: xxxxx@valhallalegends.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com