Opened log file 'c:\DebuggingTV\0x26-2.txt' 0:000> .symfix c:\mss 0:000> .reload ..... 0:000> k Child-SP RetAddr Call Site 00000000`0029e018 000007fe`fccb1430 ntdll!NtWaitForMultipleObjects+0xa 00000000`0029e020 00000000`76b12ce3 KERNELBASE!WaitForMultipleObjectsEx+0xe8 00000000`0029e120 00000000`76b89105 kernel32!WaitForMultipleObjectsExImplementation+0xb3 00000000`0029e1b0 00000000`76b89287 kernel32!WerpReportFaultInternal+0x215 00000000`0029e250 00000000`76b892df kernel32!WerpReportFault+0x77 00000000`0029e280 00000000`76b894fc kernel32!BasepReportFault+0x1f 00000000`0029e2b0 00000000`76da43b8 kernel32!UnhandledExceptionFilter+0x1fc 00000000`0029e390 00000000`76d285a8 ntdll! ?? ::FNODOBFM::`string'+0x2365 00000000`0029e3c0 00000000`76d39d0d ntdll!_C_specific_handler+0x8c 00000000`0029e430 00000000`76d291af ntdll!RtlpExecuteHandlerForException+0xd 00000000`0029e460 00000000`76d61278 ntdll!RtlDispatchException+0x45a 00000000`0029eb40 000007fe`f5aaa668 ntdll!KiUserExceptionDispatch+0x2e 00000000`0029f270 000007fe`f5aa946d verifier!VerifierStopMessage+0x1f0 00000000`0029f320 000007fe`f5aa9736 verifier!AVrfpDphReportCorruptedBlock+0x2a5 00000000`0029f3e0 000007fe`f5aa99cd verifier!AVrfpDphCheckNormalHeapBlock+0xce 00000000`0029f450 000007fe`f5aa873a verifier!AVrfpDphNormalHeapFree+0x29 00000000`0029f480 00000000`76dd99a5 verifier!AVrfDebugPageHeapFree+0xb6 00000000`0029f4e0 00000000`76d7dbc0 ntdll!RtlDebugFreeHeap+0x35 00000000`0029f540 00000000`76d6413d ntdll! ?? ::FNODOBFM::`string'+0x10b82 00000000`0029f880 00000000`76b1300a ntdll!RtlFreeHeap+0x1a6 *** WARNING: Unable to verify checksum for BufferUnderwrite.exe 00000000`0029f900 00000001`3ff011c4 kernel32!HeapFree+0xa 00000000`0029f930 00000001`3ff010b1 BufferUnderwrite!free+0x1c [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\free.c @ 51] 00000000`0029f960 00000001`3ff0132c BufferUnderwrite!wmain+0xb1 [c:\work\bufferunderwrite\bufferunderwrite\bufferunderwrite.cpp @ 28] 00000000`0029fcd0 00000000`76b0652d BufferUnderwrite!__tmainCRTStartup+0x144 [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c @ 241] 00000000`0029fd10 00000000`76d3c521 kernel32!BaseThreadInitThunk+0xd 00000000`0029fd40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d 0:000> kn # Child-SP RetAddr Call Site 00 00000000`0029e018 000007fe`fccb1430 ntdll!NtWaitForMultipleObjects+0xa 01 00000000`0029e020 00000000`76b12ce3 KERNELBASE!WaitForMultipleObjectsEx+0xe8 02 00000000`0029e120 00000000`76b89105 kernel32!WaitForMultipleObjectsExImplementation+0xb3 03 00000000`0029e1b0 00000000`76b89287 kernel32!WerpReportFaultInternal+0x215 04 00000000`0029e250 00000000`76b892df kernel32!WerpReportFault+0x77 05 00000000`0029e280 00000000`76b894fc kernel32!BasepReportFault+0x1f 06 00000000`0029e2b0 00000000`76da43b8 kernel32!UnhandledExceptionFilter+0x1fc 07 00000000`0029e390 00000000`76d285a8 ntdll! ?? ::FNODOBFM::`string'+0x2365 08 00000000`0029e3c0 00000000`76d39d0d ntdll!_C_specific_handler+0x8c 09 00000000`0029e430 00000000`76d291af ntdll!RtlpExecuteHandlerForException+0xd 0a 00000000`0029e460 00000000`76d61278 ntdll!RtlDispatchException+0x45a 0b 00000000`0029eb40 000007fe`f5aaa668 ntdll!KiUserExceptionDispatch+0x2e 0c 00000000`0029f270 000007fe`f5aa946d verifier!VerifierStopMessage+0x1f0 0d 00000000`0029f320 000007fe`f5aa9736 verifier!AVrfpDphReportCorruptedBlock+0x2a5 0e 00000000`0029f3e0 000007fe`f5aa99cd verifier!AVrfpDphCheckNormalHeapBlock+0xce 0f 00000000`0029f450 000007fe`f5aa873a verifier!AVrfpDphNormalHeapFree+0x29 10 00000000`0029f480 00000000`76dd99a5 verifier!AVrfDebugPageHeapFree+0xb6 11 00000000`0029f4e0 00000000`76d7dbc0 ntdll!RtlDebugFreeHeap+0x35 12 00000000`0029f540 00000000`76d6413d ntdll! ?? ::FNODOBFM::`string'+0x10b82 13 00000000`0029f880 00000000`76b1300a ntdll!RtlFreeHeap+0x1a6 14 00000000`0029f900 00000001`3ff011c4 kernel32!HeapFree+0xa 15 00000000`0029f930 00000001`3ff010b1 BufferUnderwrite!free+0x1c [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\free.c @ 51] 16 00000000`0029f960 00000001`3ff0132c BufferUnderwrite!wmain+0xb1 [c:\work\bufferunderwrite\bufferunderwrite\bufferunderwrite.cpp @ 28] 17 00000000`0029fcd0 00000000`76b0652d BufferUnderwrite!__tmainCRTStartup+0x144 [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c @ 241] 18 00000000`0029fd10 00000000`76d3c521 kernel32!BaseThreadInitThunk+0xd 19 00000000`0029fd40 00000000`00000000 ntdll!RtlUserThreadStart+0x1d 0:000> .frame 16 16 00000000`0029f960 00000001`3ff0132c BufferUnderwrite!wmain+0xb1 [c:\work\bufferunderwrite\bufferunderwrite\bufferunderwrite.cpp @ 28] 0:000> dv i i = 0n50 i = 0n100 0:000> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* APPLICATION_VERIFIER_HEAPS_CORRUPTED_HEAP_BLOCK_START_STAMP (10) Corrupted start stamp for heap block. This happens for buffer underruns. Arguments: Arg1: 0000000001aa1000, Heap handle used in the call. Arg2: 0000000001c52f90, Heap block involved in the operation. Arg3: 0000000000000064, Size of the heap block. Arg4: 00000000abcdbbbb, Corrupted stamp value. FAULTING_IP: verifier!VerifierStopMessage+1f0 000007fe`f5aaa668 cc int 3 EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) .exr 0xffffffffffffffff ExceptionAddress: 000007fef5aaa668 (verifier!VerifierStopMessage+0x00000000000001f0) ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 1 Parameter[0]: 0000000000000000 DEFAULT_BUCKET_ID: STATUS_BREAKPOINT PROCESS_NAME: BufferUnderwrite.exe ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached. EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid EXCEPTION_PARAMETER1: 0000000000000000 NTGLOBALFLAG: 2000000 APPLICATION_VERIFIER_FLAGS: 1 APP: bufferunderwrite.exe FAULTING_THREAD: 0000000000000d88 PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT LAST_CONTROL_TRANSFER: from 000007fef5aa946d to 000007fef5aaa668 STACK_TEXT: 00000000`0029f270 000007fe`f5aa946d : 00000000`0029f418 000007fe`f5aa1948 00000000`76b1300a 000007fe`f5aa1610 : verifier!VerifierStopMessage+0x1f0 00000000`0029f320 000007fe`f5aa9736 : 00000000`01c52f90 00000000`00000002 00000000`00000040 00000000`00000004 : verifier!AVrfpDphReportCorruptedBlock+0x2a5 00000000`0029f3e0 000007fe`f5aa99cd : 00000000`01aa1000 00000000`01c52f90 00000000`00000004 00000000`00001000 : verifier!AVrfpDphCheckNormalHeapBlock+0xce 00000000`0029f450 000007fe`f5aa873a : 00000000`01c52f90 00000000`01000002 00000000`01000002 00af00ae`00ad00ac : verifier!AVrfpDphNormalHeapFree+0x29 00000000`0029f480 00000000`76dd99a5 : 00000000`00000000 00000000`00000000 00db00da`00d90000 00df00de`00dd00dc : verifier!AVrfDebugPageHeapFree+0xb6 00000000`0029f4e0 00000000`76d7dbc0 : 00000000`01aa0000 0000e008`24a46541 00000000`01aa0000 00000000`000004e4 : ntdll!RtlDebugFreeHeap+0x35 00000000`0029f540 00000000`76d6413d : 00000000`01aa0000 00000000`0029f901 00000000`00000000 00000000`01c52f90 : ntdll! ?? ::FNODOBFM::`string'+0x10b82 00000000`0029f880 00000000`76b1300a : 00000000`00000000 00000000`00000000 00000000`00000064 00000001`3ff0d255 : ntdll!RtlFreeHeap+0x1a6 00000000`0029f900 00000001`3ff011c4 : 00000000`00000004 00000000`00000064 00000000`00000000 00000000`00000000 : kernel32!HeapFree+0xa 00000000`0029f930 00000001`3ff010b1 : 00000000`00000000 00000001`3ff0d255 02200220`00000004 00000000`a62025de : BufferUnderwrite!free+0x1c 00000000`0029f960 00000001`3ff0132c : 00000000`00000001 00000000`01b95f70 00000000`00000000 00000000`00000001 : BufferUnderwrite!wmain+0xb1 00000000`0029fcd0 00000000`76b0652d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : BufferUnderwrite!__tmainCRTStartup+0x144 00000000`0029fd10 00000000`76d3c521 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd 00000000`0029fd40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d STACK_COMMAND: ~0s; .ecxr ; kb FOLLOWUP_IP: BufferUnderwrite!wmain+b1 [c:\work\bufferunderwrite\bufferunderwrite\bufferunderwrite.cpp @ 28] 00000001`3ff010b1 ebde jmp BufferUnderwrite!wmain+0x91 (00000001`3ff01091) FAULTING_SOURCE_LINE: c:\work\bufferunderwrite\bufferunderwrite\bufferunderwrite.cpp FAULTING_SOURCE_FILE: c:\work\bufferunderwrite\bufferunderwrite\bufferunderwrite.cpp FAULTING_SOURCE_LINE_NUMBER: 28 FAULTING_SOURCE_CODE: 24: 25: for (int i = 0; i < SIZE; ++i) 26: { 27: free(parr[i]); > 28: } 29: return 0; 30: } 31: SYMBOL_STACK_INDEX: a SYMBOL_NAME: bufferunderwrite!wmain+b1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: BufferUnderwrite IMAGE_NAME: BufferUnderwrite.exe DEBUG_FLR_IMAGE_TIMESTAMP: 519ac14e FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_BufferUnderwrite.exe!wmain BUCKET_ID: X64_APPLICATION_FAULT_STATUS_BREAKPOINT_bufferunderwrite!wmain+b1 WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/BufferUnderwrite_exe/0_0_0_0/519ac14e/verifier_dll/6_1_7600_16385/4a5be081/80000003/0000a668.htm?Retriage=1 Followup: MachineOwner ---------