In Windows 7 the TaskMgr provides one easy way to create dump for the applications. You can right click the Application from Applications tab or click the process from Processes tab and click the Create Dump File menu item. The dump files will be created under certain folder soon. Here assume that we created one dump file for one of MaxWell consoles. If you load the dump file into Windbg and type “k” command, you will have below wired output.

0:000> k

Child-SP          RetAddr           Call Site

00000000`0008e2e8 00000000`7458aea8 wow64win+0x3fe3a

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for wow64.dll -

00000000`0008e2f0 00000000`745dcf87 wow64win+0x1aea8

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for wow64cpu.dll -

00000000`0008e350 00000000`74562776 wow64!Wow64SystemServiceEx+0xd7

00000000`0008ec10 00000000`745dd07e wow64cpu!TurboDispatchJumpAddressEnd+0x2d

00000000`0008ecd0 00000000`745dc549 wow64!Wow64SystemServiceEx+0x1ce

00000000`0008ed20 00000000`76e94956 wow64!Wow64LdrpInitialize+0x429

00000000`0008f270 00000000`76e91a17 ntdll!RtlUniform+0x6e6

00000000`0008f760 00000000`76e7c32e ntdll!RtlCreateTagHeap+0xa7

00000000`0008f7d0 00000000`00000000 ntdll!LdrInitializeThunk+0xe

This callstack looks quite strange to us. What the hell wow64!Wow64LdrpInitialize is?

The reason why we have this strange callstack with this dump file is because we used the 64bit TaskMgr to create one 64bit dump for a 32-bit process. If you use the 64bit application such as 64bit TaskMrg or 64bit WinDBG to create the dump for a 32bit process, you will get a 64bit dump of a 32bit process. But how can we debug this 64bit dump of a 32bit process?

We can make use of WOW64 debugger extension. You can find more information from below link:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384163(v=vs.85).aspx

0:000> .load wow64exts

0:000> !sw

Switched to 32bit mode

0:000:x86> k

ChildEBP          RetAddr

WARNING: Stack unwind information not available. Following frames may be wrong.

0031f280 6d5d88f7 user32!WaitMessage+0x15

0031f2d8 6d5d8741 System_Windows_Forms_ni+0x2088f7

0031f308 6d595911 System_Windows_Forms_ni+0x208741

0031f320 70f86739 System_Windows_Forms_ni+0x1c5911

0031f350 02341b4c NewConsole_ni+0x6739

0031f360 02358951 mscorwks+0x1b4c

0031f3e0 02375fbd mscorwks+0x18951

0031f518 02375ff0 mscorwks!CoUninitializeEE+0x11861

0031f534 0237600e mscorwks!CoUninitializeEE+0x11894

0031f54c 02414675 mscorwks!CoUninitializeEE+0x118b2

Windows also provides one 32bit TaskMgr which is C:\Windows\SysWOW64\taskmgr.exe. You can create a 32bit dump for 32bit process. With that 32bit dump we don’t need the WOW64 extension when we loaded it into WinDBG.

debug 64bit dump of a 32bit process in windows 7 64bit的更多相关文章

  1. Can't load IA 32-bit .dll on a AMD 64-bit platform错误的解决

    64位的系统,64位的myeclipse,64位的jdk,64位的tomcat,结果报错:Can't load IA 64-bit .dll on a AMD 32-bit platform,简直无语 ...

  2. java.lang.UnsatisfiedLinkError: C:\apache-tomcat-8.0.21\bin\tcnative-1.dll: Can't load IA 32-bit .dll on a AMD 64-bit platform

    Tomcat启动报错: 25-Mar-2016 10:40:43.478 SEVERE [main] org.apache.catalina.startup.Catalina.stopServer C ...

  3. MyEclipse: Can't load IA 32-bit .dll on a AMD 64-bit platform

    java.lang.UnsatisfiedLinkError: D:\Tomcat7\apache-tomcat-7.0.59\bin\tcnative-1.dll: Can't load IA 32 ...

  4. java.lang.UnsatisfiedLinkError: D:\Tomcat-7.0.59\apache-tomcat-7.0.59\bin\tcnative-1.dll: Can't load IA 32-bit .dll on a AMD 64-bit platform

    今日上午用Tomcat运行一个小项目,报出以下异常信息: java.lang.UnsatisfiedLinkError: D:\Tomcat-7.0.59\apache-tomcat-7.0.59\b ...

  5. Convert Windows 32bit dirver to Windows 64bit

    Pre-condition: 1.source code(vc6.0+WDK based) Development environment: 2.VS2013 3.WDK 8/8.1 Steps: 1 ...

  6. Tomcat:Can't load IA 32-bit .dll on a AMD 64-bit platform问题的解决

    控制台错误如下: java.lang.UnsatisfiedLinkError: D:\apache-tomcat-7.0.56\bin\tcnative-1.dll: Can't load IA 3 ...

  7. 错误:C:\Windows\System32\ssleay32.dll: Can't load IA 32-bit .dll on a AMD 64-bit

    错误:C:\Windows\System32\ssleay32.dll: Can't load IA 32-bit .dll on a AMD 64-bit 错误的原因是:jdk不是64位的,而是32 ...

  8. Can't load IA 32-bit .dll on a AMD 64-bit platform

    在myeclipse中使用的,tomcat异常:java.lang.UnsatisfiedLinkError: D:\JAVA\ApacheTomcat\bin\tcnative-1.dll: Can ...

  9. 解决Tomcat: Can't load IA 32-bit .dll on a AMD 64-bit platform 问题

    错误如下: java.lang.UnsatisfiedLinkError: E:\Program Files\MyEclipse 10\apache-tomcat-7.0.23\bin\tcnativ ...

随机推荐

  1. leetcode:Remove Linked List Elements

    Remove all elements from a linked list of integers that have value val. ExampleGiven: 1 --> 2 --& ...

  2. c#换ip代理源码

    很多朋友都想如何提高自己的网站流量,可是都没有什么好的办法 经过很长时间的研究,在C#中实现了,当然了,这部分代码其中一部分是网上的,不是原创. using System; using System. ...

  3. 【Todo】Python的工作原理

    参考这篇: http://python.jobbole.com/86086/?from=timeline&isappinstalled=1&nsukey=MWQG%2B7OI4FvdQ ...

  4. 关于android软键盘enter键的替换与事件监听

    android软键盘事件监听enter键  软件盘的界面替换只有一个属性android:imeOptions,这个属性的可以取的值有 normal,actionUnspecified,actionNo ...

  5. 日期选择插件clndr的使用

    需求是:在HTML中绘制日历直接供用户选择 而不是使用datepicker之类的表单插件让用户点击input后弹出datepicker让用户选择 浏览了一些解决方案后,发现  CLNDR 这个jQue ...

  6. Phar文件

    phar 扩展名文件提供了一种将整个PHP应用程序打包放入一个被称之为phar(PHP archive)的文件从而更加容易便利地发布和安装的方法.就像是java的jar文件有点类似.除了这个功能外,P ...

  7. mysql JDBC URL格式各个参数详解

    mysql JDBC URL格式如下: jdbc:mysql://[host:port],[host:port].../[database][?参数名1][=参数值1][&参数名2][=参数值 ...

  8. 51nod1274 最长递增路径

    将边排序后dp一下就可以了. #include<cstdio> #include<cstring> #include<cctype> #include<alg ...

  9. UVa 136 Ugly Numbers【优先队列】

    题意:给出丑数的定义,不能被除2,3,5以外的素数整除的的数称为丑数. 和杭电的那一题丑数一样--这里学的紫书上的用优先队列来做. 用已知的丑数去生成新的丑数,利用优先队列的能够每次取出当前最小的丑数 ...

  10. QR二维码(转)

    二维码又称QR Code,QR全称Quick Response,是一个近几年来移动设备上超流行的一种编码方式,它比传统的Bar Code条形码能存更多的信息,也能表示更多的数据类型:比如:字符,数字, ...