In Windows 7 the TaskMgr provides one easy way to create dump for the applications. You can right click the Application from Applications tab or click the process from Processes tab and click the Create Dump File menu item. The dump files will be created under certain folder soon. Here assume that we created one dump file for one of MaxWell consoles. If you load the dump file into Windbg and type “k” command, you will have below wired output.

0:000> k

Child-SP          RetAddr           Call Site

00000000`0008e2e8 00000000`7458aea8 wow64win+0x3fe3a

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for wow64.dll -

00000000`0008e2f0 00000000`745dcf87 wow64win+0x1aea8

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for wow64cpu.dll -

00000000`0008e350 00000000`74562776 wow64!Wow64SystemServiceEx+0xd7

00000000`0008ec10 00000000`745dd07e wow64cpu!TurboDispatchJumpAddressEnd+0x2d

00000000`0008ecd0 00000000`745dc549 wow64!Wow64SystemServiceEx+0x1ce

00000000`0008ed20 00000000`76e94956 wow64!Wow64LdrpInitialize+0x429

00000000`0008f270 00000000`76e91a17 ntdll!RtlUniform+0x6e6

00000000`0008f760 00000000`76e7c32e ntdll!RtlCreateTagHeap+0xa7

00000000`0008f7d0 00000000`00000000 ntdll!LdrInitializeThunk+0xe

This callstack looks quite strange to us. What the hell wow64!Wow64LdrpInitialize is?

The reason why we have this strange callstack with this dump file is because we used the 64bit TaskMgr to create one 64bit dump for a 32-bit process. If you use the 64bit application such as 64bit TaskMrg or 64bit WinDBG to create the dump for a 32bit process, you will get a 64bit dump of a 32bit process. But how can we debug this 64bit dump of a 32bit process?

We can make use of WOW64 debugger extension. You can find more information from below link:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384163(v=vs.85).aspx

0:000> .load wow64exts

0:000> !sw

Switched to 32bit mode

0:000:x86> k

ChildEBP          RetAddr

WARNING: Stack unwind information not available. Following frames may be wrong.

0031f280 6d5d88f7 user32!WaitMessage+0x15

0031f2d8 6d5d8741 System_Windows_Forms_ni+0x2088f7

0031f308 6d595911 System_Windows_Forms_ni+0x208741

0031f320 70f86739 System_Windows_Forms_ni+0x1c5911

0031f350 02341b4c NewConsole_ni+0x6739

0031f360 02358951 mscorwks+0x1b4c

0031f3e0 02375fbd mscorwks+0x18951

0031f518 02375ff0 mscorwks!CoUninitializeEE+0x11861

0031f534 0237600e mscorwks!CoUninitializeEE+0x11894

0031f54c 02414675 mscorwks!CoUninitializeEE+0x118b2

Windows also provides one 32bit TaskMgr which is C:\Windows\SysWOW64\taskmgr.exe. You can create a 32bit dump for 32bit process. With that 32bit dump we don’t need the WOW64 extension when we loaded it into WinDBG.

debug 64bit dump of a 32bit process in windows 7 64bit的更多相关文章

  1. Can't load IA 32-bit .dll on a AMD 64-bit platform错误的解决

    64位的系统,64位的myeclipse,64位的jdk,64位的tomcat,结果报错:Can't load IA 64-bit .dll on a AMD 32-bit platform,简直无语 ...

  2. java.lang.UnsatisfiedLinkError: C:\apache-tomcat-8.0.21\bin\tcnative-1.dll: Can't load IA 32-bit .dll on a AMD 64-bit platform

    Tomcat启动报错: 25-Mar-2016 10:40:43.478 SEVERE [main] org.apache.catalina.startup.Catalina.stopServer C ...

  3. MyEclipse: Can't load IA 32-bit .dll on a AMD 64-bit platform

    java.lang.UnsatisfiedLinkError: D:\Tomcat7\apache-tomcat-7.0.59\bin\tcnative-1.dll: Can't load IA 32 ...

  4. java.lang.UnsatisfiedLinkError: D:\Tomcat-7.0.59\apache-tomcat-7.0.59\bin\tcnative-1.dll: Can't load IA 32-bit .dll on a AMD 64-bit platform

    今日上午用Tomcat运行一个小项目,报出以下异常信息: java.lang.UnsatisfiedLinkError: D:\Tomcat-7.0.59\apache-tomcat-7.0.59\b ...

  5. Convert Windows 32bit dirver to Windows 64bit

    Pre-condition: 1.source code(vc6.0+WDK based) Development environment: 2.VS2013 3.WDK 8/8.1 Steps: 1 ...

  6. Tomcat:Can't load IA 32-bit .dll on a AMD 64-bit platform问题的解决

    控制台错误如下: java.lang.UnsatisfiedLinkError: D:\apache-tomcat-7.0.56\bin\tcnative-1.dll: Can't load IA 3 ...

  7. 错误:C:\Windows\System32\ssleay32.dll: Can't load IA 32-bit .dll on a AMD 64-bit

    错误:C:\Windows\System32\ssleay32.dll: Can't load IA 32-bit .dll on a AMD 64-bit 错误的原因是:jdk不是64位的,而是32 ...

  8. Can't load IA 32-bit .dll on a AMD 64-bit platform

    在myeclipse中使用的,tomcat异常:java.lang.UnsatisfiedLinkError: D:\JAVA\ApacheTomcat\bin\tcnative-1.dll: Can ...

  9. 解决Tomcat: Can't load IA 32-bit .dll on a AMD 64-bit platform 问题

    错误如下: java.lang.UnsatisfiedLinkError: E:\Program Files\MyEclipse 10\apache-tomcat-7.0.23\bin\tcnativ ...

随机推荐

  1. Javascript performance

    I just went through some vedio related to javascript performance which is great, Here is the notes I ...

  2. django中post方法和get方法的不同

    当我们提交表单仅仅需要获取数据时就可以用GET: 而当我们提交表单时需要更改服务器数据的状态,或者说发送e-mail,或者其他不仅仅是获取并显示数据的时候就使用POST. 在这个搜索书籍的例子里,我们 ...

  3. struts 学习

    1.在Struts2的Action中取得请求参数值的几种方法 public class GetRequestParameterAction extends ActionSupport { privat ...

  4. opencv实现KNN手写数字的识别

    人工智能是当下很热门的话题,手写识别是一个典型的应用.为了进一步了解这个领域,我阅读了大量的论文,并借助opencv完成了对28x28的数字图片(预处理后的二值图像)的识别任务. 预处理一张图片: 首 ...

  5. MongoDB 学习笔记(五)索引

    http://www.cnblogs.com/stephen-liu74/archive/2012/08/01/2561557.html

  6. Codis使用教程

    1. Codis集群的搭建与使用 http://www.cnblogs.com/xuanzhi201111/p/4425194.html https://github.com/CodisLabs/co ...

  7. Codeforces Round #209 (Div. 2)C

    刷了一页的WA  ..终于发现了 哪里错了 快速幂模板里一个变量t居然开得long  ... 虽然代码写的丑了点 但是是对的 那个该死的long 啊.. #include <iostream&g ...

  8. ViewPager的监听事件失效

    主要是因为在我项目使用了PageIndicator,所以这个时候监听事件要写在PageIndicator上. mIndicator.setOnPageChangeListener(new OnPage ...

  9. Codeforces Round #272 (Div. 2) C. Dreamoon and Sums (数学 思维)

    题目链接 这个题取模的时候挺坑的!!! 题意:div(x , b) / mod(x , b) = k( 1 <= k <= a).求x的和 分析: 我们知道mod(x % b)的取值范围为 ...

  10. DataGridView 相关操作

    一.单元格内容的操作// 取得当前单元格内容 Console.WriteLine(DataGridView1.CurrentCell.Value); // 取得当前单元格的列 Index Consol ...