KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q159672: How To Find the Trap Frame If It Is Corrupt

Article: Q159672
Product(s): Microsoft Windows NT
Version(s): WinNT:3.5,3.51,4.0
Operating System(s): 
Keyword(s): 
Last Modified: 09-AUG-2001

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Workstation versions 3.5, 3.51, 4.0 
- Microsoft Windows NT Server versions 3.5, 3.51, 4.0 
-------------------------------------------------------------------------------

SUMMARY
=======

If the trap frame is corrupt or cannot be found when completing a debugging
session, use the method detailed below to determine its location.

MORE INFORMATION
================

Dump the first ChildEBp's address on the stack using the dd command. Continue to
dump until you see two 23's back-to-back. After you run into this line of the
dump, subtract x30 from the address at the beginning of that line and run a
!trap against the results.

For example:

KD> kb
FramePtr  RetAddr   Param1   Param2   Param3   Function Name
fdfa4d3c  80121022  00000000 00000000 00000000 NT!KiTrap0E+0x252

KDx86> dd fdfa4d3c
0xFDFA4D3C  fef26ba8 fbde3200 00000000 00000000 .k...2..........
0xFDFA4D4C  00000000 00104601 fdfa4d80 80104655 .....F...M..UF..
0xFDFA4D5C  fef26ba8 fef26c08 fef26ba8 fbde3260 .k...l...k..`2..
0xFDFA4D6C  00000000 00000023 00000023 00000400 ....#...#.......

Sequence of 00000000 00000023 00000023 starts at 0xFDFA4D6C.

KD> !trap FDFA4D3C
eax=00326b08 ebx=00022500 ecx=e18f6dc0 edx=00000400 esi=00000000
edi=004f2118
eip=80121022 esp=fdfa4db0 ebp=fdfa4dfc iopl=0         nv up ei pl nz na po
cy
vip=0    vif=0
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000
efl=00010207
ErrCode = 00000000

NOTE: Another way of getting the trap frame is to do a dump on EBP-30 and dump
from this address until you get to the sequence of 00000023 00000023. From this
point on its just like the first example.

Additional query words: debugref
======================================================================
Keywords          :  
Technology        : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351search kbWinNT350search kbWinNT400search kbWinNTW350 kbWinNTW350search kbWinNTW351search kbWinNTW351 kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbWinNTS351 kbWinNTS350 kbWinNTS351search kbWinNTS350search
Version           : WinNT:3.5,3.51,4.0
Issue type        : kbinfo

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.