Open topic with navigation

Postmortem Debugging

In versions of RTX prior to RTX 7.0, if a fault occurred during exception processing, the RTX handler immediately initiated a double fault and a Green Screen. Now, you can configure RTX exception handling so that when a fault occurs, RTX stops the process and either creates an RTX-enabled minidump or inserts a debug break.

In this "stop at first exception" model, after the exception, RTX immediately constructs a new context record based on the trap frame. This context record adopts the Windows standard data structure, CONTEXT, and contains general-purpose register fields, segment selector fields, EFLAGS register field, and an EIP (offending instruction pointer) field.

The rest of this topic describes how to use WinDbg to show the context record and other diagnostic data. You must configure RTX to support exceptions with the RTX Properties setting Debug Break to use these procedures.  

NOTE:  If you configure RTX to support exceptions with the RTX Properties setting Stop process and dump memory, RTX displays the context record and other diagnostic data in the RTX Green Screen and writes it to the RTX-enabled minidump.

Displaying the Context Record

  1. Determine the base address of Context Record by using dd  RtssCurrentThreadContext.

kd> dd RtssCurrentThreadContext

f6013ba0  00000000 00000000 00000000 00000000

  1. Use dt _CONTEXT to display the fields of the context record.

kd> dt _CONTEXT f6013ba0

+0x000 ContextFlags     : 0
+0x004 Dr0              : 0
+0x008 Dr1              : 0
+0x00c Dr2              : 0
+0x010 Dr3              : 0
+0x014 Dr6              : 0
+0x018 Dr7              : 0
+0x01c FloatSave        : _FLOATING_SAVE_AREA
+0x08c SegGs            : 0
+0x090 SegFs            : 0x30
+0x094 SegEs            : 0x23
+0x098 SegDs            : 0x23
+0x09c Edi              : 0
+0x0a0 Esi              : 0
+0x0a4 Ebx              : 0
+0x0a8 Edx              : 0xf600df60
+0x0ac Ecx              : 0xfffffffe
+0x0b0 Eax              : 0
+0x0b4 Ebp              : 0xf609df94
+0x0b8 Eip              : 0xf613b336
+0x0bc SegCs            : 8
+0x0c0 EFlags           : 0x10246
+0x0c4 Esp              : 0xf609df70
+0x0c8 SegSs            : 0x10
+0x0cc ExtendedRegisters : [512]  ""

NOTE:  The values of the ExtendedRegisters field are not saved, and the values of the FloatSave field are available only if you set Stop process and dump memory for the causing exception in the RTX Properties.

Displaying the Exception Code and Other Diagnostic Data

  1. Display exception code and other diagnostic data by using dd RtssExceptData.

kd> dd RtssExceptData

f6013ec0  0000000e f65dd336 f6069f70 f6069f08
f6013ed0  85842008 858424d8 00000001 00000005

RtssExceptData[0] (0000000e): Fault code;
RtssExceptData[1] (f65dd336): Instruction pointer of offending instruction;
RtssExceptData[2] (f6069f70): Stack pointer of thread with offending instruction;
RtssExceptData[3] (f6069f08): Base of trap frame;
RtssExceptData[4] (85842008): Pointer of current thread object;
RtssExceptData[5] (858424d8): Pointer of current process object;
RtssExceptData[6] (00000001): Current process ID;
RtssExceptData[7] (00000005): Current thread ID.

  1. Display the offending instruction by using RtssExceptData[1].

kd> u f65dd336

zeropointer+0x336:

f65dd336 c60000           mov     byte ptr [eax],0x0

  1. Display the full trap frame by using RtssExceptData[3].

kd> dd f6069f08

f6069f08  858424d8 f6069f20 f6002414 00000001

f6069f18  00000001 f65e8390 f6069f34 f5ffe009

f6069f28  fffffffe 00000000 f6069fd4 f6069f50

f6069f38  00000000 00000023 85840023 f600dfa0

f6069f48  fffffffe 00000000 f6069f5c f6069fd4

f6069f58  00000030 00000000 00000000 00000000

f6069f68  f6069f94 0000000e f65dd336 f65dd336

f6069f78  00000008 00010246 00000000 00000000

 

See Also

IntervalZero.com | Support | Give Feedback