search

SkyLined / BugId

Detect, analyze and uniquely identify crashes in Windows applications
https://bugid.skylined.nl
Other
501 stars 90 forks source link

Debugger attached to a new process #75

Closed baptistapedro closed 6 years ago

baptistapedro commented 6 years ago 
C:\Users\jitwei\Desktop\BugId>.\BugId.py "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -v
* Command line: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
stdout>
stdout>Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
stdout>Copyright (c) Microsoft Corporation. All rights reserved.
stdout>
stdout>CommandLine: "C:\Windows\system32\cmd.exe" /K "ECHO OFF"
stdout>
stdout>************* Symbol Path validation summary **************
stdout>Response                         Time (ms)     Location
stdout>Deferred                                       cache*
stdout>Deferred                                       srv*http://msdl.microsoft.com/download/symbols
stdout>Symbol search path is: cache*;srv*http://msdl.microsoft.com/download/symbols
stdout>Executable search path is:
stdout>ModLoad: 00007ff6`b4710000 00007ff6`b4769000   cmd.exe
stdout>ModLoad: 00007ffd`63c70000 00007ffd`63e42000   ntdll.dll
stdout>ModLoad: 00007ffd`61880000 00007ffd`6192c000   C:\Windows\System32\KERNEL32.DLL
stdout>ModLoad: 00007ffd`60570000 00007ffd`6078d000   C:\Windows\System32\KERNELBASE.dll
stdout>ModLoad: 00007ffd`63040000 00007ffd`630de000   C:\Windows\System32\msvcrt.dll
stdout>(2ef4.658): Break instruction exception - code 80000003 (first chance)
stdout>ntdll!LdrpDoDebuggerBreak+0x30:
stdout>00007ffd`63d435f0 cc              int     3
stdout>0:000>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .prompt_allow -dis -ea -reg -src -sym; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Display only the prompt
stdout><☺[☻{
stdout>Allow the following information to be displayed at the prompt:
stdout>(Other settings can affect whether the information is actually displayed)
stdout>  None
stdout>Do not allow the following information to be displayed at the prompt:
stdout>   sym - Symbol for current instruction
stdout>   dis - Disassembly of current instruction
stdout>    ea - Effective address for current instruction
stdout>   reg - Register state
stdout>   src - Source info for current instruction
stdout>}☻]☺>
stdout>0:000>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .pcmd -s ".echo;"; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Output a CRLF after running the application
stdout><☺[☻{
stdout>Set prompt command
stdout>Per-prompt command is '.echo;'
stdout>}☻]☺>
stdout>0:000>
<stdin<
stdout>0:000>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 2ef4.658: Break instruction exception - code 80000003 (first chance)
stdout>  debugger time: Thu Feb  1 06:04:05.509 2018 (UTC - 12:00)
stdout>}☻]☺>
stdout>0:000>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ sxd *;sxi ld;sxi ud;sxd 0xC0000094;sxd 0xC0000095;sxd 0xC0000008;sxd 0xC0000235;sxd 0x80000004;sxd 0x4000001E;sxd 0xE06D7363;sxd 0x40080201;sxd 0x40080202;sxe cpr;sxe ibp;sxe epr;sxe aph;sxe 0xC0000005;sxe 0xE0000008;sxe 0xC0000420;sxe 0x80000003;sxe 0xC000008C;sxe 0x80000002;sxe 0xC0000602;sxe 0x80000001;sxe 0xC000001D;sxe 0xC0000006;sxe 0xC0000096;sxe 0xC0000409;sxe 0xC00000FD;sxe 0x4000001F;sxe 0x80000007; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Setup exception handling
stdout><☺[☻{
stdout>}☻]☺>
stdout>0:000>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .attach -b 0x15F4; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Attach to process 5620
stdout><☺[☻{
stdout>Attach will occur on next execution
stdout>}☻]☺>
stdout>0:000>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Thu Feb  1 06:04:05.588 2018 (UTC - 12:00)
stdout>System Uptime: 9 days 10:01:19.486
stdout>Process Uptime: 0 days 0:00:00.075
stdout>  Kernel time: 0 days 0:00:00.000
stdout>  User time: 0 days 0:00:00.000
stdout>}☻]☺>
stdout>0:000>
<stdin<gn;
stdout>*** wait with pending attach
stdout>
stdout>************* Symbol Path validation summary **************
stdout>Response                         Time (ms)     Location
stdout>Deferred                                       cache*
stdout>Deferred                                       srv*http://msdl.microsoft.com/download/symbols
stdout>Symbol search path is: cache*;srv*http://msdl.microsoft.com/download/symbols
stdout>Executable search path is:
stdout>
stdout>1:002>
<stdin<
stdout>1:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 15f4.17cc: Create process 1:15f4
stdout>  debugger time: Thu Feb  1 06:04:05.588 2018 (UTC - 12:00)
stdout>}☻]☺>
stdout>1:002>
+ Main process 5620/0x15F4 (chrome.exe): Attached; command line = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe".
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .childdbg 1; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Debug child processes
stdout><☺[☻{
stdout>Processes created by the current process will be debugged
stdout>}☻]☺>
stdout>1:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ ~*m; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Resume all threads
stdout><☺[☻{
stdout>}☻]☺>
stdout>1:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ lmov a 0x7FF624840000; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get module information
stdout><☺[☻{
stdout>start             end                 module name
stdout>00007ff6`24840000 00007ff6`249cc000   chrome     (deferred)
stdout>    Image path: chrome.exe
stdout>    Image name: chrome.exe
stdout>    Timestamp:        Tue Jan  2 16:08:27 2018 (5A4C573B)
stdout>    CheckSum:         0018EEE3
stdout>    ImageSize:        0018C000
stdout>    File version:     63.0.3239.132
stdout>    Product version:  63.0.3239.132
stdout>    File flags:       0 (Mask 17)
stdout>    File OS:          4 Unknown Win32
stdout>    File type:        1.0 App
stdout>    File date:        00000000.00000000
stdout>    Translations:     0409.04b0
stdout>    CompanyName:      Google Inc.
stdout>    ProductName:      Google Chrome
stdout>    InternalName:     chrome_exe
stdout>    OriginalFilename: chrome.exe
stdout>    ProductVersion:   63.0.3239.132
stdout>    FileVersion:      63.0.3239.132
stdout>    FileDescription:  Google Chrome
stdout>    LegalCopyright:   Copyright 2016 Google Inc. All rights reserved.
stdout>}☻]☺>
stdout>1:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Thu Feb  1 06:04:05.650 2018 (UTC - 12:00)
stdout>System Uptime: 9 days 10:01:19.549
stdout>Process Uptime: 0 days 0:00:00.071
stdout>  Kernel time: 0 days 0:00:00.000
stdout>  User time: 0 days 0:00:00.000
stdout>}☻]☺>
stdout>1:002>
<stdin<gh;
stdout>(15f4.17cc): Break instruction exception - code 80000003 (first chance)
stdout>
stdout>1:002>
<stdin<
stdout>1:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 15f4.17cc: Break instruction exception - code 80000003 (first chance)
stdout>  debugger time: Thu Feb  1 06:04:05.681 2018 (UTC - 12:00)
stdout>}☻]☺>
stdout>1:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Thu Feb  1 06:04:05.713 2018 (UTC - 12:00)
stdout>System Uptime: 9 days 10:01:19.611
stdout>Process Uptime: 0 days 0:00:00.134
stdout>  Kernel time: 0 days 0:00:00.015
stdout>  User time: 0 days 0:00:00.000
stdout>}☻]☺>
stdout>1:002>
<stdin<gh;
stdout>
stdout>************* Symbol Path validation summary **************
stdout>Response                         Time (ms)     Location
stdout>Deferred                                       cache*
stdout>Deferred                                       srv*http://msdl.microsoft.com/download/symbols
stdout>Symbol search path is: cache*;srv*http://msdl.microsoft.com/download/symbols
stdout>Executable search path is:
stdout>
stdout>2:004>
<stdin<
stdout>2:004>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 325c.308c: Create process 2:325c
stdout>  debugger time: Thu Feb  1 06:04:05.744 2018 (UTC - 12:00)
stdout>}☻]☺>
stdout>2:004>
+ Sub process 12892/0x325C (chrome.exe): Started; command line = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\jitwei\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\jitwei\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\jitwei\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=63.0.3239.132 --initial-client-data=0x1f0,0x1f4,0x1f8,0x1ec,0x1fc,0x7ffd3c715720,0x7ffd3c715760,0x7ffd3c715738.
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .childdbg 1; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Debug child processes
stdout><☺[☻{
stdout>Processes created by the current process will be debugged
stdout>}☻]☺>
stdout>2:004>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Thu Feb  1 06:04:05.775 2018 (UTC - 12:00)
stdout>System Uptime: 9 days 10:01:19.674
stdout>Process Uptime: 0 days 0:00:00.036
stdout>  Kernel time: 0 days 0:00:00.000
stdout>  User time: 0 days 0:00:00.000
stdout>}☻]☺>
stdout>2:004>
<stdin<gh;
stdout>(325c.308c): Break instruction exception - code 80000003 (first chance)
stdout>
stdout>2:004>
<stdin<
stdout>2:004>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 325c.308c: Break instruction exception - code 80000003 (first chance)
stdout>  debugger time: Thu Feb  1 06:04:05.791 2018 (UTC - 12:00)
stdout>}☻]☺>
stdout>2:004>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Thu Feb  1 06:04:05.822 2018 (UTC - 12:00)
stdout>System Uptime: 9 days 10:01:19.721
stdout>Process Uptime: 0 days 0:00:00.083
stdout>  Kernel time: 0 days 0:00:00.015
stdout>  User time: 0 days 0:00:00.000
stdout>}☻]☺>
stdout>2:004>
<stdin<gh;
stdout>
stdout>1:002>
<stdin<
stdout>1:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 15f4.17cc: Exit process 1:15f4, code 0
stdout>  debugger time: Thu Feb  1 06:04:05.900 2018 (UTC - 12:00)
stdout>}☻]☺>
stdout>1:002>
- Main process 5620/0x15F4 (chrome.exe): Terminated.
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Thu Feb  1 06:04:05.926 2018 (UTC - 12:00)
stdout>System Uptime: 9 days 10:01:19.824
stdout>Process Uptime: 0 days 0:00:00.347
stdout>  Kernel time: 0 days 0:00:00.031
stdout>  User time: 0 days 0:00:00.000
stdout>}☻]☺>
stdout>1:002>
<stdin<gh;
stdout>(2ef4.e10): Control-C exception - code 40010005 (first chance)
stdout>First chance exceptions are reported before any exception handling.
stdout>This exception may be expected and handled.
stdout>
stdout>0:002>
<stdin<
stdout>0:002>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 2ef4.e10: Control-C exception - code 40010005 (first chance)
stdout>  debugger time: Thu Feb  1 06:05:02.480 2018 (UTC - 12:00)
stdout>}☻]☺>
stdout>0:002>
+ Sub process 12020/0x2EF4 (cmd.exe): Started; command line = "C:\Windows\system32\cmd.exe" /K "ECHO OFF".
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .childdbg 1; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Debug child processes
stdout><☺[☻{
stdout>Processes created by the current process will be debugged
stdout>}☻]☺>
stdout>0:002>
┌─ An internal exception has occured ───────────────────────────────────────────────────────────────────────────────────────────────────────────
│ AssertionError('Expected this to be a debug breakpoint because the debugger attached to a new process',)
│
│  Stack:
│   0 cCdbWrapper_fCdbStdInOutThread @ C:\Users\jitwei\Desktop\BugId\modules\cBugId\cCdbWrapper_fCdbStdInOutThread.py/518
│      > "Expected this to be a debug breakpoint because the debugger attached to a new process";
│   1 fCdbStdInOutThread @ C:\Users\jitwei\Desktop\BugId\modules\cBugId\cCdbWrapper.py/447
│      > return cCdbWrapper_fCdbStdInOutThread(oCdbWrapper);
│   2 __fThreadWrapper @ C:\Users\jitwei\Desktop\BugId\modules\cBugId\cCdbWrapper.py/271
│      > fActivity(*axActivityArguments);
┖───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Please report the above details at the below web-page so it can be addressed:
    https://github.com/SkyLined/BugId/issues/new
If you do not have a github account, or you want to report this issue
privately, you can also send an email to:
    BugId@skylined.nl

In your report, please copy the information about the exception reported
above, as well as the stack trace and BugId version information. This makes
it easier to determine the cause of this issue and makes for faster fixes.

+ Windows version: Windows 10 Home release 1607, build 14393 x64.
+ Python version: 2.7.14 x64.
+ BugId version: 2017-12-19 02:02, installed at C:\Users\jitwei\Desktop\BugId.
                                                        * Checking BugId for updates...
SkyLined commented 6 years ago

Thanks for the report and sorry for the slow response. Did you by any chance press CTRL+C? BugId is reporting that it saw an unexpected CTRL+C exception, which (AFAIK) would only happen if you pressed CTRL+C.

SkyLined commented 6 years ago

No response from reporter; unable to fix without feedback.