Microsoft KB Archive/159672

= How To Find the Trap Frame If It Is Corrupt =

Article ID: 159672

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Workstation 3.5
 * Microsoft Windows NT Workstation 3.51
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 3.5
 * Microsoft Windows NT Server 3.51
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q159672



SUMMARY
If the trap frame is corrupt or cannot be found when completing a debugging session, use the method detailed below to determine its location.



MORE INFORMATION
Dump the first ChildEBp's address on the stack using the dd command. Continue to dump until you see two 23's back-to-back. After you run into this line of the dump, subtract x30 from the address at the beginning of that line and run a !trap against the results.

For example:

KD> kb FramePtr RetAddr   Param1   Param2   Param3   Function Name fdfa4d3c 80121022  00000000 00000000 00000000 NT!KiTrap0E+0x252

KDx86> dd fdfa4d3c 0xFDFA4D3C fef26ba8 fbde3200 00000000 00000000 .k...2.......... 0xFDFA4D4C 00000000 00104601 fdfa4d80 80104655 .....F...M..UF.. 0xFDFA4D5C fef26ba8 fef26c08 fef26ba8 fbde3260 .k...l...k..`2.. 0xFDFA4D6C 00000000 00000023 00000023 00000400 ....#...#.......

Sequence of 00000000 00000023 00000023 starts at 0xFDFA4D6C.

KD> !trap FDFA4D3C eax=00326b08 ebx=00022500 ecx=e18f6dc0 edx=00000400 esi=00000000 edi=004f2118 eip=80121022 esp=fdfa4db0 ebp=fdfa4dfc iopl=0        nv up ei pl nz na po cy vip=0    vif=0 cs=0008 ss=0010  ds=0023  es=0023  fs=0030  gs=0000 efl=00010207 ErrCode = 00000000

NOTE: Another way of getting the trap frame is to do a dump on EBP-30 and dump from this address until you get to the sequence of 00000023 00000023. From this point on its just like the first example.

Additional query words: debugref

Keywords: kbinfo KB159672

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.