Versions Compared

Old Version 2

changes.mady.by.user Luke Cerwin

Saved on

compared with

New Version 3

changes.mady.by.user Luke Cerwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Process Abort Traceback Message

Expand
title...

Tsentry can collect and output a set of information about any Tsentry-aware process that abends (has an abnormal end). This information is printed to the LogMsg file if requested for a process in the sysProcs.ini file. 

The “trapCrash” option, initially set on a per-task basis in the sysProcs.ini file, includes the following alternatives, as described in the comments of that file:

Code Block
#  Trap Crash     - Combination of character flags specifying how process 
#                   crashes/exceptions should be handled
#                   N = Default handling (windows displays message box)
#                   T = Terminate process
#                   D = Log description
#                   S = Try to find symbol and source line
#                   W = Walk back along stack and dump info
#                   R = Dump register values
#                   Y = Default 'Yes' = Same as 'TDS'
#                   A = All possible options

An example of the Traceback information output to LogMsg is as follows. This abend was caused by a task (DemoTask) that was hardcoded to use a pointer set to NULL to reference a value. The TrapCrash option was set to an “A”, requesting all information be dumped and requesting that the process be terminated.

Expand
titleLines
Code Block
Line 1
17:56:42 DemoTask     DemoTask        DemoTask V1.00
Line 2
17:56:43 DemoTask     crashHandler    DemoTask.exe caused an EXCEPTION_ACCESS_VIOLATION in module DemoTask.exe at 001B:0040112A
Line 3
17:56:43 DemoTask     crashHandler    Symbol & source line:
Line 4
17:56:43 DemoTask     crashHandler       main()+0282 byte(s), D:\DemoNtRt\Demo\Tasks\DemoTask\DemoTask.cpp, line 0166+0003 byte(s)
Line 5
17:56:43 DemoTask     crashHandler    Stack trace:
Line 6
17:56:43 DemoTask     crashHandler       001B:0040112A (0x00000001 0x00E02F00 0x00E02F68 0xCCCCCCCC) DemoTask.exe, main()+0282 byte(s), D:\DemoNtRt\Demo\Tasks\DemoTask\DemoTask.cpp, line 0166+0003 byte(s)
Line 7
17:56:43 DemoTask     crashHandler       001B:0041BAEC (0xCCCCCCCC 0xCCCCCCCC 0x7FFDF000 0xCCCCCCCC) DemoTask.exe, mainCRTStartup()+0252 byte(s), crt0.c, line 0206+0025 byte(s)
Line 8
17:56:43 DemoTask     crashHandler       001B:77EA847C (0x0041B9F0 0x00000000 0x000000C8 0x00000100) KERNEL32.dll, ProcessIdToSessionId()+0381 byte(s)
Line 9
17:56:43 DemoTask     crashHandler    Register dump:
Line 10
17:56:43 DemoTask     crashHandler       EAX=00000000  EBX=7FFDF000  ECX=0000001E  EDX=01320000  ESI=CCCCCCCC
Line 11
17:56:43 DemoTask     crashHandler       EDI=CCCCCCCC  EBP=0012FF80  ESP=0012FF14  EIP=0040112A  FLG=00010202
Line 12
17:56:43 DemoTask     crashHandler       CS=001B   DS=0023  SS=0023  ES=0023   FS=0038  GS=0000
Line 13
17:56:43 NtRtMgr      checkAlive      Process DemoTask(1048) detected not alive

A Description of each line follows:

  • Line 1:  Startup message of the process

  • Line 2: 1st line of abort. Displays the reason code and process address

  • Line 3: Header

  • Line 4: Defines the function name and byte offset within the function, fully qualified file name of source module, and source line and byte offset within that line’s code that was being executed when abort occurred.

  • Line 5: Header

  • Line 6: Stack information;

This group of lines lists the functions calls that were executed to get to the current location of the abort. They are listed in reverse chronological order. The first line contains the location of the abort. If this line is in an application program for which debugging information is accessible, then it will provide the line of code that was executing when the abnormal termination occurred. In the example above (DemoTask.exe, main()+0282 byte(s), D:\DemoNtRt\Demo\Tasks\DemoTask\DemoTask.cpp, line 0166+0003 byte(s)), the problem occurred in line 166 of DemoTask.cpp. There will be one following line in this Stack Information section for each call tracing back to the initial Kernel call that initiated the process.

  •  Line 7: Additional stack information: Previous call (DemoTask.exe, mainCRTStartup()+0252 byte(s), crt0.c, line 0206+0025 byte(s))

  • Line 8: Additional stack information: Previous, and in this case the initial, call made by this process (KERNEL32.dll, ProcessIdToSessionId()+0381 byte(s))

  • Line 9: Header: Register Dump

  • Line 10-12: Register dump at time of error. These lines are normally not particularly useful unless you have access to and will be reviewing the assembly language that was produced by this line of code.

  • Line 13: NtRtMgr notices that the process has aborted. It outputs this message, notices that the process does not have AutoRestart set, and does not more.