WinDbg loads mex DLL analysis DMP file

1、 Reference resources https://cloud.tencent.com/developer/article/1920951 install windbg

2、 download MEX Debugging Extension for WinDbg

https://www.microsoft.com/en-us/download/details.aspx?id=53304

https://download.microsoft.com/download/0/C/4/0C4C45E3-BF02-49BF-8D68-6FA611F442E6/Mex.exe

use 7zip decompression Mex.exe obtain Mex.zip

Continue to decompress Mex.zip obtain mex.dll

For example, the path is e:\Mex\mex.dll

stay windbg Load in dmp After the document , Enter... Where you enter the command .load e:\Mex\mex.dll enter

Show Mex External Loaded!

Continue to input !mex.tl -z A list of zombie processes will be displayed , Input !mex.tl -z -r Statistics will be made （ In many cases, zombie processes ）

!mex.tl -z

!mex.tl -z -r

https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0xc2--bad-pool-caller

BAD_POOL_CALLER

\SystemRoot\system32\DRIVERS\sysdiag_win10.sys

Tinder sysdiag_win10.sys Cause abnormal memory access and downtime

The BAD_POOL_CALLER bug check has a value of 0x000000C2. This indicates that the current thread is making a bad pool request.

!mex.help

Query subcommand

!mex.tl -z -r

In the process HipsTray.exe Follow \SystemRoot\system32\DRIVERS\sysdiag_win10.sys matching

!mex.trep

Displays a thread report

!mex.lt

Displays a list of threads

Due to business division , This account number 2109561508 At present, we only deal with the problems of the enterprise version of tinder products . For questions related to the personal version, please contact QQ：3158498132. Thank you for your support of tinder products .

lmvm sysdiag_win10

kv View the calling module

Confirm with the tinder technology that it is the old version half a year ago , The new version has optimized the relevant logic , It is recommended to use the new version