If the application is a 32-bits application running in 64-bits windows, switch to 32-bits mode to see the stack. Otherwise, it will display the 64-bit stack when in windbg
!wow64exts.sw
Firstly display the stack of all threads to check for calls to any dialog box function
~*kb
Dump the memory address (length set to 100 bytes) to see the text in the dialog box
db 07b435c8 L100 or dc 07b435c8 L100
The !peb shows many useful information including number of processor, computer name, the name of the application executable file name etc
No comments:
Post a Comment