secdev02/gist:40e463f2728ebf5058a83c454ab5b06d

## gistfile1.txt
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\dumps\regret.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Fri Apr 14 03:47:13.337 1995
System Uptime: 0 days 0:13:37.420
Process Uptime: 0 days 0:04:20.069

0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                        YOU DONE MESSED UP                                   *
*                                                                             *
*******************************************************************************

FAULTING_IP:
MyCOMProject!IDoNotKnowWhatImDoing+d34db33f
baadf00d ff1500f0adba    call    dword ptr [MyCOMProject!_imp__SHDocVw_DWebBrowserEvents2 (baadf000)]

EXCEPTION_CODE: c0000005 (lol access violation - u got PWNED)
EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: baadf00d
   ExceptionCode: c0000005 (h4x0r says: UR DOING IT WRONG)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000  (read? nah bro CRASH)
   Parameter[1]: 00000000  (null ptr - classic n00b mistake)

PROCESS_NAME:  WhyDidIThinkThisWasAGoodIdea.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - "rethink your life choices"

BUGCHECK_STR:  APPLICATION_FAULT_NULL_POINTER_DEREFERENCE_INVALID_VTABLE_CALL

0:000> !comstate
Apartment Type: MTA (More Terror Awaits)
Thread Apartment: STA (Still Totally Anarchic)
Context: 0xdeadbeef (deceased)

0:000> dt _GUID
MyCOMProject!CLSID_WhyAmIDoingThis
   +0x000 Data1            : 0x31337420
   +0x004 Data2            : 0xdead
   +0x006 Data3            : 0xc0de
   +0x008 Data4            : [8]  "PWNED!!!"

0:000> !dumpobj 0x01337000
Name:        System.__ComObject
MethodTable: 5ba58e64
EEClass:     5ba4f120
Size:        12(0xc) bytes
Fields:
      MT    Field   Offset                 Type VT     Attr            Value Name
5ba5f8a0  400001c        4  ...ComObjectFlags  1 instance                6 m_flags
5ba60844  400001d        8         System.Int32  1 instance                0 m_hash

0:000> !objvt 0x0badc0de
Interface: IUnknown
   QueryInterface:  0xbaaaaaad  -- STATUS: ur gonna have a bad time
   AddRef:          0xc0ffee11  -- RefCount manipulation? *chefs kiss*
   Release:         0x00000000  -- NULL! who needs cleanup anyway??

Interface: IDispatch
   GetTypeInfoCount: 0x8badf00d -- (ERROR: developer.exe has stopped responding)
   GetTypeInfo:      0xfee1dead -- lol good luck with that
   GetIDsOfNames:    0x1badb002 -- "name not found" aka ur mom
   Invoke:           0xbadcab1e -- THIS IS WHERE THE FUN BEGINS

0:000> kb
ChildEBP RetAddr  Args to Child
0012f8c8 77e1b3d7 0badc0de deadbeef c0ffee11 ole32!CoMarshalInterface+0x1337
0012f8f4 5ad62fc9 00000000 00000000 0012f954 ole32!CoCreateInstance+0x666
0012f918 5ad63157 0012f954 00000001 00000420 mfc42!AfxOleInit+0x69
0012f970 00401a8d 00000001 003330f0 00333188 mfc42!AfxWinMain+0x53
0012ffc0 77e814c7 00000000 00000000 7ffd4000 WhyDidIThinkThisWasAGoodIdea!WinMainCRTStartup+0x170
0012fff0 00000000 00401923 00000000 78746341 kernel32!BaseProcessStart+0x23

STACK_TEXT:
0012f8c8 77e1b3d7 ole32!CoMarshalInterface+0x1337  -- haha marshaling go brrrr
0012f8f4 5ad62fc9 ole32!CoCreateInstance+0x666    -- devil's instance creation
0012f918 5ad63157 mfc42!AfxOleInit+0x69           -- MFC? more like "My Fatal Crash"
0012f970 00401a8d mfc42!AfxWinMain+0x53           -- abandon all hope ye who enter here
0012ffc0 77e814c7 WhyDidIThinkThisWasAGoodIdea!WinMainCRTStartup+0x170

FOLLOWUP_IP:
MyCOMProject!IDoNotKnowWhatImDoing+d34db33f
baadf00d ff1500f0adba    call    dword ptr [vtable_to_nowhere]

FOLLOWUP_NAME:  That Guy Who Thought COM Was A Good Idea

MODULE_NAME: MyCOMProject (Module of Chaos and Pain)

IMAGE_NAME:  WhyDidIThinkThisWasAGoodIdea.exe

FAILURE_BUCKET_ID:  NULL_POINTER_DEREFERENCE_COM_VTABLE_c0000005_WhyDidIThinkThisWisAGoodIdea.exe!IDoNotKnowWhatImDoing

PRIMARY_PROBLEM_CLASS:  YOUR_CAREER_CHOICES

LAST_CONTROL_TRANSFER:  from ole32!CoCreateInstance to the void

Probably name:  WhyDidIThinkThisWasAGoodIdea.exe ( UR APP = UR PROBLEM )

ANALYSIS SUMMARY:
- Null pointer dereference in COM vtable call
- Classic 90s coding mistakes detected
- Apartment threading: completely wrong
- Reference counting: what's that?
- Error handling: non-existent
- Developer sanity: critically low

RECOMMENDATION:
Consider career in agriculture. Seriously.
Walk away from the computer.
Maybe take up gardening.
Plants don't have vtables.

0:000> q
quit:
	Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
	Copyright (c) Microsoft Corporation. All rights reserved.

	Loading Dump File [C:\dumps\regret.dmp]
	User Mini Dump File: Only registers, stack and portions of memory are available

	Symbol search path is: SRVc:\symbolshttp://msdl.microsoft.com/download/symbols
	Executable search path is:
	Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
	Product: WinNt, suite: SingleUserTS
	Debug session time: Fri Apr 14 03:47:13.337 1995
	System Uptime: 0 days 0:13:37.420
	Process Uptime: 0 days 0:04:20.069

	0:000> !analyze -v
	*******************************************************************************
	* *
	* Exception Analysis *
	* YOU DONE MESSED UP *
	* *
	*******************************************************************************

	FAULTING_IP:
	MyCOMProject!IDoNotKnowWhatImDoing+d34db33f
	baadf00d ff1500f0adba call dword ptr [MyCOMProject!_imp__SHDocVw_DWebBrowserEvents2 (baadf000)]

	EXCEPTION_CODE: c0000005 (lol access violation - u got PWNED)
	EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
	ExceptionAddress: baadf00d
	ExceptionCode: c0000005 (h4x0r says: UR DOING IT WRONG)
	ExceptionFlags: 00000000
	NumberParameters: 2
	Parameter[0]: 00000000 (read? nah bro CRASH)
	Parameter[1]: 00000000 (null ptr - classic n00b mistake)

	PROCESS_NAME: WhyDidIThinkThisWasAGoodIdea.exe

	ERROR_CODE: (NTSTATUS) 0xc0000005 - "rethink your life choices"

	BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_DEREFERENCE_INVALID_VTABLE_CALL

	0:000> !comstate
	Apartment Type: MTA (More Terror Awaits)
	Thread Apartment: STA (Still Totally Anarchic)
	Context: 0xdeadbeef (deceased)

	0:000> dt _GUID
	MyCOMProject!CLSID_WhyAmIDoingThis
	+0x000 Data1 : 0x31337420
	+0x004 Data2 : 0xdead
	+0x006 Data3 : 0xc0de
	+0x008 Data4 : [8] "PWNED!!!"

	0:000> !dumpobj 0x01337000
	Name: System.__ComObject
	MethodTable: 5ba58e64
	EEClass: 5ba4f120
	Size: 12(0xc) bytes
	Fields:
	MT Field Offset Type VT Attr Value Name
	5ba5f8a0 400001c 4 ...ComObjectFlags 1 instance 6 m_flags
	5ba60844 400001d 8 System.Int32 1 instance 0 m_hash

	0:000> !objvt 0x0badc0de
	Interface: IUnknown
	QueryInterface: 0xbaaaaaad -- STATUS: ur gonna have a bad time
	AddRef: 0xc0ffee11 -- RefCount manipulation? chefs kiss
	Release: 0x00000000 -- NULL! who needs cleanup anyway??

	Interface: IDispatch
	GetTypeInfoCount: 0x8badf00d -- (ERROR: developer.exe has stopped responding)
	GetTypeInfo: 0xfee1dead -- lol good luck with that
	GetIDsOfNames: 0x1badb002 -- "name not found" aka ur mom
	Invoke: 0xbadcab1e -- THIS IS WHERE THE FUN BEGINS

	0:000> kb
	ChildEBP RetAddr Args to Child
	0012f8c8 77e1b3d7 0badc0de deadbeef c0ffee11 ole32!CoMarshalInterface+0x1337
	0012f8f4 5ad62fc9 00000000 00000000 0012f954 ole32!CoCreateInstance+0x666
	0012f918 5ad63157 0012f954 00000001 00000420 mfc42!AfxOleInit+0x69
	0012f970 00401a8d 00000001 003330f0 00333188 mfc42!AfxWinMain+0x53
	0012ffc0 77e814c7 00000000 00000000 7ffd4000 WhyDidIThinkThisWasAGoodIdea!WinMainCRTStartup+0x170
	0012fff0 00000000 00401923 00000000 78746341 kernel32!BaseProcessStart+0x23

	STACK_TEXT:
	0012f8c8 77e1b3d7 ole32!CoMarshalInterface+0x1337 -- haha marshaling go brrrr
	0012f8f4 5ad62fc9 ole32!CoCreateInstance+0x666 -- devil's instance creation
	0012f918 5ad63157 mfc42!AfxOleInit+0x69 -- MFC? more like "My Fatal Crash"
	0012f970 00401a8d mfc42!AfxWinMain+0x53 -- abandon all hope ye who enter here
	0012ffc0 77e814c7 WhyDidIThinkThisWasAGoodIdea!WinMainCRTStartup+0x170

	FOLLOWUP_IP:
	MyCOMProject!IDoNotKnowWhatImDoing+d34db33f
	baadf00d ff1500f0adba call dword ptr [vtable_to_nowhere]

	FOLLOWUP_NAME: That Guy Who Thought COM Was A Good Idea

	MODULE_NAME: MyCOMProject (Module of Chaos and Pain)

	IMAGE_NAME: WhyDidIThinkThisWasAGoodIdea.exe

	FAILURE_BUCKET_ID: NULL_POINTER_DEREFERENCE_COM_VTABLE_c0000005_WhyDidIThinkThisWisAGoodIdea.exe!IDoNotKnowWhatImDoing

	PRIMARY_PROBLEM_CLASS: YOUR_CAREER_CHOICES

	LAST_CONTROL_TRANSFER: from ole32!CoCreateInstance to the void

	Probably name: WhyDidIThinkThisWasAGoodIdea.exe ( UR APP = UR PROBLEM )

	ANALYSIS SUMMARY:
	- Null pointer dereference in COM vtable call
	- Classic 90s coding mistakes detected
	- Apartment threading: completely wrong
	- Reference counting: what's that?
	- Error handling: non-existent
	- Developer sanity: critically low

	RECOMMENDATION:
	Consider career in agriculture. Seriously.
	Walk away from the computer.
	Maybe take up gardening.
	Plants don't have vtables.

	0:000> q
	quit:
No results found