Ask Your Question
0

How to debug Wireshark crash

asked 2021-03-18 15:49:37 +0000

amit_wireshark gravatar image

Hello all,

How can I debug Wireshark (version 3.2.5) crash in WIndows 10?

  1. Would it generate a crash report if it is build with RelWithDebugInfo ?
  2. Where can I locate the crash report on Windows system? I mean does it get printed in EventViewer or some other place?
  3. Would it report the stack backtrace as a result of crash when build with RelWithDebugInfo ?

I know I have a option to submit a bug report, but I want to try it myself first.

Thanks in advance,
Amit

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2021-03-18 16:15:30 +0000

grahamb gravatar image

Unless you have modified the defaults, the crash dump will be in %LOCALAPPDATA%\CrashDumps

You can load the dump file in Visual Studio, or WinDbg. WinDbg has the !analyze command to triage the crash.

To make much sense of the crash you will need the debug symbols, these can be obtained from the download server, look for wireshark-pdb-winxx-3.2.5.zip where winxx is win32 or win64 for the bitness of Wireshark you have installed. Note that due to "issues", some pdb files were not uploaded by the build process so aren't available. Unfortunately 3.2.5 was one of the affected versions. You'll need to tell the debugger where to find the symbols once you extract them from the zip.

To look any further into the crash you will also need the sources, a tarball or git checkout of the tag will be sufficient.

Finally, 3.2.x is close to end of life. If you can create the crash with the current stable version, please submit that first and it will be backported as appropriate.

edit flag offensive delete link more

Comments

Thanks for the response.

Is build with RelWithDebugInfo sufficient to get the crash dump? I don't even have the CrashDumps folder in the said location (C:\Users\<username>\AppData\Local\CrashDumps).

amit_wireshark gravatar imageamit_wireshark ( 2021-03-18 16:36:33 +0000 )edit

Any build can produce a crash dump. What the build affects is the level of optimisation in the process that may make debugging more difficult, i.e. local vars are often not available.

Check the registry keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps to see if a non-default DumpFolder has been set. Some types of crash, e.g. a stack overflow break things so badly that no crash dump is made. You can try running the executable under a debugger to try to catch that.

grahamb gravatar imagegrahamb ( 2021-03-18 17:16:54 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-03-18 15:49:37 +0000

Seen: 814 times

Last updated: Mar 18 '21

Related questions

dell backup crash

Crashing Wireshark: Enter ip.host==10.x.

Wireshark crashes every time I enter a frame matches longer than 5 char

Wireshark crashes on "Initializing external capture plugins"

tshark crashes: reading large packet captures via lua_script

Wireshark crashes in the “Enabled Protocols” dialog box

Mac Catalina 10.15.2 loses Internet connection when Wireshark is capturing.

Game crashes when opening Wireshark

Wireshark crashes every time when saving files

Wireshark Crash sometimes with "Play streams"

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2