Debugging finding address

Posted on 2006-06-01
Last Modified: 2007-12-19
Let's say I have some program that I'm running and I get an exception while running in debug mode of Visual Studio .Net.  I can see from the call stack that the origin of my problem starts at 'SomeProgram.dll!100042be()'  How do I find where that address is in my code?  The SomeProgram.dll is a program that I have written, so I'm trying to find what line and file 100042be is.  How do I do that?

ntdll.dll!_vDbgPrintExWithPrefix@20()  + 0x5a      
ntdll.dll!ExecuteHandler@20()  + 0x24      
ntdll.dll!_KiUserExceptionDispatcher@8()  + 0xe      
ntdll.dll!_RtlDosApplyFileIsolationRedirection_Ustr@36()  + 0x25d      
kernel32.dll!_BasepMapModuleHandle@8()  + 0x7a4      
Question by:cophi
    LVL 4

    Accepted Solution

    You must compile SomeProgram.dll with debug information. The debug information can be inside the .dll, or can be in a .pdb file that goes alongside it. The debugger then automatically finds the method name!
    LVL 4

    Expert Comment

    Please see:

    Another option is to do a dump in the .dll (with dumpbin.exe), maybe you can check the relative address of each function and get a hint at what function it is.
    LVL 86

    Expert Comment

    >>I can see from the call stack that the origin of my problem starts at 'SomeProgram.dll!100042be()'  How do I >>find where that address is in my code?

    Set the compiler to create a map file for that module. When you have both the map file and the faulting address (here: 'SomeProgram.dll!100042be()'), you can find the function where the fault occurred the following way: Consider e.g.

    #include <windows.h>
    #include <stddef.h>
    #include <stdio.h>

    ExceptionHandler(LPEXCEPTION_POINTERS pe) {

        char acModule[MAX_PATH];

        HMODULE hMod;

        VirtualQuery (pe->ExceptionRecord->ExceptionAddress,&mbi,sizeof(mbi));

        ptrdiff_t RVA = (char*)pe->ExceptionRecord->ExceptionAddress - (char*)mbi.AllocationBase;

        hMod = (HMODULE) mbi.AllocationBase;

        GetModuleFileName(hMod,acModule,sizeof (acModule));

        printf( "Detected Exception in %s at RVA 0x%08X\n", acModule, RVA);


    void FaultingFunction () {

        LONG* p = NULL;
        *p = 42;

    void main(){

        SetUnhandledExceptionFilter (ExceptionHandler);
        FaultingFunction ();

    (compiled with "cl rvaxcept.cpp /link /map")

    which prints

    Detected Exception in C:\tmp\cc\rvaxcept.exe at RVA 0x00001088

    The map file is


    Timestamp is 44660958 (Sat May 13 18:29:12 2006)

    Preferred load address is 00400000

    Start         Length     Name                   Class
    0001:00000000 00004938H .text                   CODE

     Address         Publics by Value              Rva+Base     Lib:Object

    0001:00000000       _ExceptionHandler@4        00401000 f   rvaxcept.obj
    0001:0000007a       _FaultingFunction          0040107a f   rvaxcept.obj
    0001:00000092       _main                      00401092 f   rvaxcept.obj
    0001:000000a7       _printf                    004010a7 f   LIBC:printf.obj
    0001:000000d8       _mainCRTStartup            004010d8 f   LIBC:crt0.obj
    0001:000001b7       __amsg_exit                004011b7 f   LIBC:crt0.obj

    You can see the 'Rva+Base' column, base is given as 'Preferred load address is 00400000'

    Add that to the faulting module RVA of 0x00001088 and you get 0x00401088, then look that up in the above (i.e. the 'nearest symbol' and you can see that it is 'FaultingFunction'

    0001:0000007a       _FaultingFunction          0040107a f   rvaxcept.obj
    0001:00000092       _main                      00401092 f   rvaxcept.obj

    The address is between main and FaultingFunction, which starts before 0x00401088, the next function is main and starts later.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    What is C++ STL?: STL stands for Standard Template Library and is a part of standard C++ libraries. It contains many useful data structures (containers) and algorithms, which can spare you a lot of the time. Today we will look at the STL Vector. …
    Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
    The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
    The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now