Once when I was doing debugging using WinDbg, it suddenly stopped responding. After a while I ran another instance and began investigation.
0:000> !runaway User Mode Time Thread Time 1:5d0 0 days 0:10:44.190 0:c64 0 days 0:00:00.140 6:ef0 0 days 0:00:00.000 5:f1c 0 days 0:00:00.000 4:10d0 0 days 0:00:00.000 3:930 0 days 0:00:00.000 2:754 0 days 0:00:00.000 0:000> ~1s *** ERROR: Symbol file could not be found. Defaulted to export symbols for cmkd.dll - cmkd!help+0x3f02: 000007fe`f67ee906 8b842450010000 mov eax,dword ptr [rsp+150h] ss:00000000`034e2df0=000000d5 0:001> kf Memory Child-SP RetAddr Call Site 00000000`034e2ca0 000007fe`f67ee745 cmkd!help+0x3f02 11c0 00000000`034e3e60 000007fe`f67ea746 cmkd!help+0x3d41 98a0 00000000`034ed700 00000000`6f3c32bd cmkd!DebugExtensionInitialize+0x376 e0 00000000`034ed7e0 00000000`6f3c5078 dbgeng!ExtensionInfo::Load+0x64d 2f0 00000000`034edad0 00000000`6f3c24cb dbgeng!ExtensionInfo::CheckAdd+0x78 50 00000000`034edb20 00000000`6f419457 dbgeng!ParseBangCmd+0x36b 4e0 00000000`034ee000 00000000`6f41aae0 dbgeng!ProcessCommands+0x547 110 00000000`034ee110 00000000`6f327134 dbgeng!ProcessCommandsAndCatch+0x20 50 00000000`034ee160 00000000`6f327420 dbgeng!Execute+0x2b4 4c0 00000000`034ee620 00000001`3fd93c4b dbgeng!DebugClient::ExecuteWide+0x90 60 00000000`034ee680 00000001`3fd942eb windbg!ProcessCommand+0x1fb 140 00000000`034ee7c0 00000001`3fd96d35 windbg!ProcessEngineCommands+0xcb 1070 00000000`034ef830 00000000`771f652d windbg!EngineLoop+0x3e5 40 00000000`034ef870 00000000`7778c521 kernel32!BaseThreadInitThunk+0xd 30 00000000`034ef8a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d 0:001> dpa 00000000`034e3e60 00000000`034e3e60 00000000`034e46a0 "<HEAD><TITLE>Connection refused</TITLE></HEAD>.<BODY BG" 00000000`034e3e68 00000000`000000d5 00000000`034e3e70 00000000`034e56a0 "" 00000000`034e3e78 000007fe`00008000 00000000`034e3e80 00000000`034ed780 "" 00000000`034e3e88 00000000`00000040 00000000`034e3e90 00000000`000000d5 00000000`034e3e98 00000000`00000000 00000000`034e3ea0 772f2f3a`70747468 00000000`034e3ea8 6d65646f`632e7777 00000000`034e3eb0 632e656e`69686361 00000000`034e3eb8 2e646b6d`632f6d6f 00000000`034e3ec0 73726576`3f706870 00000000`034e3ec8 74387545`3d6e6f69 00000000`034e3ed0 2f52316d`754c6e34 00000000`034e3ed8 5a324934`5337434e 0:001> da 00000000`034e46a0 00000000`034e46a0 "<HEAD><TITLE>Connection refused<" 00000000`034e46c0 "/TITLE></HEAD>.<BODY BGCOLOR="wh" 00000000`034e46e0 "ite" FGCOLOR="black">.<FONT FACE" 00000000`034e4700 "="Helvetica,Arial"><B>. Connecti" 00000000`034e4720 "on refused</B></FONT>..<!-- defa" 00000000`034e4740 "ult "Connection refused" respons" 00000000`034e4760 "e (502) -->.</BODY>."
From the stack we can see that the problem is in cmkd.dll (debugger extension DLL from www.codemachine.com), and the string on the stack doesn't look so good.
0:001> u cmkd!help+0x3f02: 000007fe`f67ee906 8b842450010000 mov eax,dword ptr [rsp+150h] 000007fe`f67ee90d 39842440010000 cmp dword ptr [rsp+140h],eax 000007fe`f67ee914 7352 jae cmkd!help+0x3f64 (000007fe`f67ee968) 000007fe`f67ee916 488d4c2440 lea rcx,[rsp+40h] 000007fe`f67ee91b e8c4010000 call cmkd!help+0x40e0 (000007fe`f67eeae4) 000007fe`f67ee920 488bf0 mov rsi,rax 000007fe`f67ee923 4885c0 test rax,rax 000007fe`f67ee926 743c je cmkd!help+0x3f60 (000007fe`f67ee964) 0:001> cmkd!help+0x3f24: 000007fe`f67ee928 4883c9ff or rcx,0FFFFFFFFFFFFFFFFh 000007fe`f67ee92c 33c0 xor eax,eax 000007fe`f67ee92e 488bfe mov rdi,rsi 000007fe`f67ee931 f2ae repne scas byte ptr [rdi] 000007fe`f67ee933 8bd3 mov edx,ebx 000007fe`f67ee935 48f7d1 not rcx 000007fe`f67ee938 488d79ff lea rdi,[rcx-1] 000007fe`f67ee93c 85db test ebx,ebx 0:001> cmkd!help+0x3f3a: 000007fe`f67ee93e 0f8450010000 je cmkd!help+0x4090 (000007fe`f67eea94) 000007fe`f67ee944 83ea01 sub edx,1 000007fe`f67ee947 0f84f3000000 je cmkd!help+0x403c (000007fe`f67eea40) 000007fe`f67ee94d 83ea01 sub edx,1 000007fe`f67ee950 0f849e000000 je cmkd!help+0x3ff0 (000007fe`f67ee9f4) 000007fe`f67ee956 83ea01 sub edx,1 000007fe`f67ee959 7447 je cmkd!help+0x3f9e (000007fe`f67ee9a2) 000007fe`f67ee95b 83fa01 cmp edx,1 0:001> u 000007fe`f67eea94 cmkd!help+0x4090: 000007fe`f67eea94 488d0d614dffff lea rcx,[cmkd+0x37fc (000007fe`f67e37fc)] 000007fe`f67eea9b 488bd6 mov rdx,rsi 000007fe`f67eea9e ff158426ffff call qword ptr [cmkd+0x1128 (000007fe`f67e1128)] 000007fe`f67eeaa4 85c0 test eax,eax 000007fe`f67eeaa6 7506 jne cmkd!help+0x40aa (000007fe`f67eeaae) 000007fe`f67eeaa8 41b401 mov r12b,1 000007fe`f67eeaab 8d5801 lea ebx,[rax+1] 000007fe`f67eeaae 8b4c2420 mov ecx,dword ptr [rsp+20h] 0:001> u cmkd!help+0x40ae: 000007fe`f67eeab2 e94ffeffff jmp cmkd!help+0x3f02 (000007fe`f67ee906) 0:001> dq 000007fe`f67e1128 l1 000007fe`f67e1128 000007fe`ff4c1690 0:001> ln 000007fe`ff4c1690 (000007fe`ff4c1690) msvcrt!stricmp | (000007fe`ff526258) msvcrt!strcoll_l Exact matches: msvcrt!stricmp = <no type information> 0:001> da 000007fe`f67e37fc 000007fe`f67e37fc "<html>" 0:001> da @rsi; *RSI register is not changed through the loop 00000000`034e2df8 ""
After debugging for a while, I found out that the function parses the string mentioned above. The function tries to find <html> tag, but can't, since the string does not have any <html> tag and even when the string ends continues to run.
So I sent the bug report to www.codemachine.com, and in a few days the error was fixed.