Difference between revisions of "Crashdump"
Jump to navigation
Jump to search
m |
(Dummy edit: Though I describe the endianness, OS and build string the coredump was from ~10 years ago and I expect the details have changed; thus they are no longer sensitive) |
||
(8 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
+ | <!--Dummy edit--> | ||
+ | :''See [[Report_bugs#Mac_OS_X_users|here]] for macOS information'' | ||
'''crashdump''' is the file VLC's Windows builds generate when VLC crashes. It is stored to '''%appdata%\vlc''' folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this: | '''crashdump''' is the file VLC's Windows builds generate when VLC crashes. It is stored to '''%appdata%\vlc''' folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this: | ||
− | + | <syntaxhighlight lang="ini"> | |
[version] | [version] | ||
OS=6.0.6002.2.Service Pack 2 | OS=6.0.6002.2.Service Pack 2 | ||
Line 55: | Line 57: | ||
779e19bb|C:\Windows\system32\ntdll.dll | 779e19bb|C:\Windows\system32\ntdll.dll | ||
779e198e|C:\Windows\system32\ntdll.dll | 779e198e|C:\Windows\system32\ntdll.dll | ||
− | + | </syntaxhighlight> | |
− | + | '''It is a good idea to send crashdumps with encryption.''' Otherwise attackers can snoop and learn about any software vulnerabilities. For example, the metadata in the short crashdump above show 32-bit Windows Vista SP2 VLC 1.1.2 Qt Interface on what seems to be a Finnish locale. This information, combined with possibly more information, can make for an effective attack by compiling lists of vulnerabilities against 32-bit systems, Vista systems, VLC 1.1.2, etc. To guard against this: | |
+ | * For forum posts, email and bug reports you can use [[HTTPS]] (look for a green lock icon in the URL bar) | ||
+ | * For file send operations, this means [[FTPS]] if available | ||
+ | |||
+ | [[Category:Glossary]] |
Latest revision as of 10:14, 13 April 2019
- See here for macOS information
crashdump is the file VLC's Windows builds generate when VLC crashes. It is stored to %appdata%\vlc folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this:
[version]
OS=6.0.6002.2.Service Pack 2
VLC=1.1.2 The Luggage
[exceptions]
c0000005 at 6861e792
[context]
EDI:00000000
ESI:0257c840
EBX:0000001e
EDX:00000008
ECX:00000018
EAX:ffffffe0
EBP:02f8cb00
EIP:6861e792
ESP:02f8cad8
[stacktrace]
#EIP|base|module
6861e792|C:\softa\vlc-1.1.2\libvlccore.dll
6862fe8f|C:\softa\vlc-1.1.2\libvlccore.dll
6861cbfa|C:\softa\vlc-1.1.2\libvlccore.dll
70b62590|C:\softa\vlc-1.1.2\plugins\libhotkeys_plugin.dll
686567db|C:\softa\vlc-1.1.2\libvlccore.dll
68656b3e|C:\softa\vlc-1.1.2\libvlccore.dll
68648dc5|C:\softa\vlc-1.1.2\libvlccore.dll
686568a9|C:\softa\vlc-1.1.2\libvlccore.dll
68656b3e|C:\softa\vlc-1.1.2\libvlccore.dll
64032e5d|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641faa20|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6420f1f0|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641d3a24|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641dab80|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6466f260|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
645df034|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
645e1255|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
644207fe|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
7789fd72|C:\Windows\system32\USER32.dll
7789fe4a|C:\Windows\system32\USER32.dll
778a018d|C:\Windows\system32\USER32.dll
778a022b|C:\Windows\system32\USER32.dll
6470c1ad|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6441bb63|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646feca6|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646fee4b|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646704c3|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
64023147|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6866127a|C:\softa\vlc-1.1.2\libvlccore.dll
764a2599|C:\Windows\system32\msvcrt.dll
764a26b3|C:\Windows\system32\msvcrt.dll
765ad0e9|C:\Windows\system32\kernel32.dll
779e19bb|C:\Windows\system32\ntdll.dll
779e198e|C:\Windows\system32\ntdll.dll
It is a good idea to send crashdumps with encryption. Otherwise attackers can snoop and learn about any software vulnerabilities. For example, the metadata in the short crashdump above show 32-bit Windows Vista SP2 VLC 1.1.2 Qt Interface on what seems to be a Finnish locale. This information, combined with possibly more information, can make for an effective attack by compiling lists of vulnerabilities against 32-bit systems, Vista systems, VLC 1.1.2, etc. To guard against this: