Difference between revisions of "Crashdump"

From VideoLAN Wiki
Jump to navigation Jump to search
m
(Dummy edit: Though I describe the endianness, OS and build string the coredump was from ~10 years ago and I expect the details have changed; thus they are no longer sensitive)
 
(8 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 +
<!--Dummy edit-->
 +
:''See [[Report_bugs#Mac_OS_X_users|here]] for macOS information''
 
'''crashdump''' is the file VLC's Windows builds generate when VLC crashes. It is stored to '''%appdata%\vlc''' folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this:
 
'''crashdump''' is the file VLC's Windows builds generate when VLC crashes. It is stored to '''%appdata%\vlc''' folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this:
<nowiki>
+
<syntaxhighlight lang="ini">
 
[version]
 
[version]
 
OS=6.0.6002.2.Service Pack 2
 
OS=6.0.6002.2.Service Pack 2
Line 55: Line 57:
 
779e19bb|C:\Windows\system32\ntdll.dll
 
779e19bb|C:\Windows\system32\ntdll.dll
 
779e198e|C:\Windows\system32\ntdll.dll
 
779e198e|C:\Windows\system32\ntdll.dll
</nowiki>
+
</syntaxhighlight>
  
So crashdump doesn't reveal the played file or other programs you might be using.
+
'''It is a good idea to send crashdumps with encryption.''' Otherwise attackers can snoop and learn about any software vulnerabilities. For example, the metadata in the short crashdump above show 32-bit Windows Vista SP2 VLC 1.1.2 Qt Interface on what seems to be a Finnish locale. This information, combined with possibly more information, can make for an effective attack by compiling lists of vulnerabilities against 32-bit systems, Vista systems, VLC 1.1.2, etc. To guard against this:
 +
* For forum posts, email and bug reports you can use [[HTTPS]] (look for a green lock icon in the URL bar)
 +
* For file send operations, this means [[FTPS]] if available
 +
 
 +
[[Category:Glossary]]

Latest revision as of 10:14, 13 April 2019

See here for macOS information

crashdump is the file VLC's Windows builds generate when VLC crashes. It is stored to %appdata%\vlc folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this:

[version]
OS=6.0.6002.2.Service Pack 2
VLC=1.1.2 The Luggage

[exceptions]
c0000005 at 6861e792

[context]
EDI:00000000
ESI:0257c840
EBX:0000001e
EDX:00000008
ECX:00000018
EAX:ffffffe0
EBP:02f8cb00
EIP:6861e792
ESP:02f8cad8

[stacktrace]
#EIP|base|module
6861e792|C:\softa\vlc-1.1.2\libvlccore.dll
6862fe8f|C:\softa\vlc-1.1.2\libvlccore.dll
6861cbfa|C:\softa\vlc-1.1.2\libvlccore.dll
70b62590|C:\softa\vlc-1.1.2\plugins\libhotkeys_plugin.dll
686567db|C:\softa\vlc-1.1.2\libvlccore.dll
68656b3e|C:\softa\vlc-1.1.2\libvlccore.dll
68648dc5|C:\softa\vlc-1.1.2\libvlccore.dll
686568a9|C:\softa\vlc-1.1.2\libvlccore.dll
68656b3e|C:\softa\vlc-1.1.2\libvlccore.dll
64032e5d|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641faa20|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6420f1f0|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641d3a24|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641dab80|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6466f260|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
645df034|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
645e1255|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
644207fe|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
7789fd72|C:\Windows\system32\USER32.dll
7789fe4a|C:\Windows\system32\USER32.dll
778a018d|C:\Windows\system32\USER32.dll
778a022b|C:\Windows\system32\USER32.dll
6470c1ad|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6441bb63|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646feca6|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646fee4b|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646704c3|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
64023147|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6866127a|C:\softa\vlc-1.1.2\libvlccore.dll
764a2599|C:\Windows\system32\msvcrt.dll
764a26b3|C:\Windows\system32\msvcrt.dll
765ad0e9|C:\Windows\system32\kernel32.dll
779e19bb|C:\Windows\system32\ntdll.dll
779e198e|C:\Windows\system32\ntdll.dll

It is a good idea to send crashdumps with encryption. Otherwise attackers can snoop and learn about any software vulnerabilities. For example, the metadata in the short crashdump above show 32-bit Windows Vista SP2 VLC 1.1.2 Qt Interface on what seems to be a Finnish locale. This information, combined with possibly more information, can make for an effective attack by compiling lists of vulnerabilities against 32-bit systems, Vista systems, VLC 1.1.2, etc. To guard against this:

  • For forum posts, email and bug reports you can use HTTPS (look for a green lock icon in the URL bar)
  • For file send operations, this means FTPS if available