Difference between revisions of "Crashdump"

From VideoLAN Wiki
Jump to navigation Jump to search
(Created page with ''''crashdump''' is the file VLC's Windows builds generate when VLC crashes. It is stored to '''%appdata%\vlc''' folder and its content can be send to VLC server during next start…')
 
(Dummy edit: Though I describe the endianness, OS and build string the coredump was from ~10 years ago and I expect the details have changed; thus they are no longer sensitive)
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 +
<!--Dummy edit-->
 +
:''See [[Report_bugs#Mac_OS_X_users|here]] for macOS information''
 
'''crashdump''' is the file VLC's Windows builds generate when VLC crashes. It is stored to '''%appdata%\vlc''' folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this:
 
'''crashdump''' is the file VLC's Windows builds generate when VLC crashes. It is stored to '''%appdata%\vlc''' folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this:
<nowiki>
+
<syntaxhighlight lang="ini">
 
[version]
 
[version]
 
OS=6.0.6002.2.Service Pack 2
 
OS=6.0.6002.2.Service Pack 2
Line 55: Line 57:
 
779e19bb|C:\Windows\system32\ntdll.dll
 
779e19bb|C:\Windows\system32\ntdll.dll
 
779e198e|C:\Windows\system32\ntdll.dll
 
779e198e|C:\Windows\system32\ntdll.dll
<nowiki>
+
</syntaxhighlight>
 +
 
 +
'''It is a good idea to send crashdumps with encryption.''' Otherwise attackers can snoop and learn about any software vulnerabilities. For example, the metadata in the short crashdump above show 32-bit Windows Vista SP2 VLC 1.1.2 Qt Interface on what seems to be a Finnish locale. This information, combined with possibly more information, can make for an effective attack by compiling lists of vulnerabilities against 32-bit systems, Vista systems, VLC 1.1.2, etc. To guard against this:
 +
* For forum posts, email and bug reports you can use [[HTTPS]] (look for a green lock icon in the URL bar)
 +
* For file send operations, this means [[FTPS]] if available
 +
 
 +
[[Category:Glossary]]

Latest revision as of 10:14, 13 April 2019

See here for macOS information

crashdump is the file VLC's Windows builds generate when VLC crashes. It is stored to %appdata%\vlc folder and its content can be send to VLC server during next startup if you want that. Content of the file is something like this:

[version]
OS=6.0.6002.2.Service Pack 2
VLC=1.1.2 The Luggage

[exceptions]
c0000005 at 6861e792

[context]
EDI:00000000
ESI:0257c840
EBX:0000001e
EDX:00000008
ECX:00000018
EAX:ffffffe0
EBP:02f8cb00
EIP:6861e792
ESP:02f8cad8

[stacktrace]
#EIP|base|module
6861e792|C:\softa\vlc-1.1.2\libvlccore.dll
6862fe8f|C:\softa\vlc-1.1.2\libvlccore.dll
6861cbfa|C:\softa\vlc-1.1.2\libvlccore.dll
70b62590|C:\softa\vlc-1.1.2\plugins\libhotkeys_plugin.dll
686567db|C:\softa\vlc-1.1.2\libvlccore.dll
68656b3e|C:\softa\vlc-1.1.2\libvlccore.dll
68648dc5|C:\softa\vlc-1.1.2\libvlccore.dll
686568a9|C:\softa\vlc-1.1.2\libvlccore.dll
68656b3e|C:\softa\vlc-1.1.2\libvlccore.dll
64032e5d|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641faa20|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6420f1f0|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641d3a24|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
641dab80|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6466f260|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
645df034|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
645e1255|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
644207fe|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
7789fd72|C:\Windows\system32\USER32.dll
7789fe4a|C:\Windows\system32\USER32.dll
778a018d|C:\Windows\system32\USER32.dll
778a022b|C:\Windows\system32\USER32.dll
6470c1ad|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6441bb63|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646feca6|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646fee4b|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
646704c3|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
64023147|C:\softa\vlc-1.1.2\plugins\libqt4_plugin.dll
6866127a|C:\softa\vlc-1.1.2\libvlccore.dll
764a2599|C:\Windows\system32\msvcrt.dll
764a26b3|C:\Windows\system32\msvcrt.dll
765ad0e9|C:\Windows\system32\kernel32.dll
779e19bb|C:\Windows\system32\ntdll.dll
779e198e|C:\Windows\system32\ntdll.dll

It is a good idea to send crashdumps with encryption. Otherwise attackers can snoop and learn about any software vulnerabilities. For example, the metadata in the short crashdump above show 32-bit Windows Vista SP2 VLC 1.1.2 Qt Interface on what seems to be a Finnish locale. This information, combined with possibly more information, can make for an effective attack by compiling lists of vulnerabilities against 32-bit systems, Vista systems, VLC 1.1.2, etc. To guard against this:

  • For forum posts, email and bug reports you can use HTTPS (look for a green lock icon in the URL bar)
  • For file send operations, this means FTPS if available