I am new in windbg and memory analize in windows. I try analize memory dump (crash dump) it's x64 system.
After loading all symbols (my and microsoft)
I type !analyze -v
This is a part of output:
......
FAULTING_SOURCE_CODE: <some code here>
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: rtplogic!CSRTPStack::Finalize+19d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RTPLogic
IMAGE_NAME: RTPLogic.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 58542837
STACK_COMMAND: ~544s; .ecxr ; kb
FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000374_RTPLogic.dll!CSRTPStack::Finalize
BUCKET_ID: X64_APPLICATION_FAULT_WRONG_SYMBOLS_rtplogic!CSRTPStack::Finalize+19d
......
This WRONG_SYMBOLS worried me.
Can I be sure code in FAULTING_SOURCE_CODE it is the code that related to crash?
No, unfortunately you can't trust it. There's at least one point in the analysis of the call stack where the debugger wasn't 100% sure if he got the stack unwinding right.
When you type ~544s; .ecxr; k you'll see a call stack. That call stack will include a warning at that point where it becomes uncertain. You can trust everything before, which may already help, but you can't trust the stack frames below the warning.
You can compare the k output to dps @ebp (maybe add L fff if it's not enough) in order to see what else the debugger could have guessed.
Note that in the output of dps you may also see totally unrelated stuff if, by accident, one of your calculations on the stack resulted in a value that could be interpreted as a symbol.