Checking dump file

Martin Rådbo · Nov 21, 2003

Our english Win2k server box hangs or restart almost every night during
backup but also sometimes at daytime. We've checked all the things (I hope
so at least) which you normally checks in such a case. But there are no info
in the eventlog and nothing else either, except for the information that
"Last reboot was unexpected".
Latest servicepack, all drivers updated and so on...

But, we do have a couple of dump files (minidump) which might help us. We've
tried for long time but do not succeed to read the dumpfile. (yes, we do
have tried with Windebug and similar program but without success).

I need help checking this minidump to hopefully find out which driver
causing the errors. Could you guys out there please help us?

Two examples can be find here:
http://radbo.org/files/Mini101103-01.dmp
http://radbo.org/files/Mini101203-01.dmp

Thanks in advance.

Yours sincerely
Martin Rådbo
Teknologia

Bill Curtis [MSFT] · Nov 21, 2003

I took a look at your dump files and basically the stack data was not
enough to get a good idea of what is actually occuring. You may want to
collect a kernel dump and post the link to this newsgroup for a better
analysis.

- Bill Curtis [MSFT]
“This posting is provided "AS IS" with no warranties, and confers no
rights.”

Martin Rådbo · Nov 23, 2003

Here is a kernel dump:
http://radbo.org/files/kernelmemorydump.zip (9 MB)

Hope this one can give more information.
Thanks for your help so far.

// Martin Rådbo

Bill Curtis [MSFT] · Nov 26, 2003

I looked at your Kernel dump and this is what I found:

ChildEBP RetAddr Args to Child
80473adc 80068415 00000000 82211a60 8221a008 nt!KiTrap0E+0x27c (FPO: [0,0]
TrapFrame @ 80473adc)
80473b54 80453c9d 8046f930 8046fbc0 ffdff000 hal!HalAcpiC1Idle+0x15 (FPO:
[0,2,0])
80473b64 80464b59 0000000e 00000000 00000000 nt!PopProcessorIdle+0x71 (FPO:
[0,0,3])
80473b6c 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x10
kd> .trap 8221a008
ErrCode = 0065006d
eax=00000000 ebx=0000001c ecx=eb4b5d60 edx=822120c0 esi=005c0050
edi=0000001c
eip=0000000e esp=00000000 ebp=00000002 iopl=0 nv up di pl nz ac pe
nc
cs=0001 ss=0003 ds=1b00 es=2860 fs=0001 gs=0020
efl=00000018
0001:000e ?? ???
kd> kv
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
fffffffc 00000000 00000000 00000000 00000000 0xe
<-------------------Bad.....Nothing

Basically, you memory dump is corrupt (not your fault). Try doing this
and then capturing another kernel dump:

Enable Special Pool
==================
188831 How to Use the Special Pool Feature to Isolate Pool Damage
http://support.microsoft.com/?id=188831

Basically, you will want to enable this feature by adding the following to
your registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
Memory Management

"Value Name": PoolTag
"Data Type": REG_DWORD
"Data": 0x2A

"Value Name": PoolTagOverruns
"Data Type": REG_DWORD
"Data": 1

You will need to reboot afterwards. IF you bugcheck during reboot and are
unable to get back into the system, use Last Known Good to get back into
the system.

Enable Driver Verifier
==================
244617 How to Use Driver Verifier to Troubleshoot Device Drivers in Windows
2000
http://support.microsoft.com/?id=244617

Basically, you will want to enable this feature by running this command
from the command prompt and then rebooting:

VERIFIER /flags 9 /all

IF you bugcheck during reboot and are unable to get back into the system,
use Last Known Good to get back into the system. You actually have a good
chance of bugchecking quite frequently when running this command (due to
third party buggy device drivers that were not written correctly - happens
a lot!).

- Bill Curtis [MSFT]
“This posting is provided "AS IS" with no warranties, and confers no
rights.”

Martin Rådbo · Jan 29, 2004

We've a Win 2000 Server. During backup (not always but often) and sometimes
at other times to, the server just hangs. I some cases we got a blue screen
but often it just freeze.

We have performed a lot of steps and now finally we're trying to have some
useful information from a kernel dump file. Some month ago we asked about
this here and got the answer below (telling us to make a more complete
kernel dump with some extra features).

Now we have done this and the server has produced a hopefully better kernel
dump.
We need help from you guys to have a look at it, since our efforts to debug
this file so far has been useless.

We look for some kind of indication of which driver or similar which cause
our server to hang.

Here is the file: http://radbo.org/files/kernelmemorydump.zip

Thanks in advance for your efforts to help us, we do appricate any help with
this.

Sincerely
Martin Rådbo
Teknologia

""Bill Curtis [MSFT]"" <[email protected]> skrev i meddelandet

I looked at your Kernel dump and this is what I found:

ChildEBP RetAddr Args to Child

80473adc 80068415 00000000 82211a60 8221a008 nt!KiTrap0E+0x27c (FPO: [0,0]

TrapFrame @ 80473adc)

80473b54 80453c9d 8046f930 8046fbc0 ffdff000 hal!HalAcpiC1Idle+0x15 (FPO:

[0,2,0])

Click to expand...

80473b64 80464b59 0000000e 00000000 00000000 nt!PopProcessorIdle+0x71 (FPO:

[0,0,3])

Click to expand...

80473b6c 00000000 00000000 00000000 00000000 nt!KiIdleLoop+0x10

kd> .trap 8221a008

ErrCode = 0065006d

eax=00000000 ebx=0000001c ecx=eb4b5d60 edx=822120c0 esi=005c0050

eip=0000000e esp=00000000 ebp=00000002 iopl=0 nv up di pl nz ac pe

cs=0001 ss=0003 ds=1b00 es=2860 fs=0001 gs=0020

0001:000e ?? ???

kd> kv

*** Stack trace for last set context - .thread/.cxr resets it

ChildEBP RetAddr Args to Child

WARNING: Frame IP not in any known module. Following frames may be wrong.

fffffffc 00000000 00000000 00000000 00000000 0xe

Basically, you memory dump is corrupt (not your fault). Try doing this

and then capturing another kernel dump:

Enable Special Pool

188831 How to Use the Special Pool Feature to Isolate Pool Damage

Basically, you will want to enable this feature by adding the following to

your registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\

Memory Management

"Value Name": PoolTag

"Data Type": REG_DWORD

"Data": 0x2A

"Value Name": PoolTagOverruns

"Data Type": REG_DWORD

"Data": 1

You will need to reboot afterwards. IF you bugcheck during reboot and are

unable to get back into the system, use Last Known Good to get back into

the system.

Enable Driver Verifier

244617 How to Use Driver Verifier to Troubleshoot Device Drivers in Windows

Basically, you will want to enable this feature by running this command

from the command prompt and then rebooting:

VERIFIER /flags 9 /all

IF you bugcheck during reboot and are unable to get back into the system,

use Last Known Good to get back into the system. You actually have a good

chance of bugchecking quite frequently when running this command (due to

third party buggy device drivers that were not written correctly - happens

a lot!).
- Bill Curtis [MSFT]

Bugcheck?	2	Jul 19, 2004
save dump	15	Aug 22, 2003
Save Dump	1	Aug 24, 2003
XPe memory dump file mess - please help!	11	Dec 7, 2004
need help understanding memory dump files	1	Sep 23, 2005
BSOD- need help!	5	Mar 11, 2006
Window XP restarting randomly with a Blue Screen.	3	Nov 1, 2006
The computer has rebooted from a bugcheck. How do I send Dump File	2	Sep 4, 2004

Checking dump file

Martin Rådbo

Bill Curtis [MSFT]

Martin Rådbo

Bill Curtis [MSFT]

Martin Rådbo

Ask a Question

Similar Threads