How to debug a memory dump ?

Discussion in 'Windows XP General' started by Guest, Sep 20, 2005.

  1. Guest

    Guest Guest

    I had a blue screen .
    On the Microsoft knowledge base, I saw the article 314084 (
    http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee ) which
    explains how to gather information after a memory dump in Windows XP. It says
    that using dumpchk.exe , one can get a value for ExceptionAddress. The
    problem is that when I use dumpchk.exe, I don't see any field called
    ExceptionAddress.
    I would like to identify the driver that caused the exception.
    Can you help ?
    Here is the content of the dumpcheck :
    C:\WINDOWS\Minidump>dumpchk Mini092005-01.dmp
    Loading dump file Mini092005-01.dmp
    ----- 32 bit Kernel Mini Dump Analysis

    DUMP_HEADER32:
    MajorVersion 0000000f
    MinorVersion 00000a28
    DirectoryTableBase 00039000
    PfnDataBase 81d53000
    PsLoadedModuleList 8055a420
    PsActiveProcessHead 805604d8
    MachineImageType 0000014c
    NumberProcessors 00000001
    BugCheckCode 100000d1
    BugCheckParameter1 f676b328
    BugCheckParameter2 00000002
    BugCheckParameter3 00000000
    BugCheckParameter4 f676b328
    PaeEnabled 00000000
    KdDebuggerDataBlock 8054c060
    MiniDumpFields 00000dff

    TRIAGE_DUMP32:
    ServicePackBuild 00000200
    SizeOfDump 00010000
    ValidOffset 0000fffc
    ContextOffset 00000320
    ExceptionOffset 000007d0
    MmOffset 00001068
    UnloadedDriversOffset 000010a0
    PrcbOffset 00001878
    ProcessOffset 000024c8
    ThreadOffset 00002728
    CallStackOffset 00002980
    SizeOfCallStack 000005a0
    DriverListOffset 000031b0
    DriverCount 0000009c
    StringPoolOffset 00006000
    StringPoolSize 000015c8
    BrokenDriverOffset 00000000
    TriageOptions 00000041
    TopOfStack 8054fee0
    DebuggerDataOffset 00002f20
    DebuggerDataSize 00000290
    DataBlocksOffset 000075c8
    DataBlocksCount 00000003


    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
    Debug session time: Tue Sep 20 20:46:24 2005
    System Uptime: 0 days 12:46:09
    start end module name
    804d7000 806eb100 nt Checksum: 002198AF Timestamp: Wed Mar 02
    01
    59:37 2005 (42250FF9)

    Unloaded modules:
    efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    f7f10000 f7f11000 SiSPort.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    f7f32000 f7f33000 SiSPort.sys Timestamp: unavailable (00000000)
    f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    f038e000 f03b8000 kmixer.sys Timestamp: unavailable (00000000)
    f0700000 f072a000 kmixer.sys Timestamp: unavailable (00000000)
    f7e1d000 f7e1e000 SiSPort.sys Timestamp: unavailable (00000000)
    f0a9a000 f0ac4000 kmixer.sys Timestamp: unavailable (00000000)
    f0c43000 f0c53000 Serial.SYS Timestamp: unavailable (00000000)
    f118b000 f11b5000 kmixer.sys Timestamp: unavailable (00000000)
    f7e1c000 f7e1d000 drmkaud.sys Timestamp: unavailable (00000000)
    f1603000 f1610000 DMusic.sys Timestamp: unavailable (00000000)
    f1613000 f1621000 swmidi.sys Timestamp: unavailable (00000000)
    f1255000 f1278000 aec.sys Timestamp: unavailable (00000000)
    f7d24000 f7d26000 splitter.sys Timestamp: unavailable (00000000)
    f7988000 f7991000 processr.sys Timestamp: unavailable (00000000)
    f7ac0000 f7ac5000 Cdaudio.SYS Timestamp: unavailable (00000000)
    f7ab8000 f7abd000 Flpydisk.SYS Timestamp: unavailable (00000000)
    f7ab0000 f7ab7000 Fdc.SYS Timestamp: unavailable (00000000)

    Finished dump check
     
    Guest, Sep 20, 2005
    #1
    1. Advertisements

  2. Guest

    David Candy Guest

    Dumpchk does nothing. You need to read 4 codes from it but they are in english in the Event Log. Yours are

    > BugCheckCode 100000d1
    > BugCheckParameter1 f676b328
    > BugCheckParameter2 00000002
    > BugCheckParameter3 00000000
    > BugCheckParameter4 f676b328


    1nnnnnnn numbers have same meaning as 0nnnnnnn numbers. So you need to research 100000d1 and 000000d1 errors.

    If you want to solve a blue screen do this

    Type verifier in Start Run, follow the wizard but choose All Drivers. This will slow down your computer and cause more blue screen crashes but will pinpoint what is causing the crash (if the original error message didn't). Once you fix it you rerun verifier and turn it off.

    If you can't start after enabling verifier
    choose Last Known Good Configuration at the Failed Boot menu (which will
    start without verifier).


    You will be creating a crash dump file in c:\windows\minidump every blue screen. Make sure you are set to record minidumps (Small Memory Dumps) - type it in Help to see how.

    Then

    If you have the XP SP2 Security Update CD (else see
    http://www.microsoft.com/whdc/­devtools/debugging/symbolpkg.m­spx
    )


    Install symbols from <CD Drive Letter>:\SUPPORT\SYMBOLS

    Download
    http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

    Load the crash dump file into windbg
    and read what it says. You may need to tell it where the symbols are. Read it.
    Type
    !Analyze -v
    into Windbg's command line.
    (this will hopefully tell you the faulty component)

    If the above is too technical then email the crash dump files to davidc @ mvps.org. Don't send me lots of them. Just the one from your last crash after you turn verifier on. And only one per mail.

    You can look up specific details here
    http://msdn.microsoft.com/library/d..._ea8b9fd0-2d81-4a04-a7ed-c1c6a80bd501.xml.asp

    If it indicates faulty memory might be the cause you can get a memory tester
    here
    http://oca.microsoft.com/en/wi­ndiag.asp


    If it mentions a core windows system file, meaning it a MS fix is required,
    upload a minidump to

    http://oca.microsoft.com

    Also try typing the main error code in Help while online (ie,
    Stop 0x50
    and also try in the 8 digit form
    stop 0x00000050)
    and if there are too many hits use a filename if available. Generally memory
    addresses are different for each computer (as each computer has a different
    mix of drivers) so parameters that are memory addresses aren't that useful for searching, but NTStatus codes are (plus you can look them up here http://cvs.sourceforge.net/viewcvs.py/mingw/w32api/include/ddk/ntstatus.h?rev=1.2).



    --
    --------------------------------------------------------------------------------------------------
    http://webdiary.smh.com.au/archives/_comment/001075.html
    =================================================
    "Jacques" <> wrote in message news:...
    >I had a blue screen .
    > On the Microsoft knowledge base, I saw the article 314084 (
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee ) which
    > explains how to gather information after a memory dump in Windows XP. It says
    > that using dumpchk.exe , one can get a value for ExceptionAddress. The
    > problem is that when I use dumpchk.exe, I don't see any field called
    > ExceptionAddress.
    > I would like to identify the driver that caused the exception.
    > Can you help ?
    > Here is the content of the dumpcheck :
    > C:\WINDOWS\Minidump>dumpchk Mini092005-01.dmp
    > Loading dump file Mini092005-01.dmp
    > ----- 32 bit Kernel Mini Dump Analysis
    >
    > DUMP_HEADER32:
    > MajorVersion 0000000f
    > MinorVersion 00000a28
    > DirectoryTableBase 00039000
    > PfnDataBase 81d53000
    > PsLoadedModuleList 8055a420
    > PsActiveProcessHead 805604d8
    > MachineImageType 0000014c
    > NumberProcessors 00000001
    > BugCheckCode 100000d1
    > BugCheckParameter1 f676b328
    > BugCheckParameter2 00000002
    > BugCheckParameter3 00000000
    > BugCheckParameter4 f676b328
    > PaeEnabled 00000000
    > KdDebuggerDataBlock 8054c060
    > MiniDumpFields 00000dff
    >
    > TRIAGE_DUMP32:
    > ServicePackBuild 00000200
    > SizeOfDump 00010000
    > ValidOffset 0000fffc
    > ContextOffset 00000320
    > ExceptionOffset 000007d0
    > MmOffset 00001068
    > UnloadedDriversOffset 000010a0
    > PrcbOffset 00001878
    > ProcessOffset 000024c8
    > ThreadOffset 00002728
    > CallStackOffset 00002980
    > SizeOfCallStack 000005a0
    > DriverListOffset 000031b0
    > DriverCount 0000009c
    > StringPoolOffset 00006000
    > StringPoolSize 000015c8
    > BrokenDriverOffset 00000000
    > TriageOptions 00000041
    > TopOfStack 8054fee0
    > DebuggerDataOffset 00002f20
    > DebuggerDataSize 00000290
    > DataBlocksOffset 000075c8
    > DataBlocksCount 00000003
    >
    >
    > Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    > Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
    > Debug session time: Tue Sep 20 20:46:24 2005
    > System Uptime: 0 days 12:46:09
    > start end module name
    > 804d7000 806eb100 nt Checksum: 002198AF Timestamp: Wed Mar 02
    > 01
    > 59:37 2005 (42250FF9)
    >
    > Unloaded modules:
    > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > f7f10000 f7f11000 SiSPort.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    > f7f32000 f7f33000 SiSPort.sys Timestamp: unavailable (00000000)
    > f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    > f038e000 f03b8000 kmixer.sys Timestamp: unavailable (00000000)
    > f0700000 f072a000 kmixer.sys Timestamp: unavailable (00000000)
    > f7e1d000 f7e1e000 SiSPort.sys Timestamp: unavailable (00000000)
    > f0a9a000 f0ac4000 kmixer.sys Timestamp: unavailable (00000000)
    > f0c43000 f0c53000 Serial.SYS Timestamp: unavailable (00000000)
    > f118b000 f11b5000 kmixer.sys Timestamp: unavailable (00000000)
    > f7e1c000 f7e1d000 drmkaud.sys Timestamp: unavailable (00000000)
    > f1603000 f1610000 DMusic.sys Timestamp: unavailable (00000000)
    > f1613000 f1621000 swmidi.sys Timestamp: unavailable (00000000)
    > f1255000 f1278000 aec.sys Timestamp: unavailable (00000000)
    > f7d24000 f7d26000 splitter.sys Timestamp: unavailable (00000000)
    > f7988000 f7991000 processr.sys Timestamp: unavailable (00000000)
    > f7ac0000 f7ac5000 Cdaudio.SYS Timestamp: unavailable (00000000)
    > f7ab8000 f7abd000 Flpydisk.SYS Timestamp: unavailable (00000000)
    > f7ab0000 f7ab7000 Fdc.SYS Timestamp: unavailable (00000000)
    >
    > Finished dump check
     
    David Candy, Sep 20, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Need help...
    Under Event viewer, picking up a system error causing my XP Pro to reboot
    and hang at times. Need HELP understanding what the error code means.
    Error Code 100000d1, parameter1 00000010, parameter2 00000002, parameter3
    000000000, parameter4 f25facfe.

    What does this all mean and how can it help?
    --
    Anthony


    "David Candy" wrote:

    > Dumpchk does nothing. You need to read 4 codes from it but they are in english in the Event Log. Yours are
    >
    > > BugCheckCode 100000d1
    > > BugCheckParameter1 f676b328
    > > BugCheckParameter2 00000002
    > > BugCheckParameter3 00000000
    > > BugCheckParameter4 f676b328

    >
    > 1nnnnnnn numbers have same meaning as 0nnnnnnn numbers. So you need to research 100000d1 and 000000d1 errors.
    >
    > If you want to solve a blue screen do this
    >
    > Type verifier in Start Run, follow the wizard but choose All Drivers. This will slow down your computer and cause more blue screen crashes but will pinpoint what is causing the crash (if the original error message didn't). Once you fix it you rerun verifier and turn it off.
    >
    > If you can't start after enabling verifier
    > choose Last Known Good Configuration at the Failed Boot menu (which will
    > start without verifier).
    >
    >
    > You will be creating a crash dump file in c:\windows\minidump every blue screen. Make sure you are set to record minidumps (Small Memory Dumps) - type it in Help to see how.
    >
    > Then
    >
    > If you have the XP SP2 Security Update CD (else see
    > http://www.microsoft.com/whdc/­devtools/debugging/symbolpkg.m­spx
    > )
    >
    >
    > Install symbols from <CD Drive Letter>:\SUPPORT\SYMBOLS
    >
    > Download
    > http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
    >
    > Load the crash dump file into windbg
    > and read what it says. You may need to tell it where the symbols are. Read it.
    > Type
    > !Analyze -v
    > into Windbg's command line.
    > (this will hopefully tell you the faulty component)
    >
    > If the above is too technical then email the crash dump files to davidc @ mvps.org. Don't send me lots of them. Just the one from your last crash after you turn verifier on. And only one per mail.
    >
    > You can look up specific details here
    > http://msdn.microsoft.com/library/d..._ea8b9fd0-2d81-4a04-a7ed-c1c6a80bd501.xml.asp
    >
    > If it indicates faulty memory might be the cause you can get a memory tester
    > here
    > http://oca.microsoft.com/en/wi­ndiag.asp
    >
    >
    > If it mentions a core windows system file, meaning it a MS fix is required,
    > upload a minidump to
    >
    > http://oca.microsoft.com
    >
    > Also try typing the main error code in Help while online (ie,
    > Stop 0x50
    > and also try in the 8 digit form
    > stop 0x00000050)
    > and if there are too many hits use a filename if available. Generally memory
    > addresses are different for each computer (as each computer has a different
    > mix of drivers) so parameters that are memory addresses aren't that useful for searching, but NTStatus codes are (plus you can look them up here http://cvs.sourceforge.net/viewcvs.py/mingw/w32api/include/ddk/ntstatus.h?rev=1.2).
    >
    >
    >
    > --
    > --------------------------------------------------------------------------------------------------
    > http://webdiary.smh.com.au/archives/_comment/001075.html
    > =================================================
    > "Jacques" <> wrote in message news:...
    > >I had a blue screen .
    > > On the Microsoft knowledge base, I saw the article 314084 (
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee ) which
    > > explains how to gather information after a memory dump in Windows XP. It says
    > > that using dumpchk.exe , one can get a value for ExceptionAddress. The
    > > problem is that when I use dumpchk.exe, I don't see any field called
    > > ExceptionAddress.
    > > I would like to identify the driver that caused the exception.
    > > Can you help ?
    > > Here is the content of the dumpcheck :
    > > C:\WINDOWS\Minidump>dumpchk Mini092005-01.dmp
    > > Loading dump file Mini092005-01.dmp
    > > ----- 32 bit Kernel Mini Dump Analysis
    > >
    > > DUMP_HEADER32:
    > > MajorVersion 0000000f
    > > MinorVersion 00000a28
    > > DirectoryTableBase 00039000
    > > PfnDataBase 81d53000
    > > PsLoadedModuleList 8055a420
    > > PsActiveProcessHead 805604d8
    > > MachineImageType 0000014c
    > > NumberProcessors 00000001
    > > BugCheckCode 100000d1
    > > BugCheckParameter1 f676b328
    > > BugCheckParameter2 00000002
    > > BugCheckParameter3 00000000
    > > BugCheckParameter4 f676b328
    > > PaeEnabled 00000000
    > > KdDebuggerDataBlock 8054c060
    > > MiniDumpFields 00000dff
    > >
    > > TRIAGE_DUMP32:
    > > ServicePackBuild 00000200
    > > SizeOfDump 00010000
    > > ValidOffset 0000fffc
    > > ContextOffset 00000320
    > > ExceptionOffset 000007d0
    > > MmOffset 00001068
    > > UnloadedDriversOffset 000010a0
    > > PrcbOffset 00001878
    > > ProcessOffset 000024c8
    > > ThreadOffset 00002728
    > > CallStackOffset 00002980
    > > SizeOfCallStack 000005a0
    > > DriverListOffset 000031b0
    > > DriverCount 0000009c
    > > StringPoolOffset 00006000
    > > StringPoolSize 000015c8
    > > BrokenDriverOffset 00000000
    > > TriageOptions 00000041
    > > TopOfStack 8054fee0
    > > DebuggerDataOffset 00002f20
    > > DebuggerDataSize 00000290
    > > DataBlocksOffset 000075c8
    > > DataBlocksCount 00000003
    > >
    > >
    > > Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    > > Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
    > > Debug session time: Tue Sep 20 20:46:24 2005
    > > System Uptime: 0 days 12:46:09
    > > start end module name
    > > 804d7000 806eb100 nt Checksum: 002198AF Timestamp: Wed Mar 02
    > > 01
    > > 59:37 2005 (42250FF9)
    > >
    > > Unloaded modules:
    > > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > f7f10000 f7f11000 SiSPort.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    > > f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    > > f7f32000 f7f33000 SiSPort.sys Timestamp: unavailable (00000000)
    > > f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    > > f038e000 f03b8000 kmixer.sys Timestamp: unavailable (00000000)
    > > f0700000 f072a000 kmixer.sys Timestamp: unavailable (00000000)
    > > f7e1d000 f7e1e000 SiSPort.sys Timestamp: unavailable (00000000)
    > > f0a9a000 f0ac4000 kmixer.sys Timestamp: unavailable (00000000)
    > > f0c43000 f0c53000 Serial.SYS Timestamp: unavailable (00000000)
    > > f118b000 f11b5000 kmixer.sys Timestamp: unavailable (00000000)
    > > f7e1c000 f7e1d000 drmkaud.sys Timestamp: unavailable (00000000)
    > > f1603000 f1610000 DMusic.sys Timestamp: unavailable (00000000)
    > > f1613000 f1621000 swmidi.sys Timestamp: unavailable (00000000)
    > > f1255000 f1278000 aec.sys Timestamp: unavailable (00000000)
    > > f7d24000 f7d26000 splitter.sys Timestamp: unavailable (00000000)
    > > f7988000 f7991000 processr.sys Timestamp: unavailable (00000000)
    > > f7ac0000 f7ac5000 Cdaudio.SYS Timestamp: unavailable (00000000)
    > > f7ab8000 f7abd000 Flpydisk.SYS Timestamp: unavailable (00000000)
    > > f7ab0000 f7ab7000 Fdc.SYS Timestamp: unavailable (00000000)
    > >
    > > Finished dump check

    >
     
    Guest, Nov 23, 2005
    #3
  4. Hi,

    Did you read the steps posted by David in the post you tagged on to? That's
    where you need to start in order to figure out what's causing the trouble.
    Like David, I would be willing to look at the dump file if you want to
    forward it. Send it to the address used here, and use the subject line "per
    req".

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "Anthony" <> wrote in message
    news:...
    > Need help...
    > Under Event viewer, picking up a system error causing my XP Pro to reboot
    > and hang at times. Need HELP understanding what the error code means.
    > Error Code 100000d1, parameter1 00000010, parameter2 00000002, parameter3
    > 000000000, parameter4 f25facfe.
    >
    > What does this all mean and how can it help?
    > --
    > Anthony
    >
    >
    > "David Candy" wrote:
    >
    >> Dumpchk does nothing. You need to read 4 codes from it but they are in
    >> english in the Event Log. Yours are
    >>
    >> > BugCheckCode 100000d1
    >> > BugCheckParameter1 f676b328
    >> > BugCheckParameter2 00000002
    >> > BugCheckParameter3 00000000
    >> > BugCheckParameter4 f676b328

    >>
    >> 1nnnnnnn numbers have same meaning as 0nnnnnnn numbers. So you need to
    >> research 100000d1 and 000000d1 errors.
    >>
    >> If you want to solve a blue screen do this
    >>
    >> Type verifier in Start Run, follow the wizard but choose All Drivers.
    >> This will slow down your computer and cause more blue screen crashes but
    >> will pinpoint what is causing the crash (if the original error message
    >> didn't). Once you fix it you rerun verifier and turn it off.
    >>
    >> If you can't start after enabling verifier
    >> choose Last Known Good Configuration at the Failed Boot menu (which will
    >> start without verifier).
    >>
    >>
    >> You will be creating a crash dump file in c:\windows\minidump every blue
    >> screen. Make sure you are set to record minidumps (Small Memory Dumps) -
    >> type it in Help to see how.
    >>
    >> Then
    >>
    >> If you have the XP SP2 Security Update CD (else see
    >> http://www.microsoft.com/whdc/­devtools/debugging/symbolpkg.m­spx
    >> )
    >>
    >>
    >> Install symbols from <CD Drive Letter>:\SUPPORT\SYMBOLS
    >>
    >> Download
    >> http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
    >>
    >> Load the crash dump file into windbg
    >> and read what it says. You may need to tell it where the symbols are.
    >> Read it.
    >> Type
    >> !Analyze -v
    >> into Windbg's command line.
    >> (this will hopefully tell you the faulty component)
    >>
    >> If the above is too technical then email the crash dump files to davidc @
    >> mvps.org. Don't send me lots of them. Just the one from your last crash
    >> after you turn verifier on. And only one per mail.
    >>
    >> You can look up specific details here
    >> http://msdn.microsoft.com/library/d..._ea8b9fd0-2d81-4a04-a7ed-c1c6a80bd501.xml.asp
    >>
    >> If it indicates faulty memory might be the cause you can get a memory
    >> tester
    >> here
    >> http://oca.microsoft.com/en/wi­ndiag.asp
    >>
    >>
    >> If it mentions a core windows system file, meaning it a MS fix is
    >> required,
    >> upload a minidump to
    >>
    >> http://oca.microsoft.com
    >>
    >> Also try typing the main error code in Help while online (ie,
    >> Stop 0x50
    >> and also try in the 8 digit form
    >> stop 0x00000050)
    >> and if there are too many hits use a filename if available. Generally
    >> memory
    >> addresses are different for each computer (as each computer has a
    >> different
    >> mix of drivers) so parameters that are memory addresses aren't that
    >> useful for searching, but NTStatus codes are (plus you can look them up
    >> here
    >> http://cvs.sourceforge.net/viewcvs.py/mingw/w32api/include/ddk/ntstatus.h?rev=1.2).
    >>
    >>
    >>
    >> --
    >> --------------------------------------------------------------------------------------------------
    >> http://webdiary.smh.com.au/archives/_comment/001075.html
    >> =================================================
    >> "Jacques" <> wrote in message
    >> news:...
    >> >I had a blue screen .
    >> > On the Microsoft knowledge base, I saw the article 314084 (
    >> > http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee )
    >> > which
    >> > explains how to gather information after a memory dump in Windows XP.
    >> > It says
    >> > that using dumpchk.exe , one can get a value for ExceptionAddress. The
    >> > problem is that when I use dumpchk.exe, I don't see any field called
    >> > ExceptionAddress.
    >> > I would like to identify the driver that caused the exception.
    >> > Can you help ?
    >> > Here is the content of the dumpcheck :
    >> > C:\WINDOWS\Minidump>dumpchk Mini092005-01.dmp
    >> > Loading dump file Mini092005-01.dmp
    >> > ----- 32 bit Kernel Mini Dump Analysis
    >> >
    >> > DUMP_HEADER32:
    >> > MajorVersion 0000000f
    >> > MinorVersion 00000a28
    >> > DirectoryTableBase 00039000
    >> > PfnDataBase 81d53000
    >> > PsLoadedModuleList 8055a420
    >> > PsActiveProcessHead 805604d8
    >> > MachineImageType 0000014c
    >> > NumberProcessors 00000001
    >> > BugCheckCode 100000d1
    >> > BugCheckParameter1 f676b328
    >> > BugCheckParameter2 00000002
    >> > BugCheckParameter3 00000000
    >> > BugCheckParameter4 f676b328
    >> > PaeEnabled 00000000
    >> > KdDebuggerDataBlock 8054c060
    >> > MiniDumpFields 00000dff
    >> >
    >> > TRIAGE_DUMP32:
    >> > ServicePackBuild 00000200
    >> > SizeOfDump 00010000
    >> > ValidOffset 0000fffc
    >> > ContextOffset 00000320
    >> > ExceptionOffset 000007d0
    >> > MmOffset 00001068
    >> > UnloadedDriversOffset 000010a0
    >> > PrcbOffset 00001878
    >> > ProcessOffset 000024c8
    >> > ThreadOffset 00002728
    >> > CallStackOffset 00002980
    >> > SizeOfCallStack 000005a0
    >> > DriverListOffset 000031b0
    >> > DriverCount 0000009c
    >> > StringPoolOffset 00006000
    >> > StringPoolSize 000015c8
    >> > BrokenDriverOffset 00000000
    >> > TriageOptions 00000041
    >> > TopOfStack 8054fee0
    >> > DebuggerDataOffset 00002f20
    >> > DebuggerDataSize 00000290
    >> > DataBlocksOffset 000075c8
    >> > DataBlocksCount 00000003
    >> >
    >> >
    >> > Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    >> > Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
    >> > Debug session time: Tue Sep 20 20:46:24 2005
    >> > System Uptime: 0 days 12:46:09
    >> > start end module name
    >> > 804d7000 806eb100 nt Checksum: 002198AF Timestamp: Wed
    >> > Mar 02
    >> > 01
    >> > 59:37 2005 (42250FF9)
    >> >
    >> > Unloaded modules:
    >> > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f7f10000 f7f11000 SiSPort.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f7f32000 f7f33000 SiSPort.sys Timestamp: unavailable (00000000)
    >> > f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f038e000 f03b8000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f0700000 f072a000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f7e1d000 f7e1e000 SiSPort.sys Timestamp: unavailable (00000000)
    >> > f0a9a000 f0ac4000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f0c43000 f0c53000 Serial.SYS Timestamp: unavailable (00000000)
    >> > f118b000 f11b5000 kmixer.sys Timestamp: unavailable (00000000)
    >> > f7e1c000 f7e1d000 drmkaud.sys Timestamp: unavailable (00000000)
    >> > f1603000 f1610000 DMusic.sys Timestamp: unavailable (00000000)
    >> > f1613000 f1621000 swmidi.sys Timestamp: unavailable (00000000)
    >> > f1255000 f1278000 aec.sys Timestamp: unavailable (00000000)
    >> > f7d24000 f7d26000 splitter.sys Timestamp: unavailable (00000000)
    >> > f7988000 f7991000 processr.sys Timestamp: unavailable (00000000)
    >> > f7ac0000 f7ac5000 Cdaudio.SYS Timestamp: unavailable (00000000)
    >> > f7ab8000 f7abd000 Flpydisk.SYS Timestamp: unavailable (00000000)
    >> > f7ab0000 f7ab7000 Fdc.SYS Timestamp: unavailable (00000000)
    >> >
    >> > Finished dump check

    >>
     
    Rick \Nutcase\ Rogers, Nov 24, 2005
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Denise

    Debug Dump Files

    Denise, Dec 2, 2003, in forum: Windows XP General
    Replies:
    3
    Views:
    455
    Ian Smythe
    Dec 2, 2003
  2. DRS

    debug dump files

    DRS, Dec 7, 2003, in forum: Windows XP General
    Replies:
    1
    Views:
    2,476
    Rick \Nutcase\ Rogers
    Dec 7, 2003
  3. Yves

    Disk Cleanup (Debug Dump Files)

    Yves, Dec 14, 2003, in forum: Windows XP General
    Replies:
    0
    Views:
    417
  4. RickO'Shay

    Clean up Debug Dump files?

    RickO'Shay, Jan 14, 2004, in forum: Windows XP General
    Replies:
    0
    Views:
    675
    RickO'Shay
    Jan 14, 2004
  5. Guest

    How to debug a memory dump ?

    Guest, Jul 27, 2005, in forum: Windows XP General
    Replies:
    5
    Views:
    230
    Guest
    Jul 28, 2005
Loading...

Share This Page