Analysing DUMP files

[brian]

How do you debug or analyse a DMP file?

I am getting a number of STOP ERROR's every day on a
Windows 2000 SP4 machine. They produce a DUMP file but i
dont know how to analyse it.

Could someone tell me how so i can get to the bottom of
this problem?

I have changed the memory and have tried uninstalling a
number of applications installed on the machine but with
no joy.

Many thanks

Brian

 

[Jason Hall [MSFT]]

--------------------

Content-Class: urn:content-classes:message
From: "brian" <[email protected]>
Sender: "brian" <[email protected]>
Subject: Analysing DUMP files
Date: Wed, 2 Jun 2004 01:12:58 -0700

How do you debug or analyse a DMP file?

I am getting a number of STOP ERROR's every day on a
Windows 2000 SP4 machine. They produce a DUMP file but i
dont know how to analyse it.

Could someone tell me how so i can get to the bottom of
this problem?

I have changed the memory and have tried uninstalling a
number of applications installed on the machine but with
no joy.

Many thanks

Brian

--------------------

**** LINKS ****
Bugcheck Codes and Info:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ddtools/hh/
ddtools/bcintro_3dkj.asp

Debugging Tools Download:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7c6ec49c-a8f7-4323-
b583-6a7a6aeb5e66&displaylang=en

Debugging Tools and Symbols: Getting Started
http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx


--
~~ JASON HALL ~~
~ Performance Support Specialist,
~ Microsoft Enterprise Platforms Support
~ This posting is provided "AS IS" with no warranties, and confers no
rights.
~ Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
~ Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

 

[Guest]

Here's a FYI I found

Here are the basic steps I've used to analyze a dump file (memory.dmp or mini122503-01.dmp files) to try and find the cause of a system crash

Disclaimer - I am a novice just getting started with debugging memory dump

1. Get the latest version of Debugging Tools for Windows (windbg): http://www.microsoft.com/ddk/debugging/installx86.as

2. Get the latest symbol files from the same lin

3. Install the Debugging Tools and extract the symbol file

4. Launch windbg passing it the location of the symbol files, the source files (i386 directory) and the dumpfile. Example

windbg -y SRV*c:\winnt\symbols -i d:\i386 -z "c:\winnt\minidump\Mini011603-01.dmp

Note: the i386 directory should be at the same level (i.e. Service Pack) as the system that created the .dmp file. I use an SP3 slipstreamed install CD

I have no idea what to do with the Disassembly window that comes up so I close it and go to the main window

5. At the bottom of the Command window there is a kd> prompt. The following commands are entered into that promp

6. kd>!analyze -

7. Two things to look for in the results: the memory referenced and the FAULTING_I

8. kd>lv

This will produce a listing of modules and their memory location. Look to see which module's memory the memory referenced identified above falls in. That usually indicates the process that caused the crashed and will probably match the FAULTING_IP if listed

9. Also informative: kd>.reload -

Note - again, I just close and ignore the Disassembly window.