analysing memory dumps

R

Ross

I have read technet article
http://support.microsoft.com/default.aspx?scid=kb;en-
us;314084&sd=ee

I am trying to locate the address of the driver that
caused the exception, so I can then run pstat.exe. In the
article it says I should look at the exceptionaddress.
Unfortunately, that parameter is not in these dumps?

can anyone help? Please email me.

dump given below

C:\Program Files\Support Tools>dumpchk viv1.dmp
Loading dump file viv1.dmp
----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 187b6000
PfnDataBase 80c51000
PsLoadedModuleList 80543530
PsActiveProcessHead 80545578
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 1000008e
BugCheckParameter1 c0000005
BugCheckParameter2 bf87797a
BugCheckParameter3 bac65b50
BugCheckParameter4 00000000
PaeEnabled 00000000
KdDebuggerDataBlock 805353e0
MiniDumpFields 00000dff

TRIAGE_DUMP32:
ServicePackBuild 00000100
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002720
CallStackOffset 00002978
SizeOfCallStack 0000043c
DriverListOffset 00003048
DriverCount 00000079
StringPoolOffset 00005438
StringPoolSize 000010c0
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack bac65bc4
DebuggerDataOffset 00002db8
DebuggerDataSize 00000290
DataBlocksOffset 000064f8
DataBlocksCount 00000005

Windows XP Kernel Version 2600 (Service Pack 1) UP Free
x86 compatible
Kernel base = 0x804d4000 PsLoadedModuleList = 0x80543530
Debug session time: Wed Jul 21 11:06:49 2004
System Uptime: 0 days 2:50:22
start end module name
804d4000 806aa280 nt Checksum: 001E311B
Timestamp: Thu Apr 24 16:
57:43 2003 (3EA80977)

Unloaded modules:
ba7da000 ba801000 kmixer.sys Timestamp: unavailable
(00000000)
ba7da000 ba801000 kmixer.sys Timestamp: unavailable
(00000000)
ba7da000 ba801000 kmixer.sys Timestamp: unavailable
(00000000)
ba7da000 ba801000 kmixer.sys Timestamp: unavailable
(00000000)
ba7da000 ba801000 kmixer.sys Timestamp: unavailable
(00000000)
ba7da000 ba801000 kmixer.sys Timestamp: unavailable
(00000000)
ba7da000 ba801000 kmixer.sys Timestamp: unavailable
(00000000)
badc6000 baded000 kmixer.sys Timestamp: unavailable
(00000000)
f8b62000 f8b63000 drmkaud.sys Timestamp: unavailable
(00000000)
ec01c000 ec029000 DMusic.sys Timestamp: unavailable
(00000000)
eba13000 eba21000 swmidi.sys Timestamp: unavailable
(00000000)
baeb5000 baed8000 aec.sys Timestamp: unavailable
(00000000)
f8adb000 f8add000 splitter.sys Timestamp: unavailable
(00000000)
f85d5000 f85df000 Imapi.SYS Timestamp: unavailable
(00000000)
f8895000 f889a000 Cdaudio.SYS Timestamp: unavailable
(00000000)
f8354000 f8357000 Sfloppy.SYS Timestamp: unavailable
(00000000)

Finished dump check

C:\Program Files\Support Tools>
 
A

Alex Nichol

Ross said:
I am trying to locate the address of the driver that
caused the exception, so I can then run pstat.exe. In the
article it says I should look at the exceptionaddress.
Unfortunately, that parameter is not in these dumps?
Click to expand...

Usually best to turn off autorestart and dump, and let it Blue Screen.
When it's a driver the name of the file will then normally appear in
the bottom line - something.sys
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows Keeps Crashing - Blue Screen of Death! Please help 9
How to debug a memory dump ? 3
How can I to interprate this... 1
help with memory dump! 4
Spontaneous Reboot, XP Home, PAGE_FAULT_IN_NONPAGED_AREA 3
Windows XP Blue Screen issues 1
0x00000044 error on HP D330 with XP 1
blue screen 1

Top