BSOD & dmp file help

T

tbrox

My new home built computer Vista 32 business, intel x38 chipset, intel Q6600
quad core CPU and 4 x 1GB 1066 Kingston RAM blue screens and reboots at least
once every 24 hours. The blue screen goes by so fast I'm unable to record any
of the information. I have upgraded and verifyed all the drivers I can think
of and MB BIOS.

From what I can tell my biggest clue is in the mini.dmp file. I have read
the Microsoft article on how to read and extract the information from this
file but it is very confusing.

Is there anyone out there willing to analyze one or more of my mini.dmp file
for me and help me narrow down what is causing my BSOD. I have to fix this,
this computer is used for work and I can't have it rebooting anytime it
chokes.

I can provide more system specifics and what I have done if that will help.

Thanks in advance.
 
L

Laszlo Dobos

you can disable auto-restart after a crash to read the info on the blue screen.
right click on the computer, properties, left side advanced system settings...
startup and recovery SETTINGS...disable automatically restart!
 
T

tbrox

Thanks Laszlo, I just made that change. In the mean time I tried to use
Windbg to read my latest dump file. I don't know if I did it right or not and
I really don't know what it is telling me but I'm going to post it below.
Maybe someone can make some sense out of it for me.

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini011108-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\windows\symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntkrnlpa.exe
Windows Vista Kernel Version 6000 MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Fri Jan 11 00:03:07.526 2008 (GMT-8)
System Uptime: 1 days 16:37:26.916
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for
ntkrnlpa.exe
Loading Kernel Symbols
.....................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 99adb724, 99253c14, 0}

*** WARNING: Unable to verify timestamp for win32k.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

MODULE_NAME: win32k

FAULTING_MODULE: 81c00000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 46d4d163

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
+ffffffff99adb724
99adb724 ?? ???

TRAP_FRAME: 99253c14 -- (.trap 0xffffffff99253c14)
ErrCode = 00000002
eax=00000001 ebx=00000000 ecx=95adb944 edx=08b77970 esi=00000001 edi=00000000
eip=99adb724 esp=99253c88 ebp=99253c90 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
99adb724 ?? ???
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x8E

LAST_CONTROL_TRANSFER: from ff5b41d0 to 99adb724

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
99253c84 ff5b41d0 00000000 99253ce8 95ad9976 0x99adb724
99253c90 95ad9976 000025ff 00000000 00000001 0xff5b41d0
99253ce8 95add983 81253d18 000025ff 00000000
win32k!xxxRealInternalGetMessage+0x4f4
99253d4c 81c8caaa 0160ff44 00000000 00000000 win32k!NtUserGetMessage+0x85
99253d64 77740f34 badb0d00 0160fef4 00000000 nt+0x8caaa
99253d68 badb0d00 0160fef4 00000000 00000000 0x77740f34
99253d6c 0160fef4 00000000 00000000 00000000 0xbadb0d00
99253d70 00000000 00000000 00000000 00000000 0x160fef4


STACK_COMMAND: kb

FOLLOWUP_IP:
win32k!xxxRealInternalGetMessage+4f4
95ad9976 ?? ???

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: win32k!xxxRealInternalGetMessage+4f4

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: win32k.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

3: kd> lmvm win32k
start end module name
95a00000 95bff000 win32k M (pdb symbols)
C:\windows\symbols\sys\win32k.pdb
Loaded symbol image file: win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Tue Aug 28 18:52:35 2007 (46D4D163)
CheckSum: 001F53A2
ImageSize: 001FF000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
 
A

Alun Harford

tbrox said:
Thanks Laszlo, I just made that change. In the mean time I tried to use
Windbg to read my latest dump file. I don't know if I did it right or not and
I really don't know what it is telling me but I'm going to post it below.
Click to expand...

Almost right.
Load Windbg, open the dump file, and go to File -> Symbol File Path...
Enter: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Then retry: !analyze -v

Alun Harford
 
K

Ken Blake, MVP

My new home built computer Vista 32 business, intel x38 chipset, intel Q6600
quad core CPU and 4 x 1GB 1066 Kingston RAM blue screens and reboots at least
once every 24 hours. The blue screen goes by so fast I'm unable to record any
of the information.
Click to expand...


You are blue-screening, and you are set to the default of rebooting
whenever that happens. Right-click My Computer, and choose Properties.
On the Advanced tab, click Settings under Startup and Recovery. Under
System failure, uncheck the box "Automatically restart.

Now when the problem occurs again, instead of restarting, you will get
the blue screen with diagnostic information. Post back with those
details for more help.
 
T

tbrox

Alun,

I did as you suggested. I cut and pasted your command and path and I also
endered the path c:\windows\sysmbols because that is where they are
installed. I tried entering the path before and after opening the crashed
dump file. I'm still getting messages that I'm using the wrong symbols

"DEFAULT_BUCKET_ID: WRONG_SYMBOLS"

"Your debugger is not using the correct symbols"

I downloaded the Vista RTM X86 retail symbols but notice there was also a
Vista RTM x86 checked symbols pack. Should I be using the checked pack
instead of the retail pack?

I also ran into a hardware failure yesterday. I was running memtestx86 for a
few hours yesterday thinking I might have a memory problem. After rebooting
my motherboard internal NIC was gone. Even when I dual booted into Windows XP
64 it was gone. I turned off the computer for the night and this morning
before turning it on I unplugged it for a minute. then on the reboot and
after logging in I got a BSOD. No driver file was specified and I wrote
everything down. Upon the next reboot my NIC was back and working and the
popup error message alerted me that I had a hardware failure. Maybe I'm
looking at a brand new motherboard that is failing? By the way memtestx86
reported over 150 memory errors and it was only 26% done. I'm running
Kingston HyperX PC8500 DDR2. What do you think?
 
T

tbrox

Thanks Ken I just got another BSOD. Here is the information.

Stop: 0x0000008e (0x00000005, 0x954B1987, 0x9D63FBE0, 0x00000000)

win32k.sys - Address 954B1987 base at 95400000, date stamp 46d4d163

After the reboot I got this:

Bc code 10000008e
bcp1 c00000005
bcp2 954B1987
bcp3 9D63FBE0
bcp4 00000000
 
A

Alun Harford

tbrox said:
I also ran into a hardware failure yesterday. I was running memtestx86 for a
few hours yesterday thinking I might have a memory problem. After rebooting
my motherboard internal NIC was gone. Even when I dual booted into Windows XP
64 it was gone. I turned off the computer for the night and this morning
before turning it on I unplugged it for a minute. then on the reboot and
after logging in I got a BSOD. No driver file was specified and I wrote
everything down. Upon the next reboot my NIC was back and working and the
popup error message alerted me that I had a hardware failure. Maybe I'm
looking at a brand new motherboard that is failing? By the way memtestx86
reported over 150 memory errors and it was only 26% done. I'm running
Kingston HyperX PC8500 DDR2. What do you think?
Click to expand...

If memtestx86 is reporting errors, your memory is faulty.

I believe Kingston do a lifetime warranty on their memory.

Alun Harford
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

BSOD help please 5
4 BSOD within 10 minutes 0
yes.. another BSOD question... 2
Windows 7 and NVidia cards BSOD 5
Strange BSOD 2
Vista 64 BSOD with IE 3
BSOD whenever I play a video file 15
Vista BSOD 4

Top