G
Guest
I had a blue screen .
On the Microsoft knowledge base, I saw the article 314084 (
http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee ) which
explains how to gather information after a memory dump in Windows XP. It says
that using dumpchk.exe , one can get a value for ExceptionAddress. The
problem is that when I use dumpchk.exe, I don't see any field called
ExceptionAddress.
I would like to identify the driver that caused the exception.
Can you help ?
Here is the content of the dumpcheck :
C:\WINDOWS\Minidump>dumpchk Mini092005-01.dmp
Loading dump file Mini092005-01.dmp
----- 32 bit Kernel Mini Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 00039000
PfnDataBase 81d53000
PsLoadedModuleList 8055a420
PsActiveProcessHead 805604d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 100000d1
BugCheckParameter1 f676b328
BugCheckParameter2 00000002
BugCheckParameter3 00000000
BugCheckParameter4 f676b328
PaeEnabled 00000000
KdDebuggerDataBlock 8054c060
MiniDumpFields 00000dff
TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 000005a0
DriverListOffset 000031b0
DriverCount 0000009c
StringPoolOffset 00006000
StringPoolSize 000015c8
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack 8054fee0
DebuggerDataOffset 00002f20
DebuggerDataSize 00000290
DataBlocksOffset 000075c8
DataBlocksCount 00000003
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Sep 20 20:46:24 2005
System Uptime: 0 days 12:46:09
start end module name
804d7000 806eb100 nt Checksum: 002198AF Timestamp: Wed Mar 02
01
59:37 2005 (42250FF9)
Unloaded modules:
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
f7f10000 f7f11000 SiSPort.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
f7f32000 f7f33000 SiSPort.sys Timestamp: unavailable (00000000)
f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
f038e000 f03b8000 kmixer.sys Timestamp: unavailable (00000000)
f0700000 f072a000 kmixer.sys Timestamp: unavailable (00000000)
f7e1d000 f7e1e000 SiSPort.sys Timestamp: unavailable (00000000)
f0a9a000 f0ac4000 kmixer.sys Timestamp: unavailable (00000000)
f0c43000 f0c53000 Serial.SYS Timestamp: unavailable (00000000)
f118b000 f11b5000 kmixer.sys Timestamp: unavailable (00000000)
f7e1c000 f7e1d000 drmkaud.sys Timestamp: unavailable (00000000)
f1603000 f1610000 DMusic.sys Timestamp: unavailable (00000000)
f1613000 f1621000 swmidi.sys Timestamp: unavailable (00000000)
f1255000 f1278000 aec.sys Timestamp: unavailable (00000000)
f7d24000 f7d26000 splitter.sys Timestamp: unavailable (00000000)
f7988000 f7991000 processr.sys Timestamp: unavailable (00000000)
f7ac0000 f7ac5000 Cdaudio.SYS Timestamp: unavailable (00000000)
f7ab8000 f7abd000 Flpydisk.SYS Timestamp: unavailable (00000000)
f7ab0000 f7ab7000 Fdc.SYS Timestamp: unavailable (00000000)
Finished dump check
On the Microsoft knowledge base, I saw the article 314084 (
http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee ) which
explains how to gather information after a memory dump in Windows XP. It says
that using dumpchk.exe , one can get a value for ExceptionAddress. The
problem is that when I use dumpchk.exe, I don't see any field called
ExceptionAddress.
I would like to identify the driver that caused the exception.
Can you help ?
Here is the content of the dumpcheck :
C:\WINDOWS\Minidump>dumpchk Mini092005-01.dmp
Loading dump file Mini092005-01.dmp
----- 32 bit Kernel Mini Dump Analysis
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 00039000
PfnDataBase 81d53000
PsLoadedModuleList 8055a420
PsActiveProcessHead 805604d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 100000d1
BugCheckParameter1 f676b328
BugCheckParameter2 00000002
BugCheckParameter3 00000000
BugCheckParameter4 f676b328
PaeEnabled 00000000
KdDebuggerDataBlock 8054c060
MiniDumpFields 00000dff
TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 000005a0
DriverListOffset 000031b0
DriverCount 0000009c
StringPoolOffset 00006000
StringPoolSize 000015c8
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack 8054fee0
DebuggerDataOffset 00002f20
DebuggerDataSize 00000290
DataBlocksOffset 000075c8
DataBlocksCount 00000003
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Sep 20 20:46:24 2005
System Uptime: 0 days 12:46:09
start end module name
804d7000 806eb100 nt Checksum: 002198AF Timestamp: Wed Mar 02
01
59:37 2005 (42250FF9)
Unloaded modules:
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efac8000 efaf2000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
f7f10000 f7f11000 SiSPort.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
efd9a000 efdc4000 kmixer.sys Timestamp: unavailable (00000000)
f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
f7f32000 f7f33000 SiSPort.sys Timestamp: unavailable (00000000)
f02c4000 f02ee000 kmixer.sys Timestamp: unavailable (00000000)
f038e000 f03b8000 kmixer.sys Timestamp: unavailable (00000000)
f0700000 f072a000 kmixer.sys Timestamp: unavailable (00000000)
f7e1d000 f7e1e000 SiSPort.sys Timestamp: unavailable (00000000)
f0a9a000 f0ac4000 kmixer.sys Timestamp: unavailable (00000000)
f0c43000 f0c53000 Serial.SYS Timestamp: unavailable (00000000)
f118b000 f11b5000 kmixer.sys Timestamp: unavailable (00000000)
f7e1c000 f7e1d000 drmkaud.sys Timestamp: unavailable (00000000)
f1603000 f1610000 DMusic.sys Timestamp: unavailable (00000000)
f1613000 f1621000 swmidi.sys Timestamp: unavailable (00000000)
f1255000 f1278000 aec.sys Timestamp: unavailable (00000000)
f7d24000 f7d26000 splitter.sys Timestamp: unavailable (00000000)
f7988000 f7991000 processr.sys Timestamp: unavailable (00000000)
f7ac0000 f7ac5000 Cdaudio.SYS Timestamp: unavailable (00000000)
f7ab8000 f7abd000 Flpydisk.SYS Timestamp: unavailable (00000000)
f7ab0000 f7ab7000 Fdc.SYS Timestamp: unavailable (00000000)
Finished dump check