Minidump how to read it.

  • Thread starter Frank Santiesteban
  • Start date
F

Frank Santiesteban

Can someone help me read my minidump, I have no clue what
I'm looking for. This is the information.

***********************************************************
*****
**
** Windows 2000 Crash Dump Analysis
**
***********************************************************
*****
*
Filename . . . . . . .mini110503-01.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2195
DirectoryTableBase . .0x248f1000
PfnDataBase. . . . . .0x829ab000
PsLoadedModuleList . .0x8046d9f0
PsActiveProcessHead. .0x8046dcb0
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x00000005
BugCheckParameter1 . .0x82980be0
BugCheckParameter2 . .0x828a14e0
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0xeb81fff8

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x8042ba40


**** could not load kernel debugger extenion dll [
kdextx86.dll ]

***********************************************************
*****
** Symbol File Load Log
***********************************************************
*****

Module CheckSum
ntoskrnl.exe 001AD483
hal.dll 0002362D
BOOTVID.DLL 0000D8A2
ACPI.sys 00036141
WMILIB.SYS 00008BFD
pci.sys 00015EBC
isapnp.sys 0001ADB1
pciide.sys 0000E66F
PCIIDEX.SYS 0000DE8C
MountMgr.sys 00014162
ftdisk.sys 0001D3BC
Diskperf.sys 00006CE8
dmload.sys 0000B8B0
dmio.sys 0002DA3B
PartMgr.sys 0000DF75
atapi.sys 00021BAE
disk.sys 0000F20D
CLASSPNP.SYS 0000BDD7
KSecDD.sys 0001735D
Ntfs.sys 0008B0E2
NDIS.sys 00034BC1
Mup.sys 00025138
VIDEOPRT.SYS 0001C29A
ialmnt5.sys 0001ABA4
USBD.SYS 00009E7E
uhcd.sys 0001678F
USBPORT.SYS 0002D6EA
usbehci.sys 00006C3D
vtacom.sys 000120AC
**** Error: overlapping image conflict. Invalid dump file.
i8042prt.sys 00012F94
mouclass.sys 0000D72E
kbdclass.sys 00014DB7
parport.sys 000063B4
serial.sys 0001D024
serenum.sys 0000F5FE
fdc.sys 0001553C
Cdr4_2K.SYS 0001059D
cdrom.sys 00011B4B
Cdralw2k.SYS 00013574
**** Error Loading Image
Module: KS.SYS
Image File: None
Debug File: None
CheckSum: 22F68
Error: Incorrect Image File

portcls.sys 0002F4F0
smwdm.sys 00090463
aeaudio.sys 00021368
audstub.sys 00008EF7
rasl2tp.sys 00014A34
ndistapi.sys 0000B34D
ndiswan.sys 0001E9B7
TDI.SYS 000122D0
raspptp.sys 0000CF45
ptilink.sys 0000D9AF
raspti.sys 0000FED0
parallel.sys 00019AD2
swenum.sys 0000B910
update.sys 0002B70C
ialmkchw.sys 0001F121
ialmsbw.sys 0002824E
usbhub.sys 00010A0B
usbhub20.sys 00014278
flpydisk.sys 00009D83
NDProxy.SYS 000121C3
EFS.SYS 00014916
Fs_Rec.SYS 0001057D
Null.SYS 000023CE
Beep.SYS 0000C54F
vga.sys 0001047D
mnmdd.SYS 0000F6C2
Msfs.SYS 0000E5FA
Npfs.SYS 00017E60
rasacd.sys 0000F369
tcpip.sys 00056B95
msgpc.sys 000122E3
wanarp.sys 00015051
netbt.sys 0003179C
netbios.sys 0000B5C1
rdbss.sys 0003159B
mrxsmb.sys 000615C2
dump_WMILIB.SYS 00008BFD
dump_atapi.sys 00021BAE
**** Error Loading Image
Module: win32k.sys
Image File: None
Debug File: None
CheckSum: 1956E8
Error: Incorrect Image File

**** Error: overlapping image conflict. Invalid dump file.
ialmrnt5.dll 00015B21
ialmdev5.DLL 000360D4
**** Error: overlapping image conflict. Invalid dump file.
afd.sys 000240A6
ParVdm.SYS 0000770B
Fips.SYS 0001050B
**** Error Loading Image
Module: NAVAPEL.SYS
Image File: None
Debug File: None
CheckSum: 10EDA
Error: Could not find image

srv.sys 0003E1D3
wdmaud.sys 00018FA8
sysaudio.sys 000169FE
Cdfs.SYS 0000F059
Fastfat.SYS 0002B0BB
ipsec.sys 0001DED4
SYMEVENT.SYS 00013B72
**** Error Loading Image
Module: NAVAP.sys
Image File: None
Debug File: None
CheckSum: 39D09
Error: Could not find image

**** Error Loading Image
Module: NAVEX15.sys
Image File: None
Debug File: None
CheckSum: 8900D
Error: Could not find image

**** Error Loading Image
Module: NAVENG.sys
Image File: None
Debug File: None
CheckSum: 1CFAE
Error: Could not find image

kmixer.sys 00025DD2

***********************************************************
*****
** drivers
***********************************************************
*****

Base Size CheckSum Image Name
80400000 001a2140 001ad483 ntoskrnl.exe
80062000 000140c0 0002362d hal.dll
eb810000 00002a20 0000d8a2 BOOTVID.DLL
bffd8000 00027c40 00036141 ACPI.sys
eb9c8000 00000f80 00008bfd WMILIB.SYS
eb400000 0000e660 00015ebc pci.sys
eb410000 0000b680 0001adb1 isapnp.sys
eb9c9000 00000b00 0000e66f pciide.sys
eb680000 00005500 0000de8c PCIIDEX.SYS
eb688000 00007180 00014162 MountMgr.sys
bffbb000 0001c1a0 0001d3bc ftdisk.sys
eb900000 00001d20 00006ce8 Diskperf.sys
eb902000 00001b80 0000b8b0 dmload.sys
bff99000 000219c0 0002da3b dmio.sys
eb814000 00002d00 0000df75 PartMgr.sys
bff83000 000151a0 00021bae atapi.sys
eb690000 000073c0 0000f20d disk.sys
eb420000 00008560 0000bdd7 CLASSPNP.SYS
bff71000 00011540 0001735d KSecDD.sys
bfeee000 00082720 0008b0e2 Ntfs.sys
bfec5000 00028ca0 00034bc1 NDIS.sys
bfeaf000 000152e0 00025138 Mup.sys
eb450000 0000c4c0 0001c29a VIDEOPRT.SYS
bfe78000 000162e0 0001aba4 ialmnt5.sys
eb6c8000 00004f80 00009e7e USBD.SYS
eb6b8000 00007e20 0001678f uhcd.sys
bfe56000 000211e0 0002d6ea USBPORT.SYS
eb6d8000 00004a00 00006c3d usbehci.sys
eb6e0000 00004ec0 000120ac vtacom.sys
bfe34000 00022000 00026ac4 e100bnt5.sys
eb460000 0000b6a0 00012f94 i8042prt.sys
eb6f0000 00005380 0000d72e mouclass.sys
eb700000 00005e40 00014db7 kbdclass.sys
eb710000 00006100 000063b4 parport.sys
eb470000 0000f320 0001d024 serial.sys
eb884000 00003560 0000f5fe serenum.sys
eb728000 00000000 0001553c fdc.sys
eb480000 0000e180 0001059d Cdr4_2K.SYS
eb740000 00006c20 00011b4b cdrom.sys
eb750000 00005560 00013574 Cdralw2k.SYS
bfd6e000 0001fd00 00022f68 KS.SYS
bfd8e000 00024200 0002f4f0 portcls.sys
bfdb3000 00080c00 00090463 smwdm.sys
bfd56000 00017220 00021368 aeaudio.sys
eb9fc000 00000a40 00008ef7 audstub.sys
eb490000 0000ca80 00014a34 rasl2tp.sys
eb890000 000022c0 0000b34d ndistapi.sys
bfd3f000 00016aa0 0001e9b7 ndiswan.sys
eb8a0000 00003e60 000122d0 TDI.SYS
eb4a0000 0000b520 0000cf45 raspptp.sys
eb790000 00004400 0000d9af ptilink.sys
eb7a0000 000040e0 0000fed0 raspti.sys
eb4b0000 0000ea20 00019ad2 parallel.sys
eb9fd000 00001000 0000b910 swenum.sys
bfd1c000 000222a0 0002b70c update.sys
b7c88000 000133a0 0001f121 ialmkchw.sys
b7c6c000 0001bb60 0002824e ialmsbw.sys
eb4d0000 00009ba0 00010a0b usbhub.sys
eb4e0000 0000bfe0 00014278 usbhub20.sys
eb7d0000 00004a60 00009d83 flpydisk.sys
eb500000 00009ce0 000121c3 NDProxy.SYS
eb7e0000 00006a20 00014916 EFS.SYS
eb912000 00001ca0 0001057d Fs_Rec.SYS
eba07000 000009e0 000023ce Null.SYS
eba08000 00000ee0 0000c54f Beep.SYS
eb8d8000 00003580 0001047d vga.sys
eba09000 00000f80 0000f6c2 mnmdd.SYS
eb800000 00005240 0000e5fa Msfs.SYS
eb510000 00008fa0 00017e60 Npfs.SYS
eb91a000 00001e40 0000f369 rasacd.sys
b7b53000 000505e0 00056b95 tcpip.sys
eb520000 000086c0 000122e3 msgpc.sys
eb6a0000 00007d00 00015051 wanarp.sys
b7b2e000 00024500 0003179c netbt.sys
eb530000 000081a0 0000b5c1 netbios.sys
b7a6c000 00021920 0003159b rdbss.sys
b79fc000 0005d8a0 000615c2 mrxsmb.sys
eba0a000 00000f80 00008bfd dump_WMILIB.SYS
b79be000 000151a0 00021bae dump_atapi.sys
a0000000 001911e0 001956e8 win32k.sys
b799c000 00000000 0001e038 ialmdnt5.dll
eb570000 00000000 00015b21 ialmrnt5.dll
b796e000 0002de00 000360d4 ialmdev5.DLL
b78f8000 00000000 0007044c ialmdd5.DLL
b779a000 0001dd40 000240a6 afd.sys
eb982000 00001860 0000770b ParVdm.SYS
b7a9e000 00008240 0001050b Fips.SYS
eb9a6000 00001b60 00010eda NAVAPEL.SYS
b7710000 00039e80 0003e1d3 srv.sys
b7635000 00012060 00018fa8 wdmaud.sys
eb550000 0000ba80 000169fe sysaudio.sys
b7678000 0000eda0 0000f059 Cdfs.SYS
b74fd000 000223c0 0002b0bb Fastfat.SYS
b721b000 00013ac0 0001ded4 ipsec.sys
b748d000 0000dae0 00013b72 SYMEVENT.SYS
b71cb000 00027ea0 00039d09 NAVAP.sys
b70a8000 000826e0 0008900d NAVEX15.sys
b7688000 0000f400 0001cfae NAVENG.sys
b6ea3000 00024220 00025dd2 kmixer.sys

***********************************************************
*****
** Process
***********************************************************
*****

PROCESS: SessionId: 0 Cid: 0000 Peb: 00000000
ParentCid: 0000
DirBase: 00030000 ObjectTable: 829a56a8 TableSize:
0.
Image: Idle
VadRoot 0 Clone 0 Private 0. Modified 0. Locked 0.
DeviceMap 0
Process Lock Owned by Thread 0
Token e10017f0
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (4, 50, 450) (16KB,
200KB, 1800KB)
PeakWorkingSetSize 4
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 1
MemoryPriority BACKGROUND
BasePriority 0
CommitCharge 0


***********************************************************
*****
** Thread
***********************************************************
*****

THREAD Cid 0.0 Teb: 00000000 Win32Thread: 00000000
RUNNING
Owning Process 8046f5e0
WaitTime (seconds) 78861
Context Switch Count 96007
Start Address 0x00000000
Stack Init 80473ac0 Current 80472dcc Base 80473ac0 Limit
80470ac0 Call 0
Priority 16 BasePriority 0 PriorityDecrement 0
DecrementCount 0


***********************************************************
*****
** Register Dump For Processor #0
***********************************************************
*****

eax=ffdff13c ebx=00000005 ecx=82980be0 edx=00000000
esi=82393020 edi=82980be0
eip=8042ba40 esp=eb81f2b0 ebp=eb81f2d0 iopl=0 nv
up di pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00000286
cr0=8001003b cr2=01300000 cr3=00030000 dr0=00000000
dr1=00000000 dr2=00000000
dr3=00000000 dr6=ffff0ff0 dr7=00000400 cr4=000006d1
gdtr=80036000 gdtl=03ff idtr=80036400 idtl=07ff
tr=0028 ldtr=0000


***********************************************************
*****
** Stack Trace
***********************************************************
*****

ChildEBP RetAddr Args to Child
eb81f2d0 00000000 00000000 00000000 00000000 NTOSKRNL!
KeStackAttachProcess+0x3e
 
M

Matthew Mucker [MSFT]

To really look at a dump, you need the debugging tools from the MSDN website
and a working knowledge of x86 assembly language and Windows internals.

This particular crash was (if you got this info correct) a STOP 0x00000005,
and INVALID_PROCESS_ATTACH_ATTEMPT, a STOP code I've never seen before.
Were you trying to attach a debugger to a process when this happened?

-Matt

Frank Santiesteban said:
Can someone help me read my minidump, I have no clue what
I'm looking for. This is the information.

***********************************************************
*****
**
** Windows 2000 Crash Dump Analysis
**
***********************************************************
*****
*
Filename . . . . . . .mini110503-01.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2195
DirectoryTableBase . .0x248f1000
PfnDataBase. . . . . .0x829ab000
PsLoadedModuleList . .0x8046d9f0
PsActiveProcessHead. .0x8046dcb0
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x00000005
BugCheckParameter1 . .0x82980be0
BugCheckParameter2 . .0x828a14e0
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0xeb81fff8

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x8042ba40


**** could not load kernel debugger extenion dll [
kdextx86.dll ]

***********************************************************
*****
** Symbol File Load Log
***********************************************************
*****

Module CheckSum
ntoskrnl.exe 001AD483
hal.dll 0002362D
BOOTVID.DLL 0000D8A2
ACPI.sys 00036141
WMILIB.SYS 00008BFD
pci.sys 00015EBC
isapnp.sys 0001ADB1
pciide.sys 0000E66F
PCIIDEX.SYS 0000DE8C
MountMgr.sys 00014162
ftdisk.sys 0001D3BC
Diskperf.sys 00006CE8
dmload.sys 0000B8B0
dmio.sys 0002DA3B
PartMgr.sys 0000DF75
atapi.sys 00021BAE
disk.sys 0000F20D
CLASSPNP.SYS 0000BDD7
KSecDD.sys 0001735D
Ntfs.sys 0008B0E2
NDIS.sys 00034BC1
Mup.sys 00025138
VIDEOPRT.SYS 0001C29A
ialmnt5.sys 0001ABA4
USBD.SYS 00009E7E
uhcd.sys 0001678F
USBPORT.SYS 0002D6EA
usbehci.sys 00006C3D
vtacom.sys 000120AC
**** Error: overlapping image conflict. Invalid dump file.
i8042prt.sys 00012F94
mouclass.sys 0000D72E
kbdclass.sys 00014DB7
parport.sys 000063B4
serial.sys 0001D024
serenum.sys 0000F5FE
fdc.sys 0001553C
Cdr4_2K.SYS 0001059D
cdrom.sys 00011B4B
Cdralw2k.SYS 00013574
**** Error Loading Image
Module: KS.SYS
Image File: None
Debug File: None
CheckSum: 22F68
Error: Incorrect Image File

portcls.sys 0002F4F0
smwdm.sys 00090463
aeaudio.sys 00021368
audstub.sys 00008EF7
rasl2tp.sys 00014A34
ndistapi.sys 0000B34D
ndiswan.sys 0001E9B7
TDI.SYS 000122D0
raspptp.sys 0000CF45
ptilink.sys 0000D9AF
raspti.sys 0000FED0
parallel.sys 00019AD2
swenum.sys 0000B910
update.sys 0002B70C
ialmkchw.sys 0001F121
ialmsbw.sys 0002824E
usbhub.sys 00010A0B
usbhub20.sys 00014278
flpydisk.sys 00009D83
NDProxy.SYS 000121C3
EFS.SYS 00014916
Fs_Rec.SYS 0001057D
Null.SYS 000023CE
Beep.SYS 0000C54F
vga.sys 0001047D
mnmdd.SYS 0000F6C2
Msfs.SYS 0000E5FA
Npfs.SYS 00017E60
rasacd.sys 0000F369
tcpip.sys 00056B95
msgpc.sys 000122E3
wanarp.sys 00015051
netbt.sys 0003179C
netbios.sys 0000B5C1
rdbss.sys 0003159B
mrxsmb.sys 000615C2
dump_WMILIB.SYS 00008BFD
dump_atapi.sys 00021BAE
**** Error Loading Image
Module: win32k.sys
Image File: None
Debug File: None
CheckSum: 1956E8
Error: Incorrect Image File

**** Error: overlapping image conflict. Invalid dump file.
ialmrnt5.dll 00015B21
ialmdev5.DLL 000360D4
**** Error: overlapping image conflict. Invalid dump file.
afd.sys 000240A6
ParVdm.SYS 0000770B
Fips.SYS 0001050B
**** Error Loading Image
Module: NAVAPEL.SYS
Image File: None
Debug File: None
CheckSum: 10EDA
Error: Could not find image

srv.sys 0003E1D3
wdmaud.sys 00018FA8
sysaudio.sys 000169FE
Cdfs.SYS 0000F059
Fastfat.SYS 0002B0BB
ipsec.sys 0001DED4
SYMEVENT.SYS 00013B72
**** Error Loading Image
Module: NAVAP.sys
Image File: None
Debug File: None
CheckSum: 39D09
Error: Could not find image

**** Error Loading Image
Module: NAVEX15.sys
Image File: None
Debug File: None
CheckSum: 8900D
Error: Could not find image

**** Error Loading Image
Module: NAVENG.sys
Image File: None
Debug File: None
CheckSum: 1CFAE
Error: Could not find image

kmixer.sys 00025DD2

***********************************************************
*****
** drivers
***********************************************************
*****

Base Size CheckSum Image Name
80400000 001a2140 001ad483 ntoskrnl.exe
80062000 000140c0 0002362d hal.dll
eb810000 00002a20 0000d8a2 BOOTVID.DLL
bffd8000 00027c40 00036141 ACPI.sys
eb9c8000 00000f80 00008bfd WMILIB.SYS
eb400000 0000e660 00015ebc pci.sys
eb410000 0000b680 0001adb1 isapnp.sys
eb9c9000 00000b00 0000e66f pciide.sys
eb680000 00005500 0000de8c PCIIDEX.SYS
eb688000 00007180 00014162 MountMgr.sys
bffbb000 0001c1a0 0001d3bc ftdisk.sys
eb900000 00001d20 00006ce8 Diskperf.sys
eb902000 00001b80 0000b8b0 dmload.sys
bff99000 000219c0 0002da3b dmio.sys
eb814000 00002d00 0000df75 PartMgr.sys
bff83000 000151a0 00021bae atapi.sys
eb690000 000073c0 0000f20d disk.sys
eb420000 00008560 0000bdd7 CLASSPNP.SYS
bff71000 00011540 0001735d KSecDD.sys
bfeee000 00082720 0008b0e2 Ntfs.sys
bfec5000 00028ca0 00034bc1 NDIS.sys
bfeaf000 000152e0 00025138 Mup.sys
eb450000 0000c4c0 0001c29a VIDEOPRT.SYS
bfe78000 000162e0 0001aba4 ialmnt5.sys
eb6c8000 00004f80 00009e7e USBD.SYS
eb6b8000 00007e20 0001678f uhcd.sys
bfe56000 000211e0 0002d6ea USBPORT.SYS
eb6d8000 00004a00 00006c3d usbehci.sys
eb6e0000 00004ec0 000120ac vtacom.sys
bfe34000 00022000 00026ac4 e100bnt5.sys
eb460000 0000b6a0 00012f94 i8042prt.sys
eb6f0000 00005380 0000d72e mouclass.sys
eb700000 00005e40 00014db7 kbdclass.sys
eb710000 00006100 000063b4 parport.sys
eb470000 0000f320 0001d024 serial.sys
eb884000 00003560 0000f5fe serenum.sys
eb728000 00000000 0001553c fdc.sys
eb480000 0000e180 0001059d Cdr4_2K.SYS
eb740000 00006c20 00011b4b cdrom.sys
eb750000 00005560 00013574 Cdralw2k.SYS
bfd6e000 0001fd00 00022f68 KS.SYS
bfd8e000 00024200 0002f4f0 portcls.sys
bfdb3000 00080c00 00090463 smwdm.sys
bfd56000 00017220 00021368 aeaudio.sys
eb9fc000 00000a40 00008ef7 audstub.sys
eb490000 0000ca80 00014a34 rasl2tp.sys
eb890000 000022c0 0000b34d ndistapi.sys
bfd3f000 00016aa0 0001e9b7 ndiswan.sys
eb8a0000 00003e60 000122d0 TDI.SYS
eb4a0000 0000b520 0000cf45 raspptp.sys
eb790000 00004400 0000d9af ptilink.sys
eb7a0000 000040e0 0000fed0 raspti.sys
eb4b0000 0000ea20 00019ad2 parallel.sys
eb9fd000 00001000 0000b910 swenum.sys
bfd1c000 000222a0 0002b70c update.sys
b7c88000 000133a0 0001f121 ialmkchw.sys
b7c6c000 0001bb60 0002824e ialmsbw.sys
eb4d0000 00009ba0 00010a0b usbhub.sys
eb4e0000 0000bfe0 00014278 usbhub20.sys
eb7d0000 00004a60 00009d83 flpydisk.sys
eb500000 00009ce0 000121c3 NDProxy.SYS
eb7e0000 00006a20 00014916 EFS.SYS
eb912000 00001ca0 0001057d Fs_Rec.SYS
eba07000 000009e0 000023ce Null.SYS
eba08000 00000ee0 0000c54f Beep.SYS
eb8d8000 00003580 0001047d vga.sys
eba09000 00000f80 0000f6c2 mnmdd.SYS
eb800000 00005240 0000e5fa Msfs.SYS
eb510000 00008fa0 00017e60 Npfs.SYS
eb91a000 00001e40 0000f369 rasacd.sys
b7b53000 000505e0 00056b95 tcpip.sys
eb520000 000086c0 000122e3 msgpc.sys
eb6a0000 00007d00 00015051 wanarp.sys
b7b2e000 00024500 0003179c netbt.sys
eb530000 000081a0 0000b5c1 netbios.sys
b7a6c000 00021920 0003159b rdbss.sys
b79fc000 0005d8a0 000615c2 mrxsmb.sys
eba0a000 00000f80 00008bfd dump_WMILIB.SYS
b79be000 000151a0 00021bae dump_atapi.sys
a0000000 001911e0 001956e8 win32k.sys
b799c000 00000000 0001e038 ialmdnt5.dll
eb570000 00000000 00015b21 ialmrnt5.dll
b796e000 0002de00 000360d4 ialmdev5.DLL
b78f8000 00000000 0007044c ialmdd5.DLL
b779a000 0001dd40 000240a6 afd.sys
eb982000 00001860 0000770b ParVdm.SYS
b7a9e000 00008240 0001050b Fips.SYS
eb9a6000 00001b60 00010eda NAVAPEL.SYS
b7710000 00039e80 0003e1d3 srv.sys
b7635000 00012060 00018fa8 wdmaud.sys
eb550000 0000ba80 000169fe sysaudio.sys
b7678000 0000eda0 0000f059 Cdfs.SYS
b74fd000 000223c0 0002b0bb Fastfat.SYS
b721b000 00013ac0 0001ded4 ipsec.sys
b748d000 0000dae0 00013b72 SYMEVENT.SYS
b71cb000 00027ea0 00039d09 NAVAP.sys
b70a8000 000826e0 0008900d NAVEX15.sys
b7688000 0000f400 0001cfae NAVENG.sys
b6ea3000 00024220 00025dd2 kmixer.sys

***********************************************************
*****
** Process
***********************************************************
*****

PROCESS: SessionId: 0 Cid: 0000 Peb: 00000000
ParentCid: 0000
DirBase: 00030000 ObjectTable: 829a56a8 TableSize:
0.
Image: Idle
VadRoot 0 Clone 0 Private 0. Modified 0. Locked 0.
DeviceMap 0
Process Lock Owned by Thread 0
Token e10017f0
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (4, 50, 450) (16KB,
200KB, 1800KB)
PeakWorkingSetSize 4
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 1
MemoryPriority BACKGROUND
BasePriority 0
CommitCharge 0


***********************************************************
*****
** Thread
***********************************************************
*****

THREAD Cid 0.0 Teb: 00000000 Win32Thread: 00000000
RUNNING
Owning Process 8046f5e0
WaitTime (seconds) 78861
Context Switch Count 96007
Start Address 0x00000000
Stack Init 80473ac0 Current 80472dcc Base 80473ac0 Limit
80470ac0 Call 0
Priority 16 BasePriority 0 PriorityDecrement 0
DecrementCount 0


***********************************************************
*****
** Register Dump For Processor #0
***********************************************************
*****

eax=ffdff13c ebx=00000005 ecx=82980be0 edx=00000000
esi=82393020 edi=82980be0
eip=8042ba40 esp=eb81f2b0 ebp=eb81f2d0 iopl=0 nv
up di pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00000286
cr0=8001003b cr2=01300000 cr3=00030000 dr0=00000000
dr1=00000000 dr2=00000000
dr3=00000000 dr6=ffff0ff0 dr7=00000400 cr4=000006d1
gdtr=80036000 gdtl=03ff idtr=80036400 idtl=07ff
tr=0028 ldtr=0000


***********************************************************
*****
** Stack Trace
***********************************************************
*****

ChildEBP RetAddr Args to Child
eb81f2d0 00000000 00000000 00000000 00000000 NTOSKRNL!
KeStackAttachProcess+0x3e
Click to expand...
 
F

Frank Santiesteban

In my minidump directory I have quite a few minidmp, I
check about 3 of them and they all have the same, could of
this been cause by a sms push, this machine resides on our
Network and they are constently doing sms pushes with
security patches, anti-virus updates and service packs.
-----Original Message-----
To really look at a dump, you need the debugging tools from the MSDN website
and a working knowledge of x86 assembly language and Windows internals.

This particular crash was (if you got this info correct) a STOP 0x00000005,
and INVALID_PROCESS_ATTACH_ATTEMPT, a STOP code I've never seen before.
Were you trying to attach a debugger to a process when this happened?

-Matt

Frank Santiesteban said:
Can someone help me read my minidump, I have no clue what
I'm looking for. This is the information.

***********************************************************
*****
**
** Windows 2000 Crash Dump Analysis
**
***********************************************************
*****
*
Filename . . . . . . .mini110503-01.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2195
DirectoryTableBase . .0x248f1000
PfnDataBase. . . . . .0x829ab000
PsLoadedModuleList . .0x8046d9f0
PsActiveProcessHead. .0x8046dcb0
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x00000005
BugCheckParameter1 . .0x82980be0
BugCheckParameter2 . .0x828a14e0
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0xeb81fff8

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x8042ba40


**** could not load kernel debugger extenion dll [
kdextx86.dll ]

***********************************************************
*****
** Symbol File Load Log
***********************************************************
*****

Module CheckSum
ntoskrnl.exe 001AD483
hal.dll 0002362D
BOOTVID.DLL 0000D8A2
ACPI.sys 00036141
WMILIB.SYS 00008BFD
pci.sys 00015EBC
isapnp.sys 0001ADB1
pciide.sys 0000E66F
PCIIDEX.SYS 0000DE8C
MountMgr.sys 00014162
ftdisk.sys 0001D3BC
Diskperf.sys 00006CE8
dmload.sys 0000B8B0
dmio.sys 0002DA3B
PartMgr.sys 0000DF75
atapi.sys 00021BAE
disk.sys 0000F20D
CLASSPNP.SYS 0000BDD7
KSecDD.sys 0001735D
Ntfs.sys 0008B0E2
NDIS.sys 00034BC1
Mup.sys 00025138
VIDEOPRT.SYS 0001C29A
ialmnt5.sys 0001ABA4
USBD.SYS 00009E7E
uhcd.sys 0001678F
USBPORT.SYS 0002D6EA
usbehci.sys 00006C3D
vtacom.sys 000120AC
**** Error: overlapping image conflict. Invalid dump file.
i8042prt.sys 00012F94
mouclass.sys 0000D72E
kbdclass.sys 00014DB7
parport.sys 000063B4
serial.sys 0001D024
serenum.sys 0000F5FE
fdc.sys 0001553C
Cdr4_2K.SYS 0001059D
cdrom.sys 00011B4B
Cdralw2k.SYS 00013574
**** Error Loading Image
Module: KS.SYS
Image File: None
Debug File: None
CheckSum: 22F68
Error: Incorrect Image File

portcls.sys 0002F4F0
smwdm.sys 00090463
aeaudio.sys 00021368
audstub.sys 00008EF7
rasl2tp.sys 00014A34
ndistapi.sys 0000B34D
ndiswan.sys 0001E9B7
TDI.SYS 000122D0
raspptp.sys 0000CF45
ptilink.sys 0000D9AF
raspti.sys 0000FED0
parallel.sys 00019AD2
swenum.sys 0000B910
update.sys 0002B70C
ialmkchw.sys 0001F121
ialmsbw.sys 0002824E
usbhub.sys 00010A0B
usbhub20.sys 00014278
flpydisk.sys 00009D83
NDProxy.SYS 000121C3
EFS.SYS 00014916
Fs_Rec.SYS 0001057D
Null.SYS 000023CE
Beep.SYS 0000C54F
vga.sys 0001047D
mnmdd.SYS 0000F6C2
Msfs.SYS 0000E5FA
Npfs.SYS 00017E60
rasacd.sys 0000F369
tcpip.sys 00056B95
msgpc.sys 000122E3
wanarp.sys 00015051
netbt.sys 0003179C
netbios.sys 0000B5C1
rdbss.sys 0003159B
mrxsmb.sys 000615C2
dump_WMILIB.SYS 00008BFD
dump_atapi.sys 00021BAE
**** Error Loading Image
Module: win32k.sys
Image File: None
Debug File: None
CheckSum: 1956E8
Error: Incorrect Image File

**** Error: overlapping image conflict. Invalid dump file.
ialmrnt5.dll 00015B21
ialmdev5.DLL 000360D4
**** Error: overlapping image conflict. Invalid dump file.
afd.sys 000240A6
ParVdm.SYS 0000770B
Fips.SYS 0001050B
**** Error Loading Image
Module: NAVAPEL.SYS
Image File: None
Debug File: None
CheckSum: 10EDA
Error: Could not find image

srv.sys 0003E1D3
wdmaud.sys 00018FA8
sysaudio.sys 000169FE
Cdfs.SYS 0000F059
Fastfat.SYS 0002B0BB
ipsec.sys 0001DED4
SYMEVENT.SYS 00013B72
**** Error Loading Image
Module: NAVAP.sys
Image File: None
Debug File: None
CheckSum: 39D09
Error: Could not find image

**** Error Loading Image
Module: NAVEX15.sys
Image File: None
Debug File: None
CheckSum: 8900D
Error: Could not find image

**** Error Loading Image
Module: NAVENG.sys
Image File: None
Debug File: None
CheckSum: 1CFAE
Error: Could not find image

kmixer.sys 00025DD2

***********************************************************
*****
** drivers
***********************************************************
*****

Base Size CheckSum Image Name
80400000 001a2140 001ad483 ntoskrnl.exe
80062000 000140c0 0002362d hal.dll
eb810000 00002a20 0000d8a2 BOOTVID.DLL
bffd8000 00027c40 00036141 ACPI.sys
eb9c8000 00000f80 00008bfd WMILIB.SYS
eb400000 0000e660 00015ebc pci.sys
eb410000 0000b680 0001adb1 isapnp.sys
eb9c9000 00000b00 0000e66f pciide.sys
eb680000 00005500 0000de8c PCIIDEX.SYS
eb688000 00007180 00014162 MountMgr.sys
bffbb000 0001c1a0 0001d3bc ftdisk.sys
eb900000 00001d20 00006ce8 Diskperf.sys
eb902000 00001b80 0000b8b0 dmload.sys
bff99000 000219c0 0002da3b dmio.sys
eb814000 00002d00 0000df75 PartMgr.sys
bff83000 000151a0 00021bae atapi.sys
eb690000 000073c0 0000f20d disk.sys
eb420000 00008560 0000bdd7 CLASSPNP.SYS
bff71000 00011540 0001735d KSecDD.sys
bfeee000 00082720 0008b0e2 Ntfs.sys
bfec5000 00028ca0 00034bc1 NDIS.sys
bfeaf000 000152e0 00025138 Mup.sys
eb450000 0000c4c0 0001c29a VIDEOPRT.SYS
bfe78000 000162e0 0001aba4 ialmnt5.sys
eb6c8000 00004f80 00009e7e USBD.SYS
eb6b8000 00007e20 0001678f uhcd.sys
bfe56000 000211e0 0002d6ea USBPORT.SYS
eb6d8000 00004a00 00006c3d usbehci.sys
eb6e0000 00004ec0 000120ac vtacom.sys
bfe34000 00022000 00026ac4 e100bnt5.sys
eb460000 0000b6a0 00012f94 i8042prt.sys
eb6f0000 00005380 0000d72e mouclass.sys
eb700000 00005e40 00014db7 kbdclass.sys
eb710000 00006100 000063b4 parport.sys
eb470000 0000f320 0001d024 serial.sys
eb884000 00003560 0000f5fe serenum.sys
eb728000 00000000 0001553c fdc.sys
eb480000 0000e180 0001059d Cdr4_2K.SYS
eb740000 00006c20 00011b4b cdrom.sys
eb750000 00005560 00013574 Cdralw2k.SYS
bfd6e000 0001fd00 00022f68 KS.SYS
bfd8e000 00024200 0002f4f0 portcls.sys
bfdb3000 00080c00 00090463 smwdm.sys
bfd56000 00017220 00021368 aeaudio.sys
eb9fc000 00000a40 00008ef7 audstub.sys
eb490000 0000ca80 00014a34 rasl2tp.sys
eb890000 000022c0 0000b34d ndistapi.sys
bfd3f000 00016aa0 0001e9b7 ndiswan.sys
eb8a0000 00003e60 000122d0 TDI.SYS
eb4a0000 0000b520 0000cf45 raspptp.sys
eb790000 00004400 0000d9af ptilink.sys
eb7a0000 000040e0 0000fed0 raspti.sys
eb4b0000 0000ea20 00019ad2 parallel.sys
eb9fd000 00001000 0000b910 swenum.sys
bfd1c000 000222a0 0002b70c update.sys
b7c88000 000133a0 0001f121 ialmkchw.sys
b7c6c000 0001bb60 0002824e ialmsbw.sys
eb4d0000 00009ba0 00010a0b usbhub.sys
eb4e0000 0000bfe0 00014278 usbhub20.sys
eb7d0000 00004a60 00009d83 flpydisk.sys
eb500000 00009ce0 000121c3 NDProxy.SYS
eb7e0000 00006a20 00014916 EFS.SYS
eb912000 00001ca0 0001057d Fs_Rec.SYS
eba07000 000009e0 000023ce Null.SYS
eba08000 00000ee0 0000c54f Beep.SYS
eb8d8000 00003580 0001047d vga.sys
eba09000 00000f80 0000f6c2 mnmdd.SYS
eb800000 00005240 0000e5fa Msfs.SYS
eb510000 00008fa0 00017e60 Npfs.SYS
eb91a000 00001e40 0000f369 rasacd.sys
b7b53000 000505e0 00056b95 tcpip.sys
eb520000 000086c0 000122e3 msgpc.sys
eb6a0000 00007d00 00015051 wanarp.sys
b7b2e000 00024500 0003179c netbt.sys
eb530000 000081a0 0000b5c1 netbios.sys
b7a6c000 00021920 0003159b rdbss.sys
b79fc000 0005d8a0 000615c2 mrxsmb.sys
eba0a000 00000f80 00008bfd dump_WMILIB.SYS
b79be000 000151a0 00021bae dump_atapi.sys
a0000000 001911e0 001956e8 win32k.sys
b799c000 00000000 0001e038 ialmdnt5.dll
eb570000 00000000 00015b21 ialmrnt5.dll
b796e000 0002de00 000360d4 ialmdev5.DLL
b78f8000 00000000 0007044c ialmdd5.DLL
b779a000 0001dd40 000240a6 afd.sys
eb982000 00001860 0000770b ParVdm.SYS
b7a9e000 00008240 0001050b Fips.SYS
eb9a6000 00001b60 00010eda NAVAPEL.SYS
b7710000 00039e80 0003e1d3 srv.sys
b7635000 00012060 00018fa8 wdmaud.sys
eb550000 0000ba80 000169fe sysaudio.sys
b7678000 0000eda0 0000f059 Cdfs.SYS
b74fd000 000223c0 0002b0bb Fastfat.SYS
b721b000 00013ac0 0001ded4 ipsec.sys
b748d000 0000dae0 00013b72 SYMEVENT.SYS
b71cb000 00027ea0 00039d09 NAVAP.sys
b70a8000 000826e0 0008900d NAVEX15.sys
b7688000 0000f400 0001cfae NAVENG.sys
b6ea3000 00024220 00025dd2 kmixer.sys

***********************************************************
*****
** Process
***********************************************************
*****

PROCESS: SessionId: 0 Cid: 0000 Peb: 00000000
ParentCid: 0000
DirBase: 00030000 ObjectTable: 829a56a8 TableSize:
0.
Image: Idle
VadRoot 0 Clone 0 Private 0. Modified 0. Locked 0.
DeviceMap 0
Process Lock Owned by Thread 0
Token e10017f0
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (4, 50, 450) (16KB,
200KB, 1800KB)
PeakWorkingSetSize 4
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 1
MemoryPriority BACKGROUND
BasePriority 0
CommitCharge 0


***********************************************************
*****
** Thread
***********************************************************
*****

THREAD Cid 0.0 Teb: 00000000 Win32Thread: 00000000
RUNNING
Owning Process 8046f5e0
WaitTime (seconds) 78861
Context Switch Count 96007
Start Address 0x00000000
Stack Init 80473ac0 Current 80472dcc Base 80473ac0 Limit
80470ac0 Call 0
Priority 16 BasePriority 0 PriorityDecrement 0
DecrementCount 0


***********************************************************
*****
** Register Dump For Processor #0
***********************************************************
*****

eax=ffdff13c ebx=00000005 ecx=82980be0 edx=00000000
esi=82393020 edi=82980be0
eip=8042ba40 esp=eb81f2b0 ebp=eb81f2d0 iopl=0 nv
up di pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030
gs=0000 efl=00000286
cr0=8001003b cr2=01300000 cr3=00030000 dr0=00000000
dr1=00000000 dr2=00000000
dr3=00000000 dr6=ffff0ff0 dr7=00000400 cr4=000006d1
gdtr=80036000 gdtl=03ff idtr=80036400 idtl=07ff
tr=0028 ldtr=0000


***********************************************************
*****
** Stack Trace
***********************************************************
*****

ChildEBP RetAddr Args to Child
eb81f2d0 00000000 00000000 00000000 00000000 NTOSKRNL!
KeStackAttachProcess+0x3e
Click to expand...


.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Dump readings 0
BSOD -- need help understanding minidump 9
Need minidump analyzed 4
Bluescreen/PAGE_FAULT... - Help reading minidump, please. 0
Where to submitt coredumps ? 4
Windows XP Blue Screen issues 1
IRQ less Than or equal to Error 3
minidump analysis 3

Top