Readind Dump Files

Z

Zach Dundore

I have a Dell Optiplex GX270 that is continually shuting down with out
warning. The system board on the computer has been replaced once already,
and yet the computer is shuting down. The event view has told me that there
was a dumpfile created. I have tried to run dumpchk.exe on the file but i
recieve an error. Is there another way to read this file? I am stumped as
to why the computer would be shuting down on its own and i think the dump
file is the key.

Thanks

Zach
 
A

AJR

If Dr. Watson is enabled it contains the dump file. Note that the dump file
contains memory contents and designed for interpretation by Microsoft or
application vendor.
 
Z

Zach Dundore

I got dumpchk to work here is the output from the program let me know what
you think:

__________________________________________________________________
C:\Program Files\Support Tools>dumpchk Mini082906-01.dmp
Loading dump file Mini082906-01.dmp
----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 17136000
PfnDataBase 81ad1000
PsLoadedModuleList 8055a420
PsActiveProcessHead 805604d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 1000008e
BugCheckParameter1 c0000005
BugCheckParameter2 bf936a6d
BugCheckParameter3 ed88214c
BugCheckParameter4 00000000
PaeEnabled 00000000
KdDebuggerDataBlock 8054c060
MiniDumpFields 00000dff

TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 00001ea4
DriverListOffset 00004ab8
DriverCount 00000084
StringPoolOffset 000071e8
StringPoolSize 00001238
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack ed88215c
DebuggerDataOffset 00004828
DebuggerDataSize 00000290
DataBlocksOffset 00008420
DataBlocksCount 00000004


Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Aug 29 15:18:09 2006
System Uptime: 17 days 13:12:10
start end module name
804d7000 806eb100 nt Checksum: 002198AF Timestamp: Tue Mar 01
18:
59:37 2005 (42250FF9)

Unloaded modules:
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)
eb870000 eb89a000 kmixer.sys Timestamp: unavailable (00000000)

Finished dump check
__________________________________________________________________
 
Z

Zach Dundore

I ran WinDbg on the MiniDump file and it returned to me that is is probably
caused by win32k.sys. What is this file? It is a driver of some sort, but
what for? Has the file gotten corrupted and needs to be replaced, or do i
need to update or reinstall a driver on my system? Any input would be
greatly apprecieated.

Thanks

Zach
 
R

Ron Martell

Zach Dundore said:
I got dumpchk to work here is the output from the program let me know what
you think:
Click to expand...

BugCheckCode 1000008e
BugCheckParameter1 c0000005
BugCheckParameter2 bf936a6d
BugCheckParameter3 ed88214c
BugCheckParameter4 00000000
Click to expand...

Your problem is a KERNEL_MODE_EXCEPTION_NOT_HANDLED (BugCheckCode
1000008e) and the specific error was STATUS_ACCESS_VIOLATION
(BugCheckParameter1 c0000005). The error occurred at memory address
bf936a6d (BugCheckParameter2 bf936a6d)

I am not certain why the dump file contains to the kmixer.sys file
although that may be the actual file involved in the error.

Hope this is of some assistance.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca
Syberfix Remote Computer Repair

"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."
 
Z

Zach Dundore

Here is the output from WinDbg, let me know what you think:

_______________________________________________________________________
Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and
Settings\dundorez\Desktop\Mini082906-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Tue Aug 29 15:18:09.515 2006 (GMT-5)
System Uptime: 17 days 13:12:10.100
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
....................................................................................................................................
Loading User Symbols
Loading unloaded module list
...................................................
Unable to load image win32k.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for win32k.sys
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf936a6d, ed88214c, 0}

Probably caused by : win32k.sys ( win32k!vSpDrawCursor+d5 )

Followup: MachineOwner
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Reading Mini.Dump Files 2
Preventing my CPU from restarting b4 my settings load 3
NT INSTANS/SYSTEM 3
Won't boot unless reset CMOS every time? 0
error code? shutsdown 2
install.log 1
BSOD- need help! 5
Win XP Pro shut down problem. 1

Top