Windows dump File

[Andrea]

Hi everybody,
I'd like to learn to read and use windows full memory
dump file .dmp created after a "blue screen crash".

I know dumpchk.exe and pstat.exe but I'm not able how to interpretate these
informations in order to understand the cause of problems.

thanks everybody
andrea

 

[Pegasus \(MVP\)]

Hi everybody,
I'd like to learn to read and use windows full memory
dump file .dmp created after a "blue screen crash".

I know dumpchk.exe and pstat.exe but I'm not able how to interpretate these
informations in order to understand the cause of problems.

thanks everybody
andrea

This might help:
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=16425

 

[Rick \Nutcase\ Rogers]

Hi Andrea,

Take a course in IA32 assembly language in order to use a debug program that
will tell you what's actually going on. Crash Dumps are best left to those
that can correctly interpret the data that is gathered, there is no easy way
to learn this without hours and hours of going through them, researching
the resultant error codes, and looking up the sources of indicated modules
involved. A good place for researching the codes and their meaning is the
MSDN library, but it is not by any means the only resource.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Andrea]

Hi Andrea,

Take a course in IA32 assembly language in order to use a debug program that
will tell you what's actually going on. Crash Dumps are best left to those
that can correctly interpret the data that is gathered, there is no easy way
to learn this without hours and hours of going through them,

Hi roger,

thank you for your answer. Unfortunately I don't know Assembly but I'm a
C/C++ programmer with some knowledge on win32 platform. I know it's
impossibile and perhaps stupid too desire an easy way to read dump file
'cause we are at machine code level.

But my question start from the necessity to understand or just have a
"suggestion" on the origin of blue screen. I downloaded the microsoft debug
symbols and I'd like to learn to process dump file in order to understand,
for example:

ok, execution stopped in the module
module.dll!function_name();
with this call stack ...

I've got blue screen, I need to understand just the origin.

researching

the resultant error codes, and looking up the sources of indicated modules
involved. A good place for researching the codes and their meaning is the
MSDN library, but it is not by any means the only resource.

I read a lot on microsoft documentation but it's too generic to understand
what's up with my system. If you have any suggestion I will appreciate a
lot!

Thank you very much
andrea

 

[Andrea]

This might help:
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=16425

sorry but I can't access to the article without a subscription, it is not
free?

 

[Pegasus \(MVP\)]

sorry but I can't access to the article without a subscription, it is not
free?

This is correct.

 

[Rick \Nutcase\ Rogers]

Hi Andrea,

If you have the symbols library, then Windbg should be able to indicate the
faulting module. Frankly, if you know C++, then assembly language would not
be a stretch for you.

Windbg:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Andrea]

Hi Andrea,

If you have the symbols library, then Windbg should be able to indicate the
faulting module. Frankly, if you know C++, then assembly language would not
be a stretch for you.

Yes, you're right, it's really harder. I did it yesterday in the evening, I
found the problem inside pciidex.sys that should be the sata channel driver.
I think I've got a problem on my hard disk, I found some bad sectors.

Thank you. I'd like to learn assembly in my spare time, can you suggest any
resource. And my main question is how to develop something in Assembly
without break my System. It's easy with assembly make your system instable
or I'm wrong?

Thank you and have a nice day
Andrea

 

[Andrea]

This is correct.

:| Thanks.

 

[Rick \Nutcase\ Rogers]

Hi Andrea,

Yep, bad sectors on the drive will definitely be an issue. I would use a
drive checker from the manufacturer to make sure it's not a candidate for
replacement before doing anything else.

A good college level book to use for learning assembly:
http://www.nuvisionmiami.com/books/asm/

And yes, you can break your machine with assembly just as easily, perhaps
more so - watch recursive loops.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[hmmm]

Hi everybody,
I'd like to learn to read and use windows full memory
dump file .dmp created after a "blue screen crash".

I know dumpchk.exe and pstat.exe but I'm not able how to interpretate these
informations in order to understand the cause of problems.

thanks everybody
andrea

Windows XP takes a dump so often, you will need to affix a diaper to
it's arse until it is fully loo trained. OMG, you want to inspect the
contents of it's stool?!? Well, I wouldn't wish that on my worse enemy,
but good luck!

 

[Andrea]

Hi Andrea,

Yep, bad sectors on the drive will definitely be an issue. I would use a
drive checker from the manufacturer to make sure it's not a candidate for
replacement before doing anything else.

A good college level book to use for learning assembly:
http://www.nuvisionmiami.com/books/asm/

Thank you very much, I'll buy it.

regards
andrea