Question

Analyzing Crash Dumps

Asked by: leew

I have usually relied on the STOP error and a google search to determine the cause of a crash... but I know I can open the .dmp file generated and examine that for probably more thorough information.  Can anyone tell me what software will open this file?  I have access to TechNet and MSDN, so I think I should be able to get my hands on the appropriate tool... I just don't know what that tool is, so I guess that's the question - what's the tool??

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-10-06 at 06:34:30ID21585874
Topic

Operating Systems Miscellaneous

Participating Experts
3
Points
500
Comments
13

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. How do I review a dmp file?
    I just ran a memory dump on DLLHost.dll, I guess I can review it in textpad, but is there a better way to review the dmp?
  2. dmp-file solution?
    Can someone tell me what is the problem? I attach the dmp-file but i changed dmp to txt
  3. Need Help Analyzing Dump File
    Could someone please analyze my dump files for me? My laptop crashes with the BSOD almost once a day now. I added some memory recently but it crashed a few times before that. I have Windows Vista 32bit Ultimate SP2. My laptop is a Dell Latitude D630 with a 2GB duo core proces...
  4. how to analyze a windows 7 dump file ?
    had another unexpected windows 7 system crash. (see attached mini-dump file). can someone give me a step-by-step explanation what i should do to analyze this dump file ?

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: JayizKoolPosted on 2005-10-06 at 07:18:30ID: 15030683

leew:

     Take a look at the following: http://support.microsoft.com/default.aspx?scid=kb;en-us;315271  Its provided with XP (The CD anyway).  And should allow you to do exact what you need to read and even understand the dumps.  Enjoy, and good luck.  If you have any questions, feel free to ask.

Regards,
Jay

 

by: leewPosted on 2005-10-06 at 08:14:14ID: 15031246

Have a question:

Unloaded modules:
bdc82000 bdca7000   kmixer.sys    Timestamp: unavailable (00000000)
beec3000 beee8000   kmixer.sys    Timestamp: unavailable (00000000)
bf15d000 bf16a000   DMusic.sys    Timestamp: unavailable (00000000)
bf16d000 bf17b000   swmidi.sys    Timestamp: unavailable (00000000)
bf19d000 bf1ad000   Serial.SYS    Timestamp: unavailable (00000000)
f2130000 f2139000   redbook.sys    Timestamp: unavailable (00000000)
f23a8000 f23ad000   Cdaudio.SYS    Timestamp: unavailable (00000000)
f24f0000 f24f3000   Sfloppy.SYS    Timestamp: unavailable (00000000)

What exactly are "unloaded modules"

I've had repeated crashes on a 2000 server that happened since I put in an older but supposedly working dual 10/100 Compaq NIC card.  I DOWNGRADED the drive and it became more solid, but still crashes seemingly randomly, roughly 3-4 times a week.  The above "unloaded modules occur in the first mini dump I have from 8/17 and the last from 10/2 - and I suspect in all the others (16 more) between.

The stop error is a D1, which COULD be faulty RAM but from how I'm reading things, is PROBABLY a bad driver.  (I do need to upgrade a disk or two in the server and will likely power down and reseat the RAM - ABOUT 8/15, I did some work on it and took out the RAM and then put it back in - maybe something isn't seated quite right - or perhaps I blew a stick).

 

by: JayizKoolPosted on 2005-10-06 at 11:26:49ID: 15032975

leew:

     Well I can say the problem you seem to be having is most likly steming from bad drivers.  But could absolutly be a problem with the RAM.  Be sure to double check you video drivers as well.

     As far as I know "Unloaded modules" are drivers which were not loaded/intitialized.  This could be the problem as well.  Looking over it, it has a few audio entries.  Reinstalling audio drivers might be in order as well.

     Hope this is of help.  As always, if you have any questions, feel free to ask.

Regards,
Jay

 

by: cpc2004Posted on 2005-10-07 at 04:06:36ID: 15037378

Debugging Tools from Microsoft
1) Create folder c:\symbols
2) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
3) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini011005-01.dmp or whatever
4) open a CMD prompt and cd\program files\debugging tools for windows\
5) type the following stuff:

Code:
c:\program files\debugging tools>kd -z C:\WINDOWS\Minidump\Mini011005-01.dmp
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

You now have a debuglog.txt in c:\, open it in notepad and post to this thread.

 

by: leewPosted on 2005-10-07 at 04:41:57ID: 15037589

Fascinating... using dumpchk, I got the stop error code and parameters as follows:

Bugcheck code 000000D1
Arguments 00000003 00000002 00000000 f2112917

(I believe that was also displayed shortly after executing kd).  I then looked up the memory address of f2112917, which, if I understand this all correctly, falls in between f2110000 [and] f211e2c0 [which happens to be]  mvstdi5x mvstdi5x.sys Thu Sep 02 15:18:40 2004 (41377210), which, when I look it up, is the McAfee Enterprise 8 Mini-Firewall.  SOOOOOO, if I'm interpreting this correctly, something is creating a problem with mvstdi5x.sys OR there is a problem with mvstdi5x.sys.  My first attempt to fix this problem should probably be checking for updates to McAfee Enterprise 8.  Am I right?

Opened log file 'c:\debuglog100205-01.txt'
1: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
1: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
......................................................................................................
Loading unloaded module list
........
Loading User Symbols
No export analyze found
eax=82af513c ebx=0000000a ecx=00000000 edx=40000000 esi=f2112917 edi=00000003
eip=8046b12c esp=f24238d0 ebp=f24238e4 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
nt+0x6b12c:
8046b12c ??               ???
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
f24238cc 00000000 00000003 00000002 00000000 nt+0x6b12c
start    end        module name
80062000 80078e00   hal      hal.dll      Thu Mar 20 21:04:11 2003 (3E7A731B)
80400000 805a2840   nt       ntoskrnl.exe Fri May 06 07:44:59 2005 (427B58BB)
a0000000 a0001000   win32k   win32k.sys   unavailable (00000000)
a018f000 a0190000   atidrab  atidrab.dll  unavailable (00000000)
a07e0000 a07e1000   RDPDD    RDPDD.dll    unavailable (00000000)
bdc12000 bdc27f20   RDPWD    RDPWD.SYS    Fri Jun 17 02:41:40 2005 (42B270A4)
bdce3000 bdce5100   EntDrv50 EntDrv50.sys Wed Jul 28 03:16:11 2004 (410752BB)
bdcf7000 bdd116e0   naiavf5x naiavf5x.sys Fri Aug 20 07:42:57 2004 (4125E3C1)
be3df000 be3e1f20   spud     spud.sys     Fri Nov 19 18:36:27 1999 (3835DEFB)
be71b000 be72aa20   ipsec    ipsec.sys    Tue Apr 29 19:04:59 2003 (3EAF051B)
be773000 be795ac0   Fastfat  Fastfat.SYS  Thu Dec 02 22:33:50 2004 (41AFDE9E)
be7e6000 be7f6600   ipnat    ipnat.sys    Wed Aug 11 19:42:38 2004 (411AAEEE)
be91f000 be92e600   Cdfs     Cdfs.SYS     Fri Apr 01 20:23:36 2005 (424DF418)
be98f000 be997a60   termdd   termdd.sys   Fri Mar 21 16:43:08 2003 (3E7B876C)
beb3f000 beb64920   sfmsrv   sfmsrv.sys   Mon Sep 09 20:17:41 2002 (3D7D3A25)
bedbd000 bedc5560   ipfltdrv ipfltdrv.sys Sat Oct 30 18:35:58 1999 (381B72CE)
bedcd000 bedd5240   Fips     Fips.SYS     Tue May 09 11:28:29 2000 (39182E9D)
bee5d000 bee97440   srv      srv.sys      Tue May 03 04:10:42 2005 (42773202)
bef10000 bef21f80   wdmaud   wdmaud.sys   Wed Apr 16 00:23:02 2003 (3E9CDAA6)
bf012000 bf031140   afd      afd.sys      Mon Apr 11 17:31:21 2005 (425AECA9)
bf032000 bf0562a0   sfmatalk sfmatalk.sys Fri Aug 16 08:28:12 2002 (3D5CEFDC)
bf091000 bf0c4040   exifs    exifs.sys    Tue Jun 18 02:13:17 2002 (3D0ECF7D)
bf17d000 bf1888c0   sysaudio sysaudio.sys Wed Apr 16 00:21:44 2003 (3E9CDA58)
bfa05000 bfa1a180   dump_atapi dump_atapi.sys Tue Apr 01 13:08:25 2003 (3E89D599)
bfa43000 bfaaca40   mrxsmb   mrxsmb.sys   Fri Apr 01 20:23:32 2005 (424DF414)
bfabf000 bfaebac0   rdbss    rdbss.sys    Mon Apr 11 17:31:22 2005 (425AECAA)
bfaec000 bfb13000   vmm      vmm.sys      Fri Oct 01 18:32:54 2004 (415DDB16)
bfb13000 bfb3dd00   netbt    netbt.sys    Fri Apr 01 20:23:24 2005 (424DF40C)
bfb3e000 bfb8c1a0   tcpip    tcpip.sys    Thu May 12 06:24:58 2005 (42832EFA)
bfcf5000 bfd1f3a0   update   update.sys   Wed Apr 16 00:22:01 2003 (3E9CDA69)
bfd32000 bfd55060   rdpdr    rdpdr.sys    Fri Mar 21 16:43:14 2003 (3E7B8772)
bfd56000 bfd7b200   n100nt5  n100nt5.sys  Mon Jun 13 17:11:39 2005 (42ADF68B)
bfd7c000 bfda5680   smc9452m smc9452m.sys Thu May 15 06:33:43 2003 (3EC36D07)
bfda6000 bfdc5d00   KS       KS.SYS       Wed Dec 04 12:09:38 2002 (3DEE36D2)
bfdc6000 bfdea1e0   portcls  portcls.sys  Wed Apr 16 00:11:22 2003 (3E9CD7EA)
bfdeb000 bfe0c160   ctlsb16  ctlsb16.sys  Sat Oct 23 16:09:27 1999 (381215F7)
bfe0d000 bfe1e6c0   atimpab  atimpab.sys  Wed Nov 10 18:34:06 1999 (382A00EE)
bfe1f000 bfe35ba0   ndiswan  ndiswan.sys  Tue Apr 29 19:05:01 2003 (3EAF051D)
bfe7e000 bfe93be0   Mup      Mup.sys      Thu Dec 02 22:37:23 2004 (41AFDF73)
bfe94000 bfebdaa0   NDIS     NDIS.sys     Tue Apr 29 19:05:01 2003 (3EAF051D)
bfebe000 bff3b480   Ntfs     Ntfs.sys     Tue May 10 05:20:29 2005 (42807CDD)
bff3c000 bff4d7c0   KSecDD   KSecDD.sys   Sat Sep 20 20:32:19 2003 (3F6CF193)
bff4e000 bff601c0   Dfs      Dfs.sys      Tue Feb 11 21:19:06 2003 (3E49AF1A)
bff61000 bff62000   fltmgr   fltmgr.sys   unavailable (00000000)
bff83000 bff95180   SCSIPORT SCSIPORT.SYS Thu Dec 30 00:53:36 2004 (41D397E0)
bff96000 bffaa940   adpu160m adpu160m.sys Wed Feb 21 20:07:15 2001 (3A946643)
bffab000 bffc0180   atapi    atapi.sys    Tue Apr 01 13:08:25 2003 (3E89D599)
bffc1000 bffe29c0   dmio     dmio.sys     Wed Jan 15 14:47:04 2003 (3E25BAB8)
bffe3000 bffff5a0   ftdisk   ftdisk.sys   Thu Dec 02 22:29:58 2004 (41AFDDB6)
f2000000 f200e6a0   pci      pci.sys      Wed Jan 15 14:44:07 2003 (3E25BA07)
f2010000 f201b680   isapnp   isapnp.sys   Wed Jan 15 14:43:47 2003 (3E25B9F3)
f2020000 f2028700   CLASSPNP CLASSPNP.SYS Wed Jan 15 14:42:51 2003 (3E25B9BB)
f2050000 f205e000   VMNetSrv VMNetSrv.sys Mon Jun 14 21:18:09 2004 (40CE4E51)
f2060000 f206ca80   rasl2tp  rasl2tp.sys  Tue Apr 29 19:05:06 2003 (3EAF0522)
f2070000 f207bc40   raspptp  raspptp.sys  Wed May 14 19:47:00 2003 (3EC2D574)
f2080000 f208ea20   parallel parallel.sys Wed Jan 15 14:47:14 2003 (3E25BAC2)
f2090000 f209c4c0   VIDEOPRT VIDEOPRT.SYS Wed Jan 15 14:47:20 2003 (3E25BAC8)
f20a0000 f20ab680   i8042prt i8042prt.sys Wed Apr 16 00:00:59 2003 (3E9CD57B)
f20b0000 f20b9ce0   NDProxy  NDProxy.SYS  Thu Sep 30 19:25:35 1999 (37F3F16F)
f20d0000 f20d9be0   usbhub   usbhub.sys   Tue Mar 18 18:30:41 2003 (3E77AC21)
f20f0000 f20f8fa0   Npfs     Npfs.SYS     Sat Oct 09 19:58:07 1999 (37FFD68F)
f2100000 f2108680   msgpc    msgpc.sys    Wed Jan 15 14:54:25 2003 (3E25BC71)
f2110000 f211e2c0   mvstdi5x mvstdi5x.sys Thu Sep 02 15:18:40 2004 (41377210)
f2120000 f21281a0   netbios  netbios.sys  Tue Oct 12 15:34:19 1999 (38038D3B)
f2280000 f2285520   PCIIDEX  PCIIDEX.SYS  Tue Feb 25 13:31:08 2003 (3E5BB66C)
f2288000 f228f5a0   MountMgr MountMgr.sys Thu Dec 02 22:33:01 2004 (41AFDE6D)
f2290000 f2296760   ultra    ultra.sys    Wed Oct 09 12:29:50 2002 (3DA4597E)
f2298000 f229f720   disk     disk.sys     Wed Jan 15 14:43:05 2003 (3E25B9C9)
f22a0000 f22a5100   agp440   agp440.sys   Wed Jan 15 14:47:07 2003 (3E25BABB)
f22c8000 f22cc400   ptilink  ptilink.sys  Wed Jan 15 14:47:15 2003 (3E25BAC3)
f22d8000 f22dc0e0   raspti   raspti.sys   Fri Oct 08 16:45:10 1999 (37FE57D6)
f2308000 f230ec40   cdrom    cdrom.sys    Wed Jan 15 14:43:04 2003 (3E25B9C8)
f2310000 f2317f40   uhcd     uhcd.sys     Wed Jan 15 14:45:50 2003 (3E25BA6E)
f2328000 f232cfc0   USBD     USBD.SYS     Wed Jan 22 12:05:33 2003 (3E2ECF5D)
f2340000 f2345ec0   kbdclass kbdclass.sys Thu Feb 20 11:37:30 2003 (3E55044A)
f2350000 f2356100   parport  parport.sys  Wed Jan 15 14:47:13 2003 (3E25BAC1)
f2360000 f2361000   fdc      fdc.sys      unavailable (00000000)
f2370000 f2375400   mouclass mouclass.sys Thu Feb 20 11:37:45 2003 (3E550459)
f2380000 f2386a20   EFS      EFS.SYS      Wed Jan 15 14:46:55 2003 (3E25BAAF)
f2398000 f239ca60   flpydisk flpydisk.sys Wed Jan 15 14:42:52 2003 (3E25B9BC)
f23b8000 f23bd240   Msfs     Msfs.SYS     Tue Oct 26 19:21:32 1999 (3816377C)
f23c8000 f23cc8c0   TDTCP    TDTCP.SYS    Fri Mar 21 16:43:08 2003 (3E7B876C)
f23d8000 f23dfd00   wanarp   wanarp.sys   Fri Aug 16 08:25:01 2002 (3D5CEF1D)
f2410000 f2412a20   BOOTVID  BOOTVID.dll  Wed Nov 03 20:24:33 1999 (3820E051)
f2414000 f2416d00   PartMgr  PartMgr.sys  Wed Jan 15 14:43:07 2003 (3E25B9CB)
f2494000 f24962e0   ndistapi ndistapi.sys Wed Jan 15 14:54:15 2003 (3E25BC67)
f24a0000 f24a3e60   TDI      TDI.SYS      Wed Jan 15 14:56:26 2003 (3E25BCEA)
f24ac000 f24ae540   gameenum gameenum.sys Wed Jan 15 14:45:32 2003 (3E25BA5C)
f24f8000 f24fb580   vga      vga.sys      Sat Sep 25 14:37:40 1999 (37ED1674)
f2500000 f2501100   intelide intelide.sys Wed Feb 19 12:19:09 2003 (3E53BC8D)
f2502000 f2503d20   Diskperf Diskperf.sys Wed Feb 12 16:34:38 2003 (3E4ABDEE)
f2504000 f2505000   dmload   dmload.sys   unavailable (00000000)
f2506000 f25077e0   cmdide   cmdide.sys   Wed Dec 22 16:54:17 1999 (38614889)
f2516000 f2517ca0   Fs_Rec   Fs_Rec.SYS   Wed Jan 15 14:53:30 2003 (3E25BC3A)
f251e000 f251fe40   rasacd   rasacd.sys   Sat Sep 25 14:41:23 1999 (37ED1753)
f25ac000 f25ad000   ParVdm   ParVdm.SYS   unavailable (00000000)
f25c8000 f25c8f80   WMILIB   WMILIB.SYS   Sat Sep 25 14:36:47 1999 (37ED163F)
f25d5000 f25d5a40   audstub  audstub.sys  Sat Sep 25 14:35:33 1999 (37ED15F5)
f25eb000 f25ec000   swenum   swenum.sys   Wed Dec 04 12:10:07 2002 (3DEE36EF)
f25fd000 f25fe000   Null     Null.SYS     unavailable (00000000)
f25ff000 f25ffee0   Beep     Beep.SYS     Wed Oct 20 18:18:59 1999 (380E3FD3)
f2602000 f2602f80   mnmdd    mnmdd.SYS    Sat Sep 25 14:37:40 1999 (37ED1674)
f2632000 f2632f80   dump_WMILIB dump_WMILIB.SYS Sat Sep 25 14:36:47 1999 (37ED163F)

Unloaded modules:
bdc82000 bdca7000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
beec3000 beee8000   kmixer.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bf15d000 bf16a000   DMusic.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bf16d000 bf17b000   swmidi.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
bf19d000 bf1ad000   Serial.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f2130000 f2139000   redbook.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f23a8000 f23ad000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f24f0000 f24f3000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
Closing open log file c:\debuglog100205-01.txt

 

by: cpc2004Posted on 2005-10-07 at 05:02:54ID: 15037706

Hi Lee,

Your interpretation is correct but the problem may be hardware problem. You have to analyze 3 to 4 minidumps in order to confirm the culprit. If they all crashes with the same instruction address, it is unlikely it is hardware problem cos hardware problem occurs randomly.

Hope it can help you
cpc2004

 

by: cpc2004Posted on 2005-10-07 at 05:06:54ID: 15037722

For example if it is overheat and cause instruction address alignment problem at f2112917 and it is not software error.

 

by: leewPosted on 2005-10-07 at 07:29:41ID: 15038913

Will do, thanks.

Thanks to both of you - this is pretty much just what I was looking for.

 

by: JayizKoolPosted on 2005-10-08 at 19:06:29ID: 15046619

leew:

     No problem.

Regards,
Jay

 

by: leewPosted on 2005-10-17 at 23:19:35ID: 15105093

I didn't want to go through all these files manually... so I wrote a script that SEEMS to be working for me.  Would appreciate it if cpc2004 were to take a look at it - run it against some dumps he may have and confirm it's outputing good information.  Suggestions are, of course, welcome.

Here's the script:

------------------------------8<---------- analyze.cmd ---------------------------
@echo off
Set DebuggerPath=C:\Program Files\Debugging Tools for Windows
Set SymbolsFolderPath=C:\Symbols

For /f "tokens=*" %%a in ('cd') do set curdir=%%a
if "%1" == "*" Goto AnalyzeAll
if "%1" == "" Goto Help
Goto ProcessDump
:Help
Echo %0 - Analyze one or more crash dumps
Echo.
echo USAGE:
echo.
echo     %0 * ^| filename.dmp
echo.
echo         * - Analyze ALL dmp files in the directory
echo         filename.dmp - Analyze only this specific dump
echo.
echo     This script will create a file in dmp file directory called %0.log
echo         This file contains the Bug Check code and the debugger's opinion
echo         of which file caused the crash.
echo.
Goto EOF

:AnalyzeAll
For /f "tokens=1" %%z in ('dir /a-d /b *.dmp') Do Call :ProcessDump %%z
Start Notepad "%curdir%\analyze.log"
Goto EOF

:ProcessDump
cd /d "%debuggerpath%"
if not exist kd.script (
      echo .symfix>>kd.script
      echo !analyze -v>>kd.script
      echo q>>kd.script
) ELSE (
      Echo %0: ***kd.script found - using existing file.***
)
kd -z %curdir%\%1 -logo %curdir%\%1.log -y srv*%symbolsfolderpath%*http://msdl.microsoft.com/download/symbols -v -cf kd.script"
For /f "Skip=2 tokens=*" %%a in ('find "BugCheck" %curdir%\%1.log') do Echo %1 Bug Check: %%a>>%curdir%\analyze.log
For /f "Skip=2 tokens=*" %%a in ('find /i "probably caused by" %curdir%\%1.log') do Echo %1 Probable Cause: %%a>>%curdir%\analyze.log
Echo.>>%curdir%\analyze.log

:EOF
cd /d %curdir%
If "%0" NEQ ":ProcessDump" If Exist "%curdir%\analyze.log" Start Notepad "%curdir%\analyze.log"
------------------------------8<---------- analyze.cmd ---------------------------

Now, using the script, I generated this "analyze.log" file - which seems to confirm my earlier suspicians as all of them seem to have the same basic info:
Mini081705-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini081705-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini082005-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082005-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini082205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini082605-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2102917}
Mini082605-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini082905-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini082905-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini090105-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090105-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini090305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini090405-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090405-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini090505-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini090505-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini091205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini091305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini091405-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini091405-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini092005-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092005-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini092305-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092305-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini092605-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092605-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini092705-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini092705-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

Mini100205-01.dmp Bug Check: BugCheck D1, {3, 2, 0, f2112917}
Mini100205-01.dmp Probable Cause: Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )

 

by: cpc2004Posted on 2005-10-18 at 01:59:43ID: 15105650

I will test it and get back to you.

 

by: kcarrimPosted on 2005-10-19 at 01:50:13ID: 15114182

Leew, i already have the symbol packs. How would i use the script? I am not much of a programmer.

 

by: cpc2004Posted on 2005-10-19 at 03:52:45ID: 15114657

Hi Leew,

Your script is perfect and it can find out the culprit of simple problems. However for complicate problem it may provide wrong information. I need to explain the the meaning of " Probably caused by : mvstdi5x.sys ( mvstdi5x+2917 )' as kd scan the stack trace and look for the first occurence of non-Microsoft module and then microsoft routine.  This assumption may be incorrect.
 
For example

BugCheck 1000000A, {10, 2, 1, 804f6268}
Probably caused by : SYMEVENT.SYS ( SYMEVENT+b124 )
STACK_TEXT:  
f3d0d848 804f5feb dfba0000 03e163f0 00000000 nt!MmCopyToCachedPage+0x3ba
f3d0d8d8 804f5e75 82d17008 03e163f0 f3d0d91c nt!CcMapAndCopy+0x1a9
f3d0d964 f85beb66 82ddd638 f3d0db34 00000010 nt!CcCopyWrite+0x28e
f3d0db58 f85bbc97 829c24a0 82dce748 82dce748 Ntfs!NtfsCommonWrite+0x1d2a
f3d0dbbc 804e37f7 82f57020 82dce748 82f96bf8 Ntfs!NtfsFsdWrite+0xf3
f3d0dbcc f865e3ca 804e8a39 00000000 f3d0dc84 nt!IopfCallDriver+0x31
f3d0dbdc 804e37f7 82fcd3c8 e10d8d28 f3d0dc34 sr!SrWrite+0xaa
f3d0dbec f62f5124 00000000 f3d0dc34 82cb8778 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f3d0dc84 805784c0 82e12bf0 82dce748 82ddd638 SYMEVENT+0xb124
f3d0dd38 804de7ec 000017b0 00000000 00000000 nt!NtWriteFile+0x602
f3d0dd38 7c90eb94 000017b0 00000000 00000000 nt!KiFastCallEntry+0xf8
0208fdb0 00000000 00000000 00000000 00000000 0x7c90eb94

Kb reports that ithe culprit is SYMEVENT.SYS and actually the correct answer is faulty ram. This is reason why KB reports that it is probably caused by xxxxx.


20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...