Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows 2000 Server BSOD

Posted on 2004-10-25
58
Medium Priority
?
1,416 Views
Last Modified: 2008-01-09
My Windows 2000 Server gives BSOD every 2 to 6 weeks. So far no luck on Google, etc. :

"***STOP: 0x000000B8 (0X00000000,0X00000000,0X00000000,0X00000000)
A wait operation, attach process, or yield was attempted from a DPC routine.

Beginning dump of physical memory"

Anyone seen this, have any ideas what is the problem and fix?

George
0
Comment
Question by:George46227
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 29
  • 14
  • 6
  • +5
58 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 12402590
When searching for Stop messages on google or at microsoft, drop the leading 0's  - search for STOP 0xB8 in this case
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12402771
Hi some general links - some of which may or may not be relevant depending on your setup and/or on which service pack you're on as you didn't say,

"How to Debug 'Stop 0xC2' or 'Stop 0x000000C2' Error Messages"  
http://support.microsoft.com?kbid=265879 
"'STOP 0x000000c2' Error Message Appears on a Blue Screen After You Install
IomegaWare"  
http://support.microsoft.com?kbid=309155 
"Some Windows 2000 hotfixes may cause a conflict with Service Pack 3 [SP3] for
Windows 2000"  
http://support.microsoft.com?kbid=309601 
"'STOP 0x000000C2 BAD_POOL_CALLER' Error Message on a Cluster Node"  
http://support.microsoft.com?kbid=321793 
"'BAD_POOL_CALLER' Error Message When Upgrading to Windows 2003 Server"
http://support.microsoft.com?kbid=817409 
"Computer intermittently stops responding and a Stop 0x000000C2 error occurs"
http://support.microsoft.com?kbid=820765
"'Stop 0xC2 [BAD_POOL_CALLER]' error may occur intermittently on a server that
is running Routing and Remote Access with NAT enabled under Windows 2000"  
http://support.microsoft.com?kbid=829788 

Deb :))

0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 16

Expert Comment

by:GUEEN
ID: 12403195
George check your error logs - it should give you some clue if this is driver related.  Post source and error here.  I once had a Scsiport.sys problem and had to get a hotfix from mS.
0
 

Author Comment

by:George46227
ID: 12403478
"The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000b8 (0x00000000, 0x00000000, 0x00000000, 0x00000000). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini101500-01.dmp." That's all there is in System Log near the crash time.

George
0
 
LVL 16

Expert Comment

by:GUEEN
ID: 12403565
I would check all drivers first for video/sound/usb -get them updated  - did you add any new hardware recently or install any MS updates?
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12403617
Sorry about earlier irrelevant links - posted in the wrong darn thread!!!! - DOH!!
Deb :))
0
 
LVL 3

Expert Comment

by:browolf
ID: 12406645
is the server part of a cluster?
0
 

Author Comment

by:George46227
ID: 12411754
Server is not part of a cluster
No new hardware
No recent MS updates

None of the above links have applied.

George
0
 

Author Comment

by:George46227
ID: 12655399
11/23/04

1. I don't have a ZIP drive or Tivoli or W2K Cluster.
2. No new hardware installed recently.

I don't think any of the responses have provided a solution at this point. I have checked each suggested link - although the errors are similar they do not apply since they refer to ZIP drives, Tivoli or W2K Cluster setup.

If there are no more responses in the next few days I will close out the question with no points awarded if approved by the EE admins.

George
0
 

Author Comment

by:George46227
ID: 12683001
11/26/04
2:48pm

I am going to do a pointer question to get some new responses.

George


0
 

Author Comment

by:George46227
ID: 12683153
11/26/04

Google search - found two articles, one referred to a problem with a scanner, one referred to a problem with a DSL modem. I have neither.

George
0
 
LVL 86

Expert Comment

by:jkr
ID: 12683261
This is a driver problem. Which .sys file is mentioned in the error message?
0
 
LVL 20

Assisted Solution

by:Debsyl99
Debsyl99 earned 750 total points
ID: 12683279
Hi
All I can suggest is that you have a look at the resources below with a view to examining the memory dump as this should give you information as to what is exactly responsible for the dsod's. The problem is that there are so many potential causes of this problem you're going to be really fortunate to track it down via google unless someone else has had and publicised exactly the same issue with exactly the same hardware and software setup. I expect that if you did involve MS then they would take the same approach. Other things that you can do is ensure that the latest drivers are loaded and installed for all your hardware, maybe update the bios and also run checks on the integrity of your hard drives, memory etc, although I would have thought hardware issues to be less likely with the infrequency of the crashes, although still not impossible,
How to use the Userdump.exe tool to create a dump file
http://support.microsoft.com/default.aspx?scid=kb;en-us;241215&Product=win2000
Using the Windbg Debugging Tool
http://www.winnetmag.com/Article/ArticleID/21217/21217.html
How to debug Windows services
http://support.microsoft.com/?kbid=824344

You could always post the output from windbg to see if it gives any more info, which hopefully it should,
0
 

Author Comment

by:George46227
ID: 12684485
jkr
11/26/04

As previously stated above:

"The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000b8 (0x00000000, 0x00000000, 0x00000000, 0x00000000). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini101500-01.dmp." That's all there is in System Log near the crash time.

 No .sys file is mentioned in the BSOD screen or Event Log.

George
0
 
LVL 86

Expert Comment

by:jkr
ID: 12684498
Could you try what Debsyl99 suggested to obtain some more detailed information?
0
 
LVL 86

Expert Comment

by:jkr
ID: 12684502
...or, let me put that differently: Are you willing to go through using WinDbg to get some more stuff out of the memory dump?
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12684634
This is hard question. Can you attach three minidumps at webspace and I will investigate the dumps. I hope I can have find new findings.
0
 
LVL 88

Expert Comment

by:rindi
ID: 12684675
Can you supply us with information on what hardware is inside the PC and what peripherals are connected to the external ports?
0
 

Author Comment

by:George46227
ID: 12686539
jkr
11/27

OK - I am new to EE - how to I "attach" the minidumps? I opened them with notepad, seems to be a lot of jibberish. Tell me how and I will do it.

George
0
 

Author Comment

by:George46227
ID: 12686655
rindi
11/27/04

The pc is basically a clone
Original install date July, 2000

From Device Manager -
HDD: SAMSUNG SV0511D and WDC AC13200B
Dispaly: S3 Inc. Trio3D
DVD/CD-ROM: ATAPI CD-ROM Drive-40X
FDC: Standard fdc
FDD: Floppy dd (x2 - 3.5 and 5.25 - my coment)
IDE ATA/ATAPI: Intel 82371AB/EB PCI Bus Master IDE controller
KBD: PC/AT Enhanced PS/2 Keyboard (101/102-key)
Mouse: Logitech PS/2 Port Mouse
Modem: Standard 28800 bps Modem
Monitor: Default Monitor
Network Adapters: Yellow! 3Com Etherlink III ISA (3C509/3C509B) Legacy mode
                            (this NIC was installed originally 7/00 for testing and later removed -                            the Yellow! has always been there - my comment)
                            3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) # 2
                            Realtek RTL8029(AS)-based PCI Ethernet Adapter # 2
Other devices: Yellow! Multimedia Audio Controller
                      Yellow! PCI Input Device
                      Yellow! WIN5602 MODEM LINE INTERFACE CARD
                      (the Yellow! has always been there on these devices since 7/00 - I
                      never attempted to install drivers for these devices because I don't use
                      them - my comment).
Ports (COM and LPT): Communications Port (COM1)
                                 Printer Port (LPT1)
Sound, video and game controllers: Audio Codecs, Legacy Audio Drivers, Legacy Video
                                                    Capture Devices, Media Control Devices, Video
                                                    Codecs
System Devices: I will omit this lengthy and obscure area unless someone specifically
                        asks for information                          
Universal Serial Bus controllers: Intel 82371AB/EB PCI to USB Universal Host Controller
                                               USB Root Hub

George



   
0
 

Author Comment

by:George46227
ID: 12686838
Debsyl99
jkr

11/27

My previous experience with NTRK dump tools and debugs (NT4) is hours spent with no solution. But since you have suggested it and are willing to participate I will attempt to do that. I have not read thru the articles you listed yet but will try to do so probably on Monday 11/29. Does this involve installing the "Debug Symbols" like in NT4? My previous experience with them was not helpful but I will try to follow your suggestions. Thanks for the help.

George
0
 

Author Comment

by:George46227
ID: 12686852
cpc2004
11/27

Sorry for the error (thought you were jkr)

OK - I am new to EE - how to I "attach" the minidumps? I opened them with notepad, seems to be a lot of jibberish. Tell me how and I will do it.

George

0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12687726
Hi George I have access to a flimsy PC is all right now - will look into it when I have access to the necessary resources and come back to you Monday :))
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12688337
You have to use windbg to view the dump. Process the dump is easy and most difficult part is how to interpret the output. The minidump has around 64K and it only have the stack trace, registers at time of crash and load module map. For diffficult problem such as storage overlay, a full dump is required.
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12688443
Hi George46227,
I am advised by EE adminstration not to give my email address to receive problem owner's information because all the information that provided by problem owner must be opened to all the experts. If you can provide your email address here, all the interested experts can send email to you to get the minidump. I think it will not violate the EE's rule and regulation.
0
 

Author Comment

by:George46227
ID: 12696122
11/29/04

If anyone wants a copy of the minidump send a email to the following address:
minidumpATspamexDOTcomNOSPAM
(remove the obvious and edit)

This is a temporary, disposable address used only for this EE question, it will be deleted after the question is closed. If you don't want to give out your real email  address consider setting up a temporary disposable one at wwwDOTspamexDOTcom.

George
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12696752
I put my email in my personnel profile.
0
 

Author Comment

by:George46227
ID: 12700207
Debsyl99
11/29/04

I am reading the article "How to use the Userdump.exe tool to create a dump file" KB Q241215. It refers to setting up applications for de-bugging. In my case I have A BSOD (not a Dr.Watson) - I have no idea what "application" (if any) is causing the BSOD (I would think it might be more likely related to a hardware or driver problem). Is this going to help with the BSOD? It seems focused on de-bugging applications, as far as I know there is no specific application associated with the problem (based on the BSOD info and Event Log info). I will go ahead and dl the tool and read the docs anyway - hopefully it will help.

Thanks
George
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12701468
The dump that I recieved was created 4 years ago. Do you have the most current dump?
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12701565
Two dumps are inaccessible. From the windows, it shows that your PC is W2K SP1. If it is true, you must upgrade it to higher Servce Pack level such as SP4 or SP5.
0
 

Author Comment

by:George46227
ID: 12709056
cpc2004
11/30/04

1. As I said in my email to you "Just ignore the dates - I've been doing some testing and changing the system dates." The dumps are the three most recent.
2. Why do I "have to" upgrade to SP4/SP? What does that have to do with the BSOD specifically?
3. Any idea why two of the dumps are inaccessible? Did the other dump show anything useful? What tool are you using to open or analyze the dumps.

George

0
 

Author Comment

by:George46227
ID: 12710251
11/30/04
3:45pm

Update:

I have dl/printed out all three articles as previously recommended by Debsyl99. I have dl userdump.exe - oem3sr2.zip - part of OEM Support Tools 3r2 - and I have read/studied the Userdump.exe article.

I have dl Windbg Debugging Tool - dbg_x86_6.3.17.0.exe and am now reading/studying the article (you really need some other articles as it is part of a series - see the  previous articles "Starting the Troubleshooting Process" #20594 and "Ubderstanding and Using Symbols" #20928).

I have not dl the symbols yet (large dl!), I will keep everyone posted.

George
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12710859
It is no need to download the symbol. At Winddbg
File --> Symbol File Path --> srv*\websymbols*http://msdl/microsoft.com/download/symbols
When windbg process the dump and it will access Microsoft Wbesite to fetch the symbols.

Maybe you get hardware problem such as faulty ram hence the dumps were taken unsuccessfully. It is my first time the dumps cannot be accessed. Run RAM test to test your memory (http://www.memtest86.com)

W2K SP1 is very a low patch patch and this is why I recommend you to upgrade your W2k upgrade to SP4 or Sp5.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12713862
Hi
I agree - SP1 is a very low patch - many many issues and instabilities have been corrected in 2000 in the patches that follow - you really should patch up to date,
0
 

Author Comment

by:George46227
ID: 12716448
cpc2004
12/1/04
10:00am

Yes - I saw the article on using the Symbol Server over the net, also I guess the symbols are still actually dl to your pc even when using Symbol Server!? Maybe only the ones needed for the Windbg config that is used during the debug session? Although it does say you can dl the symbols to a network drive/UNC path - still sounds like something will get dl.

Are you saying it is possible to use the Symbol Server in real-time without Dl any symbols locally - just run them off the Symbol Server? This is the example in the article:
"SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols" where c:\websymbols is the "downstream store" which can be a local folder or on a network drive (like q:\websymbols or \\MyComp\websymbols).

I only have 230MB c: space, I could probably cleanup to about 500-600MB or so, not much room for symbols, SP's, etc.

George
0
 

Author Comment

by:George46227
ID: 12716902
12/1/04
10:20am

This is where I am:
1. Userdump.exe: After dl and reading the docs it doesn't seem a useful tool for my BSOD problem since it is for app debugging. If I am wrong please correct me and explain or refer me to some references which are good for using it for BSOD things.
2. Symbols: I am going to try to use the Symbol Server over the net and point the dl to a network drive since I am low on disk space. Hopefully the Symbol Server will work with SP1 - the SP1 symbols aren't available for dl anyway - only SP3 and above at Microsoft site.
Are the symbols for basic w2k on the install cd (they were with NT4). I have original cd's plus SP's on CD - maybe I already have the symbols if I can find them.
3. Windbg: I would like some more information. Good reference article or something. What tools are including in the dl dbg_x86_6.3.17.0.exe? What will I be able to do - view a .dmp file, anything else? Is it a "install" procedure or just copy files, configure, set reg entries, etc.? Is it possible to do a un-install, or manually un-install? I am trying to Google some info but so far nothing specifically helpful.

George
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12718033
Install Windbg use standard installation method. It has no uninstall procedure. Get rid of the windbg folder if you don't want it.  There have a few article to teach you how to use windbg. I only find a book called "Windows Kernel Debugging" at library and this book teach the reader how to use Windows Debugging Tools for W2K environment.

The on-line help of windbg is the best article and it has a lot of example and the debugging concept.
0
 

Author Comment

by:George46227
ID: 12720691
12/1/04
4:10pm

I am trying to use Windbg to open the .dmp file. I am getting an error " Unable to load image ntoskrnl.exe, Win32 error 2 *** WARNING: Unable to verify timestamp for ntoskrnl.exe *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe" My ntoskrnl.exe is Friday, July 21, 2000, 7:05:00 AM v5.0.2195.1620. Then it says "Loading Kernel Symbols" and "Loading unloaded module list" and "Loading User Symbols", then it just sits there apparently doing nothing - maybe hung? This is for at least 5 min. - should it take a long time for the .dmp to be processed?

Has anyone used the Symbol Server? - maybe the Symbol Server doesn't work either for SP1?

George
0
 

Author Comment

by:George46227
ID: 12721028
12/1/04
4:55pm
cpc2004

Have you used the Symbol Server? Can you check the path and let me know - I am using "SRV*p:\websymbols*http://msdl.microsoft.com/download/symbols" where P: is a mapped drive. You say you are using "srv*\websymbols*http://msdl/microsoft.com/download/symbols" - is that a typo? no drive letter in front of "\websymbols"? also the slash instead of dot after "msdl"?

George
0
 
LVL 20

Accepted Solution

by:
cpc2004 earned 750 total points
ID: 12721867
George,

Refer the following webpage
http://www.microsoft.com/whdc/devtools/debugging/symbols.mspx

If you have problem to use symbolic servers, maybe you are using W2K SP1 which is 4 years behind.


cpc2004
0
 

Author Comment

by:George46227
ID: 12737828
12/3/04
11:50am

I have installed the Debugging Tools for Windows (latest download version from Microsoft - dbg_x86_6.3.17.0.exe - not the beta) and installed W2K retail symbols and SP1 symbols. The debug is installed to a local drive (G:\Debugging Tools for Windows), symbols installed to a network drive (K:\Symbols2K), in Windbg I set the symbol path to K:\Symbols2K and opened a dump. I would like to post the dump here - but it won't let me select/copy the contents of the window. How can I save the debug window to a file so I can paste it here - or somehow select/copy/paste the contents? I have some results which might be useful.

George
0
 

Author Comment

by:George46227
ID: 12738074
12/3/04
12:15pm

Apparently there is a glitch in the Windbg related to the mouse - I can select but not copy - after I select and right-click the selected area goes un-selected. Keyboard CTL+C works OK to copy the selected area.

Here is what I have:

Microsoft (R) Windows Debugger  Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINNT\Minidump\Mini051700-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: K:\Symbols2K
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
Debug session time: Mon May 15 08:58:33 2000
System Uptime: not available
Unable to load image ntoskrnl.exe, Win32 error 2
Loading Kernel Symbols
.................................................................................................
Loading unloaded module list
......
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck B8, {0, 0, 0, 0}

*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : vsdatant.sys ( vsdatant+1238e )

Followup: MachineOwner
---------

I know vsdatant.sys is Zone Alarm which I have used with no problem for 3 years. Any other thoughts? Is vsdatant.sys the perpetrator of the problem or the victim - or neither? Any other commands I can use to get additional data? Should I do a debug session on Zone Alarm?

George
0
 

Author Comment

by:George46227
ID: 12738284
12/3/04
12:35pm

Here is another slightly different:

Loading Dump File [C:\WINNT\Minidump\Mini072900-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: K:\Symbols2K
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
Debug session time: Sat Jul 29 01:01:03 2000
System Uptime: not available
Unable to load image ntoskrnl.exe, Win32 error 2
Loading Kernel Symbols
..................................................................................................
Loading unloaded module list
......
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck B8, {0, 0, 0, 0}

*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Unable to load image NDIS.sys, Win32 error 2
Unable to load image RTL8029.SYS, Win32 error 2
Probably caused by : vsdatant.sys ( vsdatant+b696 )

Followup: MachineOwner
---------

The last few lines are different at least, not sure about the rest - refers to NDIS.sys and RTL8029.SYS (one of my nic's).

George
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12738502
The result that you have is different to mine. According to my windbg report, the Probably caused by : ntoskrnl.exe ( nt+2bc79 ). According to my understanding, I can use XP windbg to process W2K dumps. May be it is related to W2K SP1 is too old.  I cannot  access the other two dumps.

If you visit Secret Maker WebSite, SecretMaker complains zonealarm is unstable. I suggest you had better upgrade your W2K from SP1 to SP4.

Loading Dump File [C:\Problem Determination\Newdump\Mini051700-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*\websymbols*http://msdl/microsoft.com/download/symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
Debug session time: Mon May 15 21:58:33 2000
System Uptime: not available
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.................................................................................................
Loading unloaded module list
......
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck B8, {0, 0, 0, 0}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : ntoskrnl.exe ( nt+2bc79 )
0
 

Author Comment

by:George46227
ID: 12745057
cpc2004
12/4/04
2:05pm

I think there is a concept called a "symbol tree". That means a person would have symbols for various version of windows, each in a separate folder and the symbol path would point to the correct set of symbols in the appropriate folder. Maybe xp windbg can open the w2k sp1 minidump - but how does it handle the symbols for w2k sp1 - do you have the w2k sp1 symbols in a separate folder and the symbol path pointing there? It looks like your results are having a problem with the symbol file versions?

George
0
 

Author Comment

by:George46227
ID: 12764491
12/7/04
10:05am

Can someone help me figure out the "image path" parameter in Windbg - the documentation article Q315263 states the image path must be defined but only gives an example for XP - image path is the CD folder I386. I have W2K SP1 - should I put the SP1 CD in and point to the I386 folder? Do the "images" have to be "de-compressed" and then copied to the hard drive?

What type of setup are people using for the image path for the loading of the binary files?

George
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12764639
Hi George

I can't help but think that you are wasting your time with this as SP1 is an extremely old patch - Is there any reason why you are unwilling to patch up to sp4? As has been said before, many problems in relation to stability and function have been fixed since sp4. Why not try install sp4 and archive the files for uninstall if it causes any problems. I've got sp4 on all my win2k machines (clients and servers) and find them to be stable.

0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12764865
Hi Debsyl99
I think George wants to learn how to use windbg and it doesn't what service level he is using.

Hi Geroge,
Imagepath is execution search path. I setup my imagepath c:\windows\system32. For W2K it should be c:\winnt\system32

Hope it can help you
cpc2004
0
 

Author Comment

by:George46227
ID: 12766130
cpc2004
12/7/04
12:05pm

Thanks for the help - the article is confusing, referring to the \I386 folder as the path for the binaries, I was thinking "wouldn't it just be C:\WINNT where the system .exe's, dll's, etc. are located?" Wouldn't you think Windbg would know to use the default system folder, should only need specified if it is different than the default!?

Debsyl99

Well here's the deal - I have nowhere near enough room on c: to do SP4 much less room to save the un-install (not even on another drive - I have 3 disks but all are small). I have done 4 or 5 SP4's - they take an incredible amount of disk space for the dl, temp, un-install, etc. I have tried but the SP won't run- "not enough disk space". I just don't have any way to add disk space right now; deleting off "un-used files" - I don't think would get me close - it's only 3 GB with 200 MB free. I've tried the web-based sp install, from CD, etc.

Also on all the w2k machines the sp4 broke something which has never been resolved - the automatic scheduled reboot from the NTRK. This really screws things up because the machines need to be re-booted overnight to break file locks so a VB application can be updated weekly with ongoing code changes. I tried other un-attended shutdown tools but they don't work either (www.sysinternals tool).

Yes - I would like to learn to deal better with BSOD's including use of Windbg. I have 3 NT4 servers and 1 W2k server (in addition to the one I am working on right now) which BSOD at times and I don't really have a good solution or way to analyze the problem. I have used PSTAT in the past which helps depending on the error code.

Thanks for any help and at least the effort is appreciated
George
0
 

Author Comment

by:George46227
ID: 12766875
12/7/04
1:35pm

I have some other information. Also - is it correct to enter the commands at the bottom of the window in Windbg after opening a crash dump file - like !analyze - show and !analyze -v and lm t n? It seems to work, no errors. Here's the latest:


Microsoft (R) Windows Debugger  Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINNT\Minidump\Mini081800-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: K:\Symbols2K
Executable search path is: c:\winnt\system32
Windows 2000 Kernel Version 2195 (Service Pack 1) UP Free x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x8046b618
Debug session time: Fri Aug 18 07:05:00 2000
System Uptime: not available
Loading Kernel Symbols
...................................................................................................
Loading unloaded module list
........
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck B8, {0, 0, 0, 0}

*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : vsdatant.sys ( vsdatant+1238e )

Followup: MachineOwner
---------

kd> !analyze -show
Unknown bugcheck code (e3d050)
Unknown bugcheck description
Arguments:
Arg1: 00000000
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

ATTEMPTED_SWITCH_FROM_DPC (b8)
A wait operation, attach process, or yield was attempted from a DPC routine.
This is an illegal operation and the stack track will lead to the offending
code and original DPC routine.
Arguments:
Arg1: 00000000, Original thread which is the cause of the failure
Arg2: 00000000, New thread
Arg3: 00000000, Stack address of the original thread
Arg4: 00000000

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xB8

LAST_CONTROL_TRANSFER:  from 80402698 to 8042bc79

STACK_TEXT:  
f5c23c40 80402698 000000b8 ffffffff 00000202 nt!KeBugCheck+0xf
f5c23c50 80402497 f5c23c8c 80f62dac 80f62d40 nt!SwapContext+0x117
f5c23c64 8042d774 f48b0054 f48b0000 f48b0000 nt!KiSwapThread+0xc5
f5c23c8c f4f2c38e 807a0870 00000000 00000000 nt!KeWaitForSingleObject+0x1a1
f5c23ca8 f4f2b0a7 f48b0000 f5c23d98 81499616 vsdatant+0x1238e
f5c23cc0 f4f1ffb9 f48b0000 00000060 00000524 vsdatant+0x110a7
f5c23ce4 f4f2262c 00080005 f5c23d0c 0000008c vsdatant+0x5fb9
f5c23d94 f4f24a72 00080005 8473a4a8 f5c23e10 vsdatant+0x862c
f5c23db4 f4f25bba f5c23e10 f4f2cb90 00017fff vsdatant+0xaa72
f5c23de0 f4f1ebaa f5c23e02 815a7710 81589468 vsdatant+0xbbba
f5c23e8c fb4a9745 813bb9a8 814b7808 81589468 vsdatant+0x4baa
f5c23ee8 f58c5fbe 815a7700 f5c23f48 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x2ea
f5c23fa8 f58c256d 0057c008 804022a0 815a7710 el90xbc5!UpCompleteNdis40PlusEvent+0x25e
f5c23fc4 fb4941ed 8157c008 814cc208 814cc46c el90xbc5!NICInterrupt+0x83
f5c23fe0 80462234 8157c1f4 8157c1e0 00000000 NDIS!ndisMDpc+0xc8
f5c23ff4 8040250c f4ad2bbc 00000000 00000000 nt!KiRetireDpcList+0x30


FOLLOWUP_IP:
vsdatant+1238e
f4f2c38e 5e               pop     esi

SYMBOL_STACK_INDEX:  4

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  vsdatant+1238e

MODULE_NAME:  vsdatant

IMAGE_NAME:  vsdatant.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  3bf330a0

STACK_COMMAND:  kb

BUCKET_ID:  0xB8_vsdatant+1238e

Followup: MachineOwner
---------

George
0
 

Author Comment

by:George46227
ID: 12766975
12/7/04
1:55pm

Herre is the result of lm t n :

kd> !drivers

  The !drivers command is no longer supported.

  Please use the 'lm t n' command.
  Consult the debugger documentation for the supported 'lm' command options.

  The WinDbg "Modules" window can also be used to to display timestamps.
  The "Modules" window supports sorting on name or timestamp values

kd> lm t n
start    end        module name
80062000 80079440   hal      hal.dll      Sat Oct 30 17:48:14 1999 (381B75AE)
80400000 8059fa80   nt       ntoskrnl.exe Wed Jul 19 14:49:11 2000 (39760637)
a0000000 a01a6000   win32k   win32k.sys   unavailable (FFFFFFFE)
f4077000 f40be000   ATMFD    ATMFD.DLL    unavailable (FFFFFFFE)
f40be000 f413e600   NavEx15  NavEx15.Sys  Fri Jun 20 18:03:43 2003 (3EF392CF)
f42a7000 f42b9000   RASDD    RASDD.DLL    unavailable (FFFFFFFE)
f4651000 f46789a0   navap    navap.sys    Fri Feb 09 00:15:26 2001 (3A837CEE)
f4722000 f4736be0   ipsec    ipsec.sys    Wed May 10 14:07:56 2000 (3919B38C)
f4737000 f4747a60   SYMEVENT SYMEVENT.SYS Wed May 14 00:45:43 2003 (3EC1D807)
f48e3000 f48e5f20   spud     spud.sys     Fri Nov 19 18:36:27 1999 (3835DEFB)
f4af7000 f4b05d80   Cdfs     Cdfs.SYS     Mon Oct 25 14:23:52 1999 (3814AE48)
f4dc7000 f4e01740   srv      srv.sys      Wed May 10 14:09:22 2000 (3919B3E2)
f4f1a000 f4f2fa40   vsdatant vsdatant.sys Wed Nov 14 22:04:00 2001 (3BF330A0)
f4f30000 f4f4db40   afd      afd.sys      Wed Jun 07 12:30:47 2000 (393E86C7)
f4f4e000 f4f66e00   nbf      nbf.sys      Sat Sep 25 14:16:47 1999 (37ED1F9F)
f547f000 f54c7000   s3mt3d_f547f000 s3mt3d.DLL   unavailable (FFFFFFFE)
f54ef000 f5503b40   dump_atapi dump_atapi.sys Fri Mar 03 19:33:40 2000 (38C059E4)
f5504000 f55262e0   Fastfat  Fastfat.SYS  Thu Mar 16 20:34:16 2000 (38D18B98)
f5527000 f5584060   mrxsmb   mrxsmb.sys   Fri Jun 09 14:39:18 2000 (394147E6)
f5597000 f55b83e0   rdbss    rdbss.sys    Fri Jun 09 14:46:14 2000 (39414986)
f55b9000 f55cb000   IBMTwxSN IBMTwxSN.SYS Mon Jul 07 07:22:51 1997 (33C0DF9B)
f55cb000 f55e0000   IBMTwxNM IBMTwxNM.SYS Mon Jul 07 07:22:58 1997 (33C0DFA2)
f55e0000 f5603120   netbt    netbt.sys    Wed May 10 14:09:03 2000 (3919B3CF)
f56ac000 f56bb400   NAVENG   NAVENG.Sys   Fri Jun 20 18:04:30 2003 (3EF392FE)
f56cc000 f571a1a0   tcpip    tcpip.sys    Wed Jun 14 13:40:59 2000 (3947D1BB)
f576b000 f5784960   update   update.sys   Wed Jun 14 14:42:26 2000 (3947E022)
f5785000 f57a0b00   ks       ks.sys       Tue Nov 30 03:51:38 1999 (3843901A)
f57c9000 f57df180   ndiswan  ndiswan.sys  Tue Nov 30 02:09:01 1999 (3843780D)
f5800000 f580e440   pci      pci.sys      Mon May 08 17:13:53 2000 (39173C21)
f5810000 f581b580   isapnp   isapnp.sys   Sat Oct 02 15:00:35 1999 (37F66463)
f5820000 f5828260   CLASSPNP CLASSPNP.SYS Wed Oct 06 18:55:45 1999 (37FBE181)
f5850000 f585c560   rasl2tp  rasl2tp.sys  Tue Nov 30 02:09:07 1999 (38437813)
f5860000 f586b9e0   raspptp  raspptp.sys  Tue Nov 30 02:09:13 1999 (38437819)
f5870000 f587fb20   wlbs     wlbs.sys     Thu Mar 23 00:21:06 2000 (38D9A9C2)
f5890000 f589e9e0   parallel parallel.sys Mon Mar 06 18:42:46 2000 (38C44276)
f58a0000 f58a9f20   s3mt3d   s3mt3d.sys   Fri Oct 29 16:11:41 1999 (381A0D8D)
f58b0000 f58bc420   VIDEOPRT VIDEOPRT.SYS Thu Mar 16 20:26:50 2000 (38D189DA)
f58c0000 f58cf000   el90xbc5 el90xbc5.sys Tue Oct 19 12:09:18 1999 (380CA5BE)
f58d0000 f58db0a0   i8042prt i8042prt.sys Thu Dec 02 02:34:06 1999 (384620EE)
f58e0000 f58ef2e0   serial   serial.sys   Mon Oct 25 14:27:55 1999 (3814AF3B)
f58f0000 f58f9ce0   NDProxy  NDProxy.SYS  Thu Sep 30 18:25:35 1999 (37F3F16F)
f5910000 f5919bc0   usbhub   usbhub.sys   Fri Apr 28 16:38:14 2000 (390A04C6)
f5930000 f5938fa0   Npfs     Npfs.SYS     Sat Oct 09 18:58:07 1999 (37FFD68F)
f5940000 f59486e0   msgpc    msgpc.sys    Tue Nov 30 02:37:21 1999 (38437EB1)
f5950000 f59581a0   netbios  netbios.sys  Tue Oct 12 14:34:19 1999 (38038D3B)
f5970000 f597d9e0   dlc      dlc.sys      Tue Jan 25 19:51:31 2000 (388E4513)
f5a80000 f5a854a0   PCIIDEX  PCIIDEX.SYS  Wed Oct 27 18:02:19 1999 (3817847B)
f5a88000 f5a8f180   MountMgr MountMgr.sys Fri Oct 22 17:48:06 1999 (3810E9A6)
f5a90000 f5a96a60   disk     disk.sys     Tue Feb 01 19:06:00 2000 (389774E8)
f5a98000 f5a9cfa0   agp440   agp440.sys   Tue Sep 28 18:37:32 1999 (37F1513C)
f5ab0000 f5ab6f20   Modem    Modem.SYS    Sat Sep 25 13:34:55 1999 (37ED15CF)
f5ad0000 f5ad43e0   ptilink  ptilink.sys  Wed Oct 13 18:29:00 1999 (380515BC)
f5ae0000 f5ae40e0   raspti   raspti.sys   Fri Oct 08 15:45:10 1999 (37FE57D6)
f5ae8000 f5aef000   VNSCOAX  VNSCOAX.SYS  Thu Mar 18 16:38:25 1999 (36F17251)
f5b08000 f5b0ef40   aw_host5 aw_host5.sys Wed Mar 08 01:51:21 2000 (38C5F869)
f5b18000 f5b1e9e0   cdrom    cdrom.sys    Wed Oct 27 18:46:36 1999 (38178EDC)
f5b28000 f5b2fc80   uhcd     uhcd.sys     Tue Oct 05 15:45:47 1999 (37FA637B)
f5b38000 f5b3cf60   USBD     USBD.SYS     Sat Oct 09 15:41:58 1999 (37FFA896)
f5b50000 f5b54800   RTL8029  RTL8029.SYS  Tue Dec 29 21:41:24 1998 (368992D4)
f5b60000 f5b65ea0   kbdclass kbdclass.sys Tue Oct 26 18:12:37 1999 (38163565)
f5b70000 f5b76100   parport  parport.sys  Mon Mar 06 18:42:09 2000 (38C44251)
f5b88000 f5b8f000   fdc      fdc.sys      unavailable (FFFFFFFE)
f5b98000 f5b9d400   mouclass mouclass.sys Fri Oct 01 18:33:11 1999 (37F544B7)
f5ba8000 f5baea20   EFS      EFS.SYS      Mon May 01 19:10:45 2000 (390E1D05)
f5bc0000 f5bc5000   flpydisk flpydisk.sys unavailable (FFFFFFFE)
f5be0000 f5be5240   Msfs     Msfs.SYS     Tue Oct 26 18:21:32 1999 (3816377C)
f5bf8000 f5bff960   wanarp   wanarp.sys   Sat Oct 30 17:36:06 1999 (381B72D6)
f5c10000 f5c12a20   BOOTVID  BOOTVID.DLL  Wed Nov 03 20:24:33 1999 (3820E051)
f5c14000 f5c16b80   PartMgr  PartMgr.sys  Thu Oct 14 19:59:16 1999 (38067C64)
f5c18000 f5c1b1c0   Gernuwa  Gernuwa.sys  Wed Mar 08 01:44:31 2000 (38C5F6CF)
f5c88000 f5c8a220   ndistapi ndistapi.sys Tue Oct 12 18:54:43 1999 (3803CA43)
f5c98000 f5c9be40   TDI      TDI.SYS      Tue May 09 17:51:41 2000 (3918967D)
f5c9c000 f5c9e980   awvid5   awvid5.dll   Wed Mar 08 01:47:06 2000 (38C5F76A)
f5cac000 f5caf4a0   serenum  serenum.sys  Tue Oct 19 17:36:55 1999 (380CF287)
f5ccc000 f5ccf580   vga      vga.sys      Sat Sep 25 13:37:40 1999 (37ED1674)
f5cd4000 f5cd6740   awlegacy awlegacy.sys Wed Mar 08 01:52:56 2000 (38C5F8C8)
f5ce0000 f5ce2220   IBMTwx   IBMTwx.SYS   Wed Jun 18 09:12:42 1997 (33A7ECDA)
f5d00000 f5d01c00   Diskperf Diskperf.sys Thu Sep 30 19:30:40 1999 (37F400B0)
f5d02000 f5d04000   dmload   dmload.sys   unavailable (FFFFFFFE)
f5d06000 f5d07680   RootMdm  RootMdm.sys  Sat Sep 25 13:34:56 1999 (37ED15D0)
f5d12000 f5d14000   Fs_Rec   Fs_Rec.SYS   unavailable (FFFFFFFE)
f5d1a000 f5d1be40   rasacd   rasacd.sys   Sat Sep 25 13:41:23 1999 (37ED1753)
f5d66000 f5d68000   ParVdm   ParVdm.SYS   unavailable (FFFFFFFE)
f5dc8000 f5dc8fc0   intelide intelide.sys Mon Mar 06 18:27:54 2000 (38C43EFA)
f5dc9000 f5dc9f80   WMILIB   WMILIB.SYS   Sat Sep 25 13:36:47 1999 (37ED163F)
f5dcb000 f5dcba40   audstub  audstub.sys  Sat Sep 25 13:35:33 1999 (37ED15F5)
f5dcc000 f5dccd80   swenum   swenum.sys   Sat Sep 25 13:36:31 1999 (37ED162F)
f5dce000 f5dcf000   Null     Null.SYS     unavailable (FFFFFFFE)
f5dcf000 f5dcfee0   Beep     Beep.SYS     Wed Oct 20 17:18:59 1999 (380E3FD3)
f5dd0000 f5dd0f80   mnmdd    mnmdd.SYS    Sat Sep 25 13:37:40 1999 (37ED1674)
f5dd2000 f5dd2f80   dump_WMILIB dump_WMILIB.SYS Sat Sep 25 13:36:47 1999 (37ED163F)
f5dd3000 f5dd4000   AWDDI    AWDDI.DLL    unavailable (FFFFFFFE)
fb474000 fb4891e0   Mup      Mup.sys      Thu Mar 16 19:36:05 2000 (38D17DF5)
fb48a000 fb4b1b80   NDIS     NDIS.sys     Wed May 10 14:08:03 2000 (3919B393)
fb4b2000 fb533ae0   Ntfs     Ntfs.sys     Wed May 10 14:09:14 2000 (3919B3DA)
fb534000 fb544ba0   KSecDD   KSecDD.sys   Tue May 09 17:26:55 2000 (391890AF)
fb545000 fb556fc0   Dfs      Dfs.sys      Tue Nov 30 19:23:01 1999 (38446A65)
fb557000 fb56bb40   atapi    atapi.sys    Fri Mar 03 19:33:40 2000 (38C059E4)
fb56c000 fb58d620   dmio     dmio.sys     Mon Jun 12 17:56:18 2000 (39456A92)
fb58e000 fb5aa0c0   ftdisk   ftdisk.sys   Mon Nov 22 14:36:23 1999 (38399B37)

Unloaded modules:
f4679000 f46fa000   NavEx15.Sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f4997000 f49a7000   NAVENG.Sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f5880000 f5889000   elnk3.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f546a000 f547f000   VGA.dll
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f5c94000 f5c97000   awvid5.dll
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f5960000 f5969000   redbook.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f5bd0000 f5bd5000   Cdaudio.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
f5cc4000 f5cc7000   Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000

George
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12767223
If you want to learn more windbg, you should take full dump. The minidump only support several basic commands because miniudmp only have the stack trace, registers at time of crash and driver information.
0
 

Author Comment

by:George46227
ID: 12768599
12/7/04
4:35pm

Thanks - I will try to change my setup for full dump. I assume it is more helpful when trying to solve the BSOD problem?

George
0
 

Author Comment

by:George46227
ID: 12773489
12/8/04
8:55am

Has anyone used Dumpchk.exe from the w2k support tools? I have looked at article Q156280. If anyone has used it and has any advice I would appreciate hearing about your ideas.

Here are a couple of samples using different command parameters:

SAMPLE#1:
F:\W2000 Support Tools>dumpchk.exe -e -y K:\Symbols2K -b c:\winnt\system32 "C:\W
INNT\Minidump\Mini080700-01.dmp"
****************************************************************
**
** Windows 2000 Crash Dump Analysis
**
****************************************************************
*
Filename . . . . . . .C:\WINNT\Minidump\Mini080700-01.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2195
DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0x81641000
PsLoadedModuleList . .0x8046b618
PsActiveProcessHead. .0x8046b980
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x000000b8
BugCheckParameter1 . .0x00000000
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x8042bc79


**** could not load kernel debugger extenion dll [ kdextx86.dll ]

****************************************************************
** Symbol File Load Log
****************************************************************

Module            CheckSum
 ntoskrnl.exe     001AC8B7
 hal.dll          0001A586
 BOOTVID.DLL      0000D8A2
 pci.sys          000154E3
 isapnp.sys       00015782
 intelide.sys     00003B0A
 PCIIDEX.SYS      0000BAFB
 MountMgr.sys     0000E831
 ftdisk.sys       0002B963
 Diskperf.sys     0000EEF0
 WMILIB.SYS       00008BFD
 dmload.sys       00009F6D
 dmio.sys         00030F8E
 PartMgr.sys      0000742C
 atapi.sys        0001AD3F
 disk.sys         00011FE4
 CLASSPNP.SYS     0000A231
 Dfs.sys          0001F6D8
 KSecDD.sys       00015D45
 Ntfs.sys         0008D38D
 NDIS.sys         000373FE
 Gernuwa.sys      00006A6E
 Mup.sys          0001F266
 agp440.sys       00009757
 audstub.sys      00008EF7
 RootMdm.sys      00008E55
 Modem.SYS        00016F4A
 rasl2tp.sys      00010DAC
 ndistapi.sys     0000E062
 ndiswan.sys      000240F1
 TDI.SYS          0001329D
 raspptp.sys      0000E275
 ptilink.sys      0000F2BE
 raspti.sys       0000FED0
 wlbs.sys         00011E18
 parallel.sys     00016AD6
 VIDEOPRT.SYS     0001A5D2
 s3mt3d.sys       0000B3F3
 aw_host5.sys     00009E33
 cdrom.sys        00009F9F
 USBD.SYS         00005465
 uhcd.sys         00010217
 el90xbc5.sys     00010A56
 RTL8029.SYS      000065A8
 ks.sys           0001D383
 swenum.sys       00004A92
 update.sys       000209D8
 i8042prt.sys     0000C15A
 kbdclass.sys     0000E259
 parport.sys      0000EEDD
 serial.sys       00011703
 serenum.sys      0001105E
 fdc.sys          0001553C
 mouclass.sys     00007E78
 NDProxy.SYS      000121C3
 EFS.SYS          0000AA63
 usbhub.sys       0000AEF8
 flpydisk.sys     0000F1A2
 Fs_Rec.SYS       0000AB4C
 Null.SYS         000023CE
 Beep.SYS         0000C54F
 vga.sys          0001047D
 awlegacy.sys     0000FE3E
 mnmdd.SYS        0000F6C2
 Msfs.SYS         0000E5FA
 Npfs.SYS         00017E60
 rasacd.sys       0000F369
 tcpip.sys        00056824
 msgpc.sys        00017874
 wanarp.sys       00009122
 netbt.sys        000282D2
 netbios.sys      0000B5C1
 IBMTwx.SYS       0000FB4D
**** Error: overlapping image conflict. Invalid dump file.
 IBMTwxSN.SYS     0000EB29
 rdbss.sys        0002C2A9
 mrxsmb.sys       00069EB4
 dlc.sys          0001C7E7
 Fastfat.SYS      0002D073
 dump_WMILIB.SYS  00008BFD
 dump_atapi.sys   0001AD3F
**** Error Loading Image
Module: win32k.sys
  Image File: None
  Debug File: None
  CheckSum: 1B02D1
  Error: Incorrect Image File

 AWDDI.DLL        0000AAB5
 s3mt3d.DLL       000506EC
 awvid5.dll       00004E80
 nbf.sys          0001974F
 afd.sys          0002CE34
 vsdatant.sys     00025DD3
 ParVdm.SYS       0000770B
 VNSCOAX.SYS      0000C42B
 srv.sys          0003ABEE
 Cdfs.SYS         0001296D
 spud.sys         000036A0
 SYMEVENT.SYS     00018D6C
 ipsec.sys        00022649
**** Error Loading Image
Module: NAVENG.Sys
  Image File: None
  Debug File: None
  CheckSum: 12F18
  Error: Could not find image

**** Error Loading Image
Module: NavEx15.Sys
  Image File: None
  Debug File: None
  CheckSum: 95EB2
  Error: Could not find image

 navap.sys        00033340
 ATMFD.DLL        0004F552
 DgiVecp.sys      000109D9

****************************************************************
** drivers
****************************************************************

 Base     Size     CheckSum Image Name
 80400000 0019fa80 001ac8b7 ntoskrnl.exe
 80062000 00017440 0001a586 hal.dll
 f5c10000 00002a20 0000d8a2 BOOTVID.DLL
 f5800000 0000e440 000154e3 pci.sys
 f5810000 0000b580 00015782 isapnp.sys
 f5dc8000 00000fc0 00003b0a intelide.sys
 f5a80000 000054a0 0000bafb PCIIDEX.SYS
 f5a88000 00007180 0000e831 MountMgr.sys
 fb58e000 0001c0c0 0002b963 ftdisk.sys
 f5d00000 00001c00 0000eef0 Diskperf.sys
 f5dc9000 00000f80 00008bfd WMILIB.SYS
 f5d02000 00000000 00009f6d dmload.sys
 fb56c000 00021620 00030f8e dmio.sys
 f5c14000 00002b80 0000742c PartMgr.sys
 fb557000 00014b40 0001ad3f atapi.sys
 f5a90000 00006a60 00011fe4 disk.sys
 f5820000 00008260 0000a231 CLASSPNP.SYS
 fb545000 00011fc0 0001f6d8 Dfs.sys
 fb534000 00010ba0 00015d45 KSecDD.sys
 fb4b2000 00081ae0 0008d38d Ntfs.sys
 fb48a000 00027b80 000373fe NDIS.sys
 f5c18000 000031c0 00006a6e Gernuwa.sys
 fb474000 000151e0 0001f266 Mup.sys
 f5a98000 00004fa0 00009757 agp440.sys
 f5dcb000 00000a40 00008ef7 audstub.sys
 f5d06000 00001680 00008e55 RootMdm.sys
 f5b20000 00006f20 00016f4a Modem.SYS
 f5850000 0000c560 00010dac rasl2tp.sys
 f5c88000 00002220 0000e062 ndistapi.sys
 f57c9000 00016180 000240f1 ndiswan.sys
 f5c98000 00003e40 0001329d TDI.SYS
 f5860000 0000b9e0 0000e275 raspptp.sys
 f5b68000 000043e0 0000f2be ptilink.sys
 f5b78000 000040e0 0000fed0 raspti.sys
 f5870000 0000fb20 00011e18 wlbs.sys
 f5890000 0000e9e0 00016ad6 parallel.sys
 f58b0000 0000c420 0001a5d2 VIDEOPRT.SYS
 f58a0000 00009f20 0000b3f3 s3mt3d.sys
 f5bd8000 00006f40 00009e33 aw_host5.sys
 f5bf0000 000069e0 00009f9f cdrom.sys
 f5aa0000 00004f60 00005465 USBD.SYS
 f5c00000 00007c80 00010217 uhcd.sys
 f58c0000 0000f000 00010a56 el90xbc5.sys
 f5ad0000 00004800 000065a8 RTL8029.SYS
 f5785000 0001bb00 0001d383 ks.sys
 f5dcc000 00000d80 00004a92 swenum.sys
 f576b000 00019960 000209d8 update.sys
 f58d0000 0000b0a0 0000c15a i8042prt.sys
 f5b18000 00005ea0 0000e259 kbdclass.sys
 f5b30000 00006100 0000eedd parport.sys
 f58e0000 0000f2e0 00011703 serial.sys
 f5cb0000 000034a0 0001105e serenum.sys
 f5b50000 00000000 0001553c fdc.sys
 f5b60000 00005400 00007e78 mouclass.sys
 f58f0000 00009ce0 000121c3 NDProxy.SYS
 f5b88000 00006a20 0000aa63 EFS.SYS
 f5910000 00009bc0 0000aef8 usbhub.sys
 f5ba0000 00004a80 0000f1a2 flpydisk.sys
 f5d12000 00001bc0 0000ab4c Fs_Rec.SYS
 f5dce000 00000000 000023ce Null.SYS
 f5dcf000 00000ee0 0000c54f Beep.SYS
 f5cd0000 00003580 0001047d vga.sys
 f5cd8000 00002740 0000fe3e awlegacy.sys
 f5dd0000 00000f80 0000f6c2 mnmdd.SYS
 f5bc0000 00005240 0000e5fa Msfs.SYS
 f5940000 00008fa0 00017e60 Npfs.SYS
 f5d1a000 00001e40 0000f369 rasacd.sys
 f56cc000 0004e1a0 00056824 tcpip.sys
 f5950000 000086e0 00017874 msgpc.sys
 f5af0000 00007960 00009122 wanarp.sys
 f55e0000 00023120 000282d2 netbt.sys
 f5960000 000081a0 0000b5c1 netbios.sys
 f5ce4000 00002220 0000fb4d IBMTwx.SYS
 f55cb000 00015000 0000f704 IBMTwxNM.SYS
 f55b9000 00012000 0000eb29 IBMTwxSN.SYS
 f5597000 000213e0 0002c2a9 rdbss.sys
 f5527000 0005d060 00069eb4 mrxsmb.sys
 f5980000 0000d9e0 0001c7e7 dlc.sys
 f5504000 000222e0 0002d073 Fastfat.SYS
 f5dd2000 00000f80 00008bfd dump_WMILIB.SYS
 f54ef000 00014b40 0001ad3f dump_atapi.sys
 a0000000 001a5e60 001b02d1 win32k.sys
 f5dd3000 00000000 0000aab5 AWDDI.DLL
 f547f000 00047940 000506ec s3mt3d.DLL
 f54e3000 00002980 00004e80 awvid5.dll
 f4f4e000 00018e00 0001974f nbf.sys
 f4f30000 0001db40 0002ce34 afd.sys
 f4f1a000 00015a40 00025dd3 vsdatant.sys
 f5d16000 00000000 0000770b ParVdm.SYS
 f5ac0000 00007000 0000c42b VNSCOAX.SYS
 f4dc7000 0003a740 0003abee srv.sys
 f4b37000 0000ed80 0001296d Cdfs.SYS
 f4997000 00002f20 000036a0 spud.sys
 f475f000 00010a60 00018d6c SYMEVENT.SYS
 f474a000 00014be0 00022649 ipsec.sys
 f497f000 0000f400 00012f18 NAVENG.Sys
 f4691000 00090dc0 00095eb2 NavEx15.Sys
 f4669000 000279a0 00033340 navap.sys
 f3fe2000 00000000 0004f552 ATMFD.DLL
 f3192000 0000e000 000109d9 DgiVecp.sys

****************************************************************
** Process
****************************************************************

PROCESS: SessionId: 0  Cid: 0000    Peb: 00000000  ParentCid: 0000
    DirBase: 00030000  ObjectTable: 8163b588  TableSize:   0.
    Image: Idle
    VadRoot 0 Clone 0 Private 0. Modified 2. Locked 0.
    DeviceMap 0
    Process Lock Owned by Thread 0
    Token                             e1001790
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (4, 50, 450) (16KB, 200KB, 1800KB)
    PeakWorkingSetSize                4
    VirtualSize                       0 Mb
    PeakVirtualSize                   0 Mb
    PageFaultCount                    1
    MemoryPriority                    BACKGROUND
    BasePriority                      0
    CommitCharge                      0


****************************************************************
** Thread
****************************************************************

THREAD Cid 0.0  Teb: 00000000  Win32Thread: 00000000 RUNNING
Owning Process 8046d160
WaitTime (seconds)      60685820
Context Switch Count    63201895
Start Address 0x00000000
Stack Init 80471640 Current 80471390 Base 80471640 Limit 8046e640 Call 0
Priority 16 BasePriority 0 PriorityDecrement 0 DecrementCount 0


****************************************************************
** Register Dump For Processor #0
****************************************************************

eax=ffdff13c ebx=000000b8 ecx=ffffffff edx=8046d3f0 esi=8046d3f0 edi=8046d3f0
eip=8042bc79 esp=80471064 ebp=804710c0 iopl=0         nv up di pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
cr0=8001003b cr2=00153aa5 cr3=00030000 dr0=00000000 dr1=00000000 dr2=00000000
dr3=00000000 dr6=ffff0ff0 dr7=00000400 cr4=000002d1
gdtr=80036000   gdtl=03ff idtr=80036400   idtl=07ff tr=0028  ldtr=0000


****************************************************************
** Stack Trace
****************************************************************

ChildEBP RetAddr  Args to Child
804710c0 00000000 00000000 00000000 00000000 ntoskrnl!KeBugCheck+0xf

============================================================================================================

SAMPLE#2.
F:\W2000 Support Tools>dumpchk.exe -v -y K:\Symbols2K -b c:\winnt\system32 "C:\W
INNT\Minidump\Mini080700-01.dmp"
****************************************************************
**
** Windows 2000 Crash Dump Analysis
**
****************************************************************
*
Filename . . . . . . .C:\WINNT\Minidump\Mini080700-01.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2195
DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0x81641000
PsLoadedModuleList . .0x8046b618
PsActiveProcessHead. .0x8046b980
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x000000b8
BugCheckParameter1 . .0x00000000
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x8042bc79


Module ntoskrnl.exe loaded at 0x80400000
Module hal.dll loaded at 0x80062000
Module BOOTVID.DLL loaded at 0xf5c10000
Module pci.sys loaded at 0xf5800000
Module isapnp.sys loaded at 0xf5810000
Module intelide.sys loaded at 0xf5dc8000
Module PCIIDEX.SYS loaded at 0xf5a80000
Module MountMgr.sys loaded at 0xf5a88000
Module ftdisk.sys loaded at 0xfb58e000
Module Diskperf.sys loaded at 0xf5d00000
Module WMILIB.SYS loaded at 0xf5dc9000
Module dmload.sys loaded at 0xf5d02000
Module dmio.sys loaded at 0xfb56c000
Module PartMgr.sys loaded at 0xf5c14000
Module atapi.sys loaded at 0xfb557000
Module disk.sys loaded at 0xf5a90000
Module CLASSPNP.SYS loaded at 0xf5820000
Module Dfs.sys loaded at 0xfb545000
Module KSecDD.sys loaded at 0xfb534000
Module Ntfs.sys loaded at 0xfb4b2000
Module NDIS.sys loaded at 0xfb48a000
Module Gernuwa.sys loaded at 0xf5c18000
Module Mup.sys loaded at 0xfb474000
Module agp440.sys loaded at 0xf5a98000
Module audstub.sys loaded at 0xf5dcb000
Module RootMdm.sys loaded at 0xf5d06000
Module Modem.SYS loaded at 0xf5b20000
Module rasl2tp.sys loaded at 0xf5850000
Module ndistapi.sys loaded at 0xf5c88000
Module ndiswan.sys loaded at 0xf57c9000
Module TDI.SYS loaded at 0xf5c98000
Module raspptp.sys loaded at 0xf5860000
Module ptilink.sys loaded at 0xf5b68000
Module raspti.sys loaded at 0xf5b78000
Module wlbs.sys loaded at 0xf5870000
Module parallel.sys loaded at 0xf5890000
Module VIDEOPRT.SYS loaded at 0xf58b0000
Module s3mt3d.sys loaded at 0xf58a0000
Module aw_host5.sys loaded at 0xf5bd8000
Module cdrom.sys loaded at 0xf5bf0000
Module USBD.SYS loaded at 0xf5aa0000
Module uhcd.sys loaded at 0xf5c00000
Module el90xbc5.sys loaded at 0xf58c0000
Module RTL8029.SYS loaded at 0xf5ad0000
Module ks.sys loaded at 0xf5785000
Module swenum.sys loaded at 0xf5dcc000
Module update.sys loaded at 0xf576b000
Module i8042prt.sys loaded at 0xf58d0000
Module kbdclass.sys loaded at 0xf5b18000
Module parport.sys loaded at 0xf5b30000
Module serial.sys loaded at 0xf58e0000
Module serenum.sys loaded at 0xf5cb0000
Module fdc.sys loaded at 0xf5b50000
Module mouclass.sys loaded at 0xf5b60000
Module NDProxy.SYS loaded at 0xf58f0000
Module EFS.SYS loaded at 0xf5b88000
Module usbhub.sys loaded at 0xf5910000
Module flpydisk.sys loaded at 0xf5ba0000
Module Fs_Rec.SYS loaded at 0xf5d12000
Module Null.SYS loaded at 0xf5dce000
Module Beep.SYS loaded at 0xf5dcf000
Module vga.sys loaded at 0xf5cd0000
Module awlegacy.sys loaded at 0xf5cd8000
Module mnmdd.SYS loaded at 0xf5dd0000
Module Msfs.SYS loaded at 0xf5bc0000
Module Npfs.SYS loaded at 0xf5940000
Module rasacd.sys loaded at 0xf5d1a000
Module tcpip.sys loaded at 0xf56cc000
Module msgpc.sys loaded at 0xf5950000
Module wanarp.sys loaded at 0xf5af0000
Module netbt.sys loaded at 0xf55e0000
Module netbios.sys loaded at 0xf5960000
Module IBMTwx.SYS loaded at 0xf5ce4000
Module IBMTwxNM.SYS loaded at 0xf55cb000
Module IBMTwxSN.SYS loaded at 0xf55b9000
Module rdbss.sys loaded at 0xf5597000
Module mrxsmb.sys loaded at 0xf5527000
Module dlc.sys loaded at 0xf5980000
Module Fastfat.SYS loaded at 0xf5504000
Module dump_WMILIB.SYS loaded at 0xf5dd2000
Module dump_atapi.sys loaded at 0xf54ef000
Module win32k.sys loaded at 0xa0000000
Module AWDDI.DLL loaded at 0xf5dd3000
Module s3mt3d.DLL loaded at 0xf547f000
Module awvid5.dll loaded at 0xf54e3000
Module nbf.sys loaded at 0xf4f4e000
Module afd.sys loaded at 0xf4f30000
Module vsdatant.sys loaded at 0xf4f1a000
Module ParVdm.SYS loaded at 0xf5d16000
Module VNSCOAX.SYS loaded at 0xf5ac0000
Module srv.sys loaded at 0xf4dc7000
Module Cdfs.SYS loaded at 0xf4b37000
Module spud.sys loaded at 0xf4997000
Module SYMEVENT.SYS loaded at 0xf475f000
Module ipsec.sys loaded at 0xf474a000
Module NAVENG.Sys loaded at 0xf497f000
Module NavEx15.Sys loaded at 0xf4691000
Module navap.sys loaded at 0xf4669000
Module ATMFD.DLL loaded at 0xf3fe2000
Module DgiVecp.sys loaded at 0xf3192000

Thanks
George
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12773612
I think your problem is related to zonealarm. Upgrade zonealarm may resolve the problem. You had better open a new question to ask for expert's experience how to use dumpcheck and windbg. Otherwise this question will never be closed.
0
 
LVL 20

Expert Comment

by:cpc2004
ID: 12773762
Don't invest time to learn dumpcheck as windbg is much better and powerful debugging tool. It's on-line help is excellent.
0
 

Author Comment

by:George46227
ID: 12853734
12/17/04
3:30pm

Sorry it's been a while since posting, sidetracked on another issue. I have turned off ZoneAlarm and am going to try using Linksys NAT router as a "firewall". We'll see what happens with the BSOD's.

All previous help appreciated, especially Debsyl99 and cpc2004.

George
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This week I attended a Startup Week Chattanooga talk on Gender Diversity in Technology. Check out what I learned.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question