hmcnasty
asked on
How to view .dmp files in a debugger
I have a client that is getting blue screen after blue screen on his Vista machine. He sent me the .dmp file so I can look at the problem but I'm having trouble opening it. I down loaded the MS dubugger program but when I try to open the file I get an error:
Can not create process
"C:\users\wwingate\Desktop
%1 is not a valid Win32 application.
Can anyone help me with this?
W
Can not create process
"C:\users\wwingate\Desktop
%1 is not a valid Win32 application.
Can anyone help me with this?
W
ASKER
I downloaded the latest. Most recent.
w
w
Are you running windbg explicitely as administrator (right click the exe or shortcut - run as administrator)?
Is the .dmp from a 64 bit OS?
Is the .dmp from a 64 bit OS?
ASKER
OK. I tried that. Then I went to open source file and selected the file. It comes up looking like wingdings font.
W
W
I am not familiar with the new windbg 6.x - is there still the menu file - "open crash dump"? Did you do that?
ASKER
Yeah that's what I did first. I got this:
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\wwingate\Desktop
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
**************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
**************************
Executable search path is:
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
Unable to load image \SystemRoot\system32\ntkrn
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Fri Nov 30 18:20:19.721 2007 (GMT-5)
System Uptime: 0 days 4:51:26.131
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
Unable to load image \SystemRoot\system32\ntkrn
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
.......
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {8000000d, 0, 81cb1504, 0}
*** WARNING: Unable to verify timestamp for mxopswd.sys
*** ERROR: Module load completed but symbols could not be loaded for mxopswd.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
Probably caused by : mxopswd.sys ( mxopswd+23c9 )
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\wwingate\Desktop
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
**************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
**************************
Executable search path is:
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
Unable to load image \SystemRoot\system32\ntkrn
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Fri Nov 30 18:20:19.721 2007 (GMT-5)
System Uptime: 0 days 4:51:26.131
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
Unable to load image \SystemRoot\system32\ntkrn
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
..........................
Loading User Symbols
Loading unloaded module list
.......
**************************
* *
* Bugcheck Analysis *
* *
**************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {8000000d, 0, 81cb1504, 0}
*** WARNING: Unable to verify timestamp for mxopswd.sys
*** ERROR: Module load completed but symbols could not be loaded for mxopswd.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
**************************
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
**************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
**************************
Probably caused by : mxopswd.sys ( mxopswd+23c9 )
Followup: MachineOwner
---------
I don't see wingdings-characters
ASKER
I know . I did it a different way the first time adn I got those. This is what I get now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was using the open file icon and then openning it from there. That's when I got the wingdings. Then I used the open crash dump. is there a problem with this though. It doesn't look like it's showing the error it keeps showing :
Symbols can not be loaded because symbol path is not initialized.
Symbols can not be loaded because symbol path is not initialized.
http://forums.majorgeeks.com/showthread.php?t=35246 talks about that, too.
ASKER
Awsome! I figured it out with your help. It was a Maxtor 1 touch causing the problem.
Thank you sir.
W
Thank you sir.
W
Congratulations!
http://www.microsoft.com/whdc/devtools/debugging/whatsnew.mspx should be vista compatible