Blue Screen without a minidump

Our file server blue screened last Friday.  

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0xbf89d693, 0xaf645b3c, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1005
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
Unable to produce a minidump file from the full dump file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

There is a MEMORY.DMP in C:\WINDOWS.

Is there an easy way to read MEMORY.DMP?
lrkwalkersAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
placebo69aConnect With a Mentor Commented:
Hi there!
First off, you should know that figuring out what caused a crash from a memory dump is a dip into forensics and can take a lot of effort. Most people prefer to let microsoft do the dirty work for them but usually that takes a very long time and sometimes yields no result. If you are resigned to analyse the minidump yourself here's how you get started:
First of all, get microsoft's debugging tools right here. Install these on your system.
Once you have downloaded and installed these tools, go to start, all programs, Debugging Tools For Windows, Windbg. Once you open Windbg, you will presented with a blank screen. Click on File, Symbol File Path. Here you will enter the symbols path. Symbols are needed to effectively debug. Don't have symbols? Get them right here.
Enter in this path and click OK. Now, go to File, Save Workspace so that your symbols path is saved for future use. Now what you want to do is locate your memory dumps. They are usually located in %systemroot%/minidump (in my case C:/windows/minidump).

If you notice, they are usually named the date, and then a -*number* to indicate the order of minidumps that day. My example is called Mini061904-01.dmp (it happened today).

Inside of Windbg, go to File, Open Crash Dump and load the file. You will get a message to save base workspace information. Choose no.

Now you will get a debugging screen. Now it takes a little bit to run it, as the symbols have to be downloaded as they are needed.

Example: BugCheck 86427532, {1db, 2, 3, b} <--This is your stop code
The information following the bugcheck number and codes usually helps narrow down the cause of the crash, naming a file or object as the probable cause.
Use !analyze -v to get detailed debugging information on the file or object which caused the crash. The DEFAULT_BUCKET_ID in this detailed debugging information is the error header and the information immediately following it is the detailed memory stack operations before and after the crash.
Happy hunting! :)


0
 
chops_ukCommented:
0
 
lrkwalkersAuthor Commented:
I'll try dump check tomorrow.

placebo - I didn't get a minidump.  Can I use the same tools on the memory.dmp?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ashexpert4uConnect With a Mentor Commented:
Hi,

In simple terms-
1). Download the debugging tool called 'windbg'
2). Click on File, specify the File path (c:\windows\minidump)
3). Select an option for Open File Dump, Map the Dump File
4). This will take a while to diplay information.
Once it's done you'll be fine debugging the information.

Cheers!
0
 
ashexpert4uConnect With a Mentor Commented:
Hi,

Here is an URL address to download the Debugging tool from windows. Hope this helps...

http://www.microsoft.com/whdc/devtools/debugging/installx86.Mspx

Cheers!
0
 
placebo69aCommented:
Yes, you can use the same tools on the larger dump. It just takes a longer time to process all those gigs of data so you need to be patient.
0
All Courses

From novice to tech pro — start learning today.