Solved

Blue Screen without a minidump

Posted on 2008-10-06
6
1,965 Views
Last Modified: 2012-06-22
Our file server blue screened last Friday.  

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0xbf89d693, 0xaf645b3c, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1005
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
Unable to produce a minidump file from the full dump file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

There is a MEMORY.DMP in C:\WINDOWS.

Is there an easy way to read MEMORY.DMP?
0
Comment
Question by:lrkwalkers
6 Comments
 
LVL 5

Expert Comment

by:chops_uk
ID: 22648459
0
 
LVL 4

Accepted Solution

by:
placebo69a earned 450 total points
ID: 22648461
Hi there!
First off, you should know that figuring out what caused a crash from a memory dump is a dip into forensics and can take a lot of effort. Most people prefer to let microsoft do the dirty work for them but usually that takes a very long time and sometimes yields no result. If you are resigned to analyse the minidump yourself here's how you get started:
First of all, get microsoft's debugging tools right here. Install these on your system.
Once you have downloaded and installed these tools, go to start, all programs, Debugging Tools For Windows, Windbg. Once you open Windbg, you will presented with a blank screen. Click on File, Symbol File Path. Here you will enter the symbols path. Symbols are needed to effectively debug. Don't have symbols? Get them right here.
Enter in this path and click OK. Now, go to File, Save Workspace so that your symbols path is saved for future use. Now what you want to do is locate your memory dumps. They are usually located in %systemroot%/minidump (in my case C:/windows/minidump).

If you notice, they are usually named the date, and then a -*number* to indicate the order of minidumps that day. My example is called Mini061904-01.dmp (it happened today).

Inside of Windbg, go to File, Open Crash Dump and load the file. You will get a message to save base workspace information. Choose no.

Now you will get a debugging screen. Now it takes a little bit to run it, as the symbols have to be downloaded as they are needed.

Example: BugCheck 86427532, {1db, 2, 3, b} <--This is your stop code
The information following the bugcheck number and codes usually helps narrow down the cause of the crash, naming a file or object as the probable cause.
Use !analyze -v to get detailed debugging information on the file or object which caused the crash. The DEFAULT_BUCKET_ID in this detailed debugging information is the error header and the information immediately following it is the detailed memory stack operations before and after the crash.
Happy hunting! :)


0
 

Author Comment

by:lrkwalkers
ID: 22648466
I'll try dump check tomorrow.

placebo - I didn't get a minidump.  Can I use the same tools on the memory.dmp?
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 50 total points
ID: 22648538
Hi,

In simple terms-
1). Download the debugging tool called 'windbg'
2). Click on File, specify the File path (c:\windows\minidump)
3). Select an option for Open File Dump, Map the Dump File
4). This will take a while to diplay information.
Once it's done you'll be fine debugging the information.

Cheers!
0
 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 50 total points
ID: 22648556
Hi,

Here is an URL address to download the Debugging tool from windows. Hope this helps...

http://www.microsoft.com/whdc/devtools/debugging/installx86.Mspx

Cheers!
0
 
LVL 4

Expert Comment

by:placebo69a
ID: 22675152
Yes, you can use the same tools on the larger dump. It just takes a longer time to process all those gigs of data so you need to be patient.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now