Solved

Blue Screen without a minidump

Posted on 2008-10-06
6
2,107 Views
Last Modified: 2012-06-22
Our file server blue screened last Friday.  

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0xbf89d693, 0xaf645b3c, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1005
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
Unable to produce a minidump file from the full dump file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

There is a MEMORY.DMP in C:\WINDOWS.

Is there an easy way to read MEMORY.DMP?
0
Comment
Question by:lrkwalkers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 5

Expert Comment

by:chops_uk
ID: 22648459
0
 
LVL 4

Accepted Solution

by:
placebo69a earned 450 total points
ID: 22648461
Hi there!
First off, you should know that figuring out what caused a crash from a memory dump is a dip into forensics and can take a lot of effort. Most people prefer to let microsoft do the dirty work for them but usually that takes a very long time and sometimes yields no result. If you are resigned to analyse the minidump yourself here's how you get started:
First of all, get microsoft's debugging tools right here. Install these on your system.
Once you have downloaded and installed these tools, go to start, all programs, Debugging Tools For Windows, Windbg. Once you open Windbg, you will presented with a blank screen. Click on File, Symbol File Path. Here you will enter the symbols path. Symbols are needed to effectively debug. Don't have symbols? Get them right here.
Enter in this path and click OK. Now, go to File, Save Workspace so that your symbols path is saved for future use. Now what you want to do is locate your memory dumps. They are usually located in %systemroot%/minidump (in my case C:/windows/minidump).

If you notice, they are usually named the date, and then a -*number* to indicate the order of minidumps that day. My example is called Mini061904-01.dmp (it happened today).

Inside of Windbg, go to File, Open Crash Dump and load the file. You will get a message to save base workspace information. Choose no.

Now you will get a debugging screen. Now it takes a little bit to run it, as the symbols have to be downloaded as they are needed.

Example: BugCheck 86427532, {1db, 2, 3, b} <--This is your stop code
The information following the bugcheck number and codes usually helps narrow down the cause of the crash, naming a file or object as the probable cause.
Use !analyze -v to get detailed debugging information on the file or object which caused the crash. The DEFAULT_BUCKET_ID in this detailed debugging information is the error header and the information immediately following it is the detailed memory stack operations before and after the crash.
Happy hunting! :)


0
 

Author Comment

by:lrkwalkers
ID: 22648466
I'll try dump check tomorrow.

placebo - I didn't get a minidump.  Can I use the same tools on the memory.dmp?
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 50 total points
ID: 22648538
Hi,

In simple terms-
1). Download the debugging tool called 'windbg'
2). Click on File, specify the File path (c:\windows\minidump)
3). Select an option for Open File Dump, Map the Dump File
4). This will take a while to diplay information.
Once it's done you'll be fine debugging the information.

Cheers!
0
 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 50 total points
ID: 22648556
Hi,

Here is an URL address to download the Debugging tool from windows. Hope this helps...

http://www.microsoft.com/whdc/devtools/debugging/installx86.Mspx

Cheers!
0
 
LVL 4

Expert Comment

by:placebo69a
ID: 22675152
Yes, you can use the same tools on the larger dump. It just takes a longer time to process all those gigs of data so you need to be patient.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
Determining the an SCCM package name from the Package ID
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question