Solved

Blue Screen without a minidump

Posted on 2008-10-06
6
1,995 Views
Last Modified: 2012-06-22
Our file server blue screened last Friday.  

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1001
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0xbf89d693, 0xaf645b3c, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------
Event Type:      Information
Event Source:      Save Dump
Event Category:      None
Event ID:      1005
Date:            03/10/2008
Time:            4:08:34 PM
User:            N/A
Computer:      EXCH01
Description:
Unable to produce a minidump file from the full dump file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------------------------------------------------------

There is a MEMORY.DMP in C:\WINDOWS.

Is there an easy way to read MEMORY.DMP?
0
Comment
Question by:lrkwalkers
6 Comments
 
LVL 5

Expert Comment

by:chops_uk
ID: 22648459
0
 
LVL 4

Accepted Solution

by:
placebo69a earned 450 total points
ID: 22648461
Hi there!
First off, you should know that figuring out what caused a crash from a memory dump is a dip into forensics and can take a lot of effort. Most people prefer to let microsoft do the dirty work for them but usually that takes a very long time and sometimes yields no result. If you are resigned to analyse the minidump yourself here's how you get started:
First of all, get microsoft's debugging tools right here. Install these on your system.
Once you have downloaded and installed these tools, go to start, all programs, Debugging Tools For Windows, Windbg. Once you open Windbg, you will presented with a blank screen. Click on File, Symbol File Path. Here you will enter the symbols path. Symbols are needed to effectively debug. Don't have symbols? Get them right here.
Enter in this path and click OK. Now, go to File, Save Workspace so that your symbols path is saved for future use. Now what you want to do is locate your memory dumps. They are usually located in %systemroot%/minidump (in my case C:/windows/minidump).

If you notice, they are usually named the date, and then a -*number* to indicate the order of minidumps that day. My example is called Mini061904-01.dmp (it happened today).

Inside of Windbg, go to File, Open Crash Dump and load the file. You will get a message to save base workspace information. Choose no.

Now you will get a debugging screen. Now it takes a little bit to run it, as the symbols have to be downloaded as they are needed.

Example: BugCheck 86427532, {1db, 2, 3, b} <--This is your stop code
The information following the bugcheck number and codes usually helps narrow down the cause of the crash, naming a file or object as the probable cause.
Use !analyze -v to get detailed debugging information on the file or object which caused the crash. The DEFAULT_BUCKET_ID in this detailed debugging information is the error header and the information immediately following it is the detailed memory stack operations before and after the crash.
Happy hunting! :)


0
 

Author Comment

by:lrkwalkers
ID: 22648466
I'll try dump check tomorrow.

placebo - I didn't get a minidump.  Can I use the same tools on the memory.dmp?
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 50 total points
ID: 22648538
Hi,

In simple terms-
1). Download the debugging tool called 'windbg'
2). Click on File, specify the File path (c:\windows\minidump)
3). Select an option for Open File Dump, Map the Dump File
4). This will take a while to diplay information.
Once it's done you'll be fine debugging the information.

Cheers!
0
 
LVL 1

Assisted Solution

by:ashexpert4u
ashexpert4u earned 50 total points
ID: 22648556
Hi,

Here is an URL address to download the Debugging tool from windows. Hope this helps...

http://www.microsoft.com/whdc/devtools/debugging/installx86.Mspx

Cheers!
0
 
LVL 4

Expert Comment

by:placebo69a
ID: 22675152
Yes, you can use the same tools on the larger dump. It just takes a longer time to process all those gigs of data so you need to be patient.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now