Decoding debugged dump file

Posted on 2008-11-10
Last Modified: 2012-05-05
Hi Experts.  I installed the MS Debugging tool and the related symbol pack for XP SP2.  I used the GUI and loaded up the dmp file that I have but can't determine what the heck I am looking at or for.  Please help me decode this and offer "constructive" critism so that I can learn from this.  

Thanks Experts!
Question by:samiam41
    LVL 22

    Expert Comment

    I'm not sure what you're asking and I haven't really worked with dmp files but I'm guessing you can just look after "Probably caused by". Maybe check here:
    LVL 15

    Accepted Solution

    The main things to get from a dump is the portion labeled, "Problem caused by..." In this case - ndis.sys.  Ndis.sys is your network driver.  You should update your NIC driver to the latest version, or if you recently did that then roll it back to the previous version.  If neither of those work then you could try running a repair on the OS, or disabling the NIC in the BIOS, or removing if it's a separate card, and installing a new one.  Here's a link to another person with a similar problem.

    Good luck and I hope that helps.
    LVL 22

    Assisted Solution

    LVL 91

    Assisted Solution

    you can always google all terms :
    LVL 9

    Author Comment

    Thanks for the help.  

    I saw the portion labeled "Probably caused by" and the NDIS.sys file but hated to assume that was all that could be attained from reading the dump file or jump right on the NDIS.sys and begin solving that if there was something else in play.  I wanted to hear from Experts on how to read and what to take from these dump files.  Thanks for your time and help.

    I did google NDIS.sys and saw it related to the network card and I will continue to focus on that.

    I am awarding points now.

    *** WARNING: Unable to verify timestamp for NDIS.sys
    Probably caused by : NDIS.sys ( NDIS!ndisWorkerThread+4b )
    Followup: MachineOwner
    1: kd> g
           ^ No runnable debuggees error in 'g'
    1: kd> !analyze -v
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is
    caused by drivers that have corrupted the system pool.  Run the driver
    verifier against any new (or suspect) drivers, and if that doesn't turn up
    the culprit, then use gflags to enable special pool.
    Arg1: ff9d9da5, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000001, value 0 = read operation, 1 = write operation
    Arg4: 805505a1, address which referenced memory
    Debugging Details:
    BUGCHECK_STR:  0xC5_2
    805505a1 894804          mov     dword ptr [eax+4],ecx
    PROCESS_NAME:  System
    LAST_CONTROL_TRANSFER:  from 8056c4ab to 805505a1
    f7916b98 8056c4ab 00000000 00000001 e5726854 nt!KiDoubleFaultStack+0x2a21
    f7916bbc 8056c606 88c42cd0 00000000 00000000 nt!ObOpenObjectByPointer+0x2e
    f7916bf0 80573bd0 00000000 89bfbe70 00000000 nt!NtQueryInformationProcess+0xed7
    f7916d4c 805740eb f7916db4 001f03ff 00000000 nt!MmMapViewOfSection+0x153
    f7916d80 f7415bd8 f7916db4 001f03ff 00000000 nt!IopGetModeInformation+0x2f
    f7916dac 80574128 00000074 00000000 00000000 NDIS!ndisWorkerThread+0x4b
    f7916ddc 804ec791 f7415b85 00000000 00000000 nt!NtQueryInformationFile+0x459
    f7916e94 00000000 00000000 00000000 00000000 nt!MiDeleteSystemPagableVm+0x280
    f7415bd8 ??              ???
    SYMBOL_NAME:  NDIS!ndisWorkerThread+4b
    FOLLOWUP_NAME:  MachineOwner
    FAILURE_BUCKET_ID:  0xC5_2_NDIS!ndisWorkerThread+4b
    BUCKET_ID:  0xC5_2_NDIS!ndisWorkerThread+4b
    Followup: MachineOwner

    Open in new window

    LVL 9

    Author Closing Comment

    Great work experts.  After reading your posts, I know what to look for in these dump files and feel much more confident about my analisys.  Thanks everyone!


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now