• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

Decoding debugged dump file

Hi Experts.  I installed the MS Debugging tool and the related symbol pack for XP SP2.  I used the GUI and loaded up the dmp file that I have but can't determine what the heck I am looking at or for.  Please help me decode this and offer "constructive" critism so that I can learn from this.  

Thanks Experts!
Debugged.Dump.File.txt
0
samiam41
Asked:
samiam41
3 Solutions
 
orangutangCommented:
I'm not sure what you're asking and I haven't really worked with dmp files but I'm guessing you can just look after "Probably caused by". Maybe check here:
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21704501.html
0
 
tenaj-207Commented:
The main things to get from a dump is the portion labeled, "Problem caused by..." In this case - ndis.sys.  Ndis.sys is your network driver.  You should update your NIC driver to the latest version, or if you recently did that then roll it back to the previous version.  If neither of those work then you could try running a repair on the OS, or disabling the NIC in the BIOS, or removing if it's a separate card, and installing a new one.  Here's a link to another person with a similar problem.

http://forums.techguy.org/windows-nt-2000-xp/570116-solved-ndis-sys-error.html

Good luck and I hope that helps.
-tenaj
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
nobusCommented:
you can always google all terms : http://www.file.net/process/ndis.sys.html
0
 
samiam41Author Commented:
Thanks for the help.  

I saw the portion labeled "Probably caused by" and the NDIS.sys file but hated to assume that was all that could be attained from reading the dump file or jump right on the NDIS.sys and begin solving that if there was something else in play.  I wanted to hear from Experts on how to read and what to take from these dump files.  Thanks for your time and help.

I did google NDIS.sys and saw it related to the network card and I will continue to focus on that.

I am awarding points now.



*** WARNING: Unable to verify timestamp for NDIS.sys
Probably caused by : NDIS.sys ( NDIS!ndisWorkerThread+4b )
 
Followup: MachineOwner
---------
 
1: kd> g
       ^ No runnable debuggees error in 'g'
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: ff9d9da5, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805505a1, address which referenced memory
 
Debugging Details:
------------------
 
 
BUGCHECK_STR:  0xC5_2
 
CURRENT_IRQL:  2
 
FAULTING_IP: 
nt!KiDoubleFaultStack+2a21
805505a1 894804          mov     dword ptr [eax+4],ecx
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
PROCESS_NAME:  System
 
LAST_CONTROL_TRANSFER:  from 8056c4ab to 805505a1
 
STACK_TEXT:  
f7916b98 8056c4ab 00000000 00000001 e5726854 nt!KiDoubleFaultStack+0x2a21
f7916bbc 8056c606 88c42cd0 00000000 00000000 nt!ObOpenObjectByPointer+0x2e
f7916bf0 80573bd0 00000000 89bfbe70 00000000 nt!NtQueryInformationProcess+0xed7
f7916d4c 805740eb f7916db4 001f03ff 00000000 nt!MmMapViewOfSection+0x153
f7916d80 f7415bd8 f7916db4 001f03ff 00000000 nt!IopGetModeInformation+0x2f
f7916dac 80574128 00000074 00000000 00000000 NDIS!ndisWorkerThread+0x4b
f7916ddc 804ec791 f7415b85 00000000 00000000 nt!NtQueryInformationFile+0x459
f7916e94 00000000 00000000 00000000 00000000 nt!MiDeleteSystemPagableVm+0x280
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
NDIS!ndisWorkerThread+4b
f7415bd8 ??              ???
 
SYMBOL_STACK_INDEX:  5
 
SYMBOL_NAME:  NDIS!ndisWorkerThread+4b
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: NDIS
 
IMAGE_NAME:  NDIS.sys
 
DEBUG_FLR_IMAGE_TIMESTAMP:  41107ec3
 
FAILURE_BUCKET_ID:  0xC5_2_NDIS!ndisWorkerThread+4b
 
BUCKET_ID:  0xC5_2_NDIS!ndisWorkerThread+4b
 
Followup: MachineOwner

Open in new window

0
 
samiam41Author Commented:
Great work experts.  After reading your posts, I know what to look for in these dump files and feel much more confident about my analisys.  Thanks everyone!

-Aaron
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now