samiam41
asked on
Decoding debugged dump file
Hi Experts. I installed the MS Debugging tool and the related symbol pack for XP SP2. I used the GUI and loaded up the dmp file that I have but can't determine what the heck I am looking at or for. Please help me decode this and offer "constructive" critism so that I can learn from this.
Thanks Experts!
Debugged.Dump.File.txt
Thanks Experts!
Debugged.Dump.File.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help.
I saw the portion labeled "Probably caused by" and the NDIS.sys file but hated to assume that was all that could be attained from reading the dump file or jump right on the NDIS.sys and begin solving that if there was something else in play. I wanted to hear from Experts on how to read and what to take from these dump files. Thanks for your time and help.
I did google NDIS.sys and saw it related to the network card and I will continue to focus on that.
I am awarding points now.
I saw the portion labeled "Probably caused by" and the NDIS.sys file but hated to assume that was all that could be attained from reading the dump file or jump right on the NDIS.sys and begin solving that if there was something else in play. I wanted to hear from Experts on how to read and what to take from these dump files. Thanks for your time and help.
I did google NDIS.sys and saw it related to the network card and I will continue to focus on that.
I am awarding points now.
*** WARNING: Unable to verify timestamp for NDIS.sys
Probably caused by : NDIS.sys ( NDIS!ndisWorkerThread+4b )
Followup: MachineOwner
---------
1: kd> g
^ No runnable debuggees error in 'g'
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: ff9d9da5, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 805505a1, address which referenced memory
Debugging Details:
------------------
BUGCHECK_STR: 0xC5_2
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiDoubleFaultStack+2a21
805505a1 894804 mov dword ptr [eax+4],ecx
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: System
LAST_CONTROL_TRANSFER: from 8056c4ab to 805505a1
STACK_TEXT:
f7916b98 8056c4ab 00000000 00000001 e5726854 nt!KiDoubleFaultStack+0x2a21
f7916bbc 8056c606 88c42cd0 00000000 00000000 nt!ObOpenObjectByPointer+0x2e
f7916bf0 80573bd0 00000000 89bfbe70 00000000 nt!NtQueryInformationProcess+0xed7
f7916d4c 805740eb f7916db4 001f03ff 00000000 nt!MmMapViewOfSection+0x153
f7916d80 f7415bd8 f7916db4 001f03ff 00000000 nt!IopGetModeInformation+0x2f
f7916dac 80574128 00000074 00000000 00000000 NDIS!ndisWorkerThread+0x4b
f7916ddc 804ec791 f7415b85 00000000 00000000 nt!NtQueryInformationFile+0x459
f7916e94 00000000 00000000 00000000 00000000 nt!MiDeleteSystemPagableVm+0x280
STACK_COMMAND: kb
FOLLOWUP_IP:
NDIS!ndisWorkerThread+4b
f7415bd8 ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: NDIS!ndisWorkerThread+4b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NDIS
IMAGE_NAME: NDIS.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 41107ec3
FAILURE_BUCKET_ID: 0xC5_2_NDIS!ndisWorkerThread+4b
BUCKET_ID: 0xC5_2_NDIS!ndisWorkerThread+4b
Followup: MachineOwner
ASKER
Great work experts. After reading your posts, I know what to look for in these dump files and feel much more confident about my analisys. Thanks everyone!
-Aaron
-Aaron
https://www.experts-exchange.com/questions/21704501/Keep-getting-BSOD-I've-tried-everything-I-can-think-of.html