Help to analyze .dmp files

Hi
I am getting bluescreens on one of our Windows2003
I have then learned that it creates a .dmp file that can help to point me in the direction where to look for the problem

I have installed Windbg and after some back and forward I think i got it to work.

I ran an analyze to the dump file and I got some output.
My problem is that I dont understand the output very well

Can anyone help me to look through the result when running the dump file through Windbg?

I have made the result into txt file and you find it here:
http://www.dmm-support.dk/download/debug/dump_debug.txt

Kind Regards
Morten
morten444Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

UmopepisdnCommented:
Key items to note are the same ones that appear on the BSOD that generates these bugchecks.  First, the primary bugcheck code:

>>PAGE_FAULT_IN_NONPAGED_AREA (50)
>>Invalid system memory was referenced.  This cannot be protected by try-except,
>>it must be protected by a Probe.  Typically the address is just plain bad or it
>>is pointing at freed memory.

Handy. Windbg even gives you the friendly text associated with the bugcheck code, in this case PAGE_FAULT_IN_NONPAGED_AREA. Note that 50 is hexadecimal, or 0x50, or 0x00000050, which will look familiar if you've seen this on a BSOD.

Sometimes this is enough to determine what happened. However, this one is a fairly generic error message, and it doesn't tell us much about what might have caused it.  So, we'll look a bit deeper at the arguments.

>> Arg1: f694e000, memory referenced.
>> Arg2: 00000001, value 0 = read operation, 1 = write operation.
>> Arg3: f6d55aa7, If non-zero, the instruction address which referenced the bad memory
      address.

From this, we know that something from f6d55aa7 tried to write to the the memory address at f694e000.  This was not permitted.

So, let's find out what's significant about these memory addresses.  Let's find out who made the bad call.  We'll take the third argument and look in the stack trace, which for us here is a set of footprints leading to the crime scene.

>> f694d138 860e3fd4 862e6000 f6d57660 003f005c NtFsLdf20+0x2aa7

We see that the call appears to have been made by NtFsLdf20.dll, at offset 0x2aa7 within that file.  A bit of googling around shows that this is the File detection driver, which is part of the windows Driver Development Kit.  There doesn't seem to be much data available about it, but from the name we can imagine it's part of the NTFS file system.  If we had the symbols for the NtFsLdf20.dll appropriate for your version of Windows available to the debugger, we might be able to see, based on the 0x2aa7 offset, what function this instruction was likely to be a part of.

There isn't any information available on the accessed location from Arg1.  This isn't very surprising, since the error is a complaint that the location was invalid, but it might have been useful if we had had enough information in the dump to tell us that, say, the location was part of another module.

From all of this, we can guess that something fairly low-level happened in the file system.  My guess is that you have a failing hard drive.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
morten444Author Commented:
thanks for not only writing the conclution but take time to explain how to got there. I actually learned alot.
Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.