Jump to content

Looking for help with a Kernal Memory Dump

Guest Bryan

By Guest Bryan
in Windows 2003 Server

 Share

Recommended Posts

Guest Bryan

Guest Bryan

Posted
Posted

Hi All,

I'm looking for some guidence on debugging a Kernal Dump from a Windows 2003

SP1 server. I've been able to read the dump using WinDbg and it appears to

be driver related but i can't determine any further what driver is causing a

problem. Is there a place that i can submit the crash to be analyzed?

 

thanks kindly!

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Edwin vMierlo [MVP]

Guest Edwin vMierlo [MVP]

Posted
Posted

Re: Looking for help with a Kernal Memory Dump

 

you can with Microsoft Support

 

 

 

"Bryan" <Bryan@discussions.microsoft.com> wrote in message

news:0B562C27-C896-46D6-848A-A03489309165@microsoft.com...

> Hi All,

> I'm looking for some guidence on debugging a Kernal Dump from a Windows

2003

> SP1 server. I've been able to read the dump using WinDbg and it appears

to

> be driver related but i can't determine any further what driver is causing

a

> problem. Is there a place that i can submit the crash to be analyzed?

>

> thanks kindly!

Guest Bryan

Guest Bryan

Posted
Posted

Re: Looking for help with a Kernal Memory Dump

 

Yeah, I just hate to use up hours for this. I can if that's the only way but

i was hoping there was a forum out there that would be able to look at the

dump and give me some guidence.

 

 

"Edwin vMierlo [MVP]" wrote:

> you can with Microsoft Support

>

>

>

> "Bryan" <Bryan@discussions.microsoft.com> wrote in message

> news:0B562C27-C896-46D6-848A-A03489309165@microsoft.com...

> > Hi All,

> > I'm looking for some guidence on debugging a Kernal Dump from a Windows

> 2003

> > SP1 server. I've been able to read the dump using WinDbg and it appears

> to

> > be driver related but i can't determine any further what driver is causing

> a

> > problem. Is there a place that i can submit the crash to be analyzed?

> >

> > thanks kindly!

>

>

>

Guest Mathieu CHATEAU

Guest Mathieu CHATEAU

Posted
Posted

Re: Looking for help with a Kernal Memory Dump

 

Hello,

 

!analyze doesn't show up the name of the driver that crashed ?

 

this may help:

Explanation of error codes generated by Device Manager in Microsoft Windows

XP Professional

http://support.microsoft.com/default.aspx?scid=kb;EN-US;310123

 

 

 

--

Cordialement,

Mathieu CHATEAU

http://lordoftheping.blogspot.com

 

 

"Bryan" <Bryan@discussions.microsoft.com> wrote in message

news:0B562C27-C896-46D6-848A-A03489309165@microsoft.com...

> Hi All,

> I'm looking for some guidence on debugging a Kernal Dump from a Windows

> 2003

> SP1 server. I've been able to read the dump using WinDbg and it appears

> to

> be driver related but i can't determine any further what driver is causing

> a

> problem. Is there a place that i can submit the crash to be analyzed?

>

> thanks kindly!

Guest Bryan

Guest Bryan

Posted
Posted

Re: Looking for help with a Kernal Memory Dump

 

Thanks for your reply. If i'm reading it correctly, !analyze shows

ntkrpamp.exe as the offending driver, however i believe that's an OS driver.

Device Manager does show a hidden serial device with error code 24 (This

device is not present, is not working properly, or does not have all its

drivers installed). I will try and track down proper drivers for it but is

there a way that i can be more certain that that's what caused the crash?

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 50, {dbcc1000, 0, 808ce49f, 0}

 

Probably caused by : ntkrpamp.exe ( nt!CmpFileWrite+5d )

 

Followup: MachineOwner

---------

 

1: kd>

1: kd> !analyze -v

*******************************************************************************

*

*

* Bugcheck Analysis

*

*

*

*******************************************************************************

 

PAGE_FAULT_IN_NONPAGED_AREA (50)

Invalid system memory was referenced. This cannot be protected by try-except,

it must be protected by a Probe. Typically the address is just plain bad or

it

is pointing at freed memory.

Arguments:

Arg1: dbcc1000, memory referenced.

Arg2: 00000000, value 0 = read operation, 1 = write operation.

Arg3: 808ce49f, If non-zero, the instruction address which referenced the

bad memory

address.

Arg4: 00000000, (reserved)

 

Debugging Details:

------------------

 

 

READ_ADDRESS: dbcc1000

 

FAULTING_IP:

nt!CmpFileWrite+5d

808ce49f 0fbe32 movsx esi,byte ptr [edx]

 

MM_INTERNAL_CODE: 0

 

DEFAULT_BUCKET_ID: DRIVER_FAULT

 

BUGCHECK_STR: 0x50

 

PROCESS_NAME: System

 

CURRENT_IRQL: 1

 

TRAP_FRAME: f712ac04 -- (.trap fffffffff712ac04)

ErrCode = 00000000

eax=dbcc2000 ebx=e334ba80 ecx=00000047 edx=dbcc1000 esi=00000068 edi=00000000

eip=808ce49f esp=f712ac78 ebp=f712acd0 iopl=0 nv up ei ng nz na pe cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287

nt!CmpFileWrite+0x5d:

808ce49f 0fbe32 movsx esi,byte ptr [edx]

ds:0023:dbcc1000=??

Resetting default scope

 

LAST_CONTROL_TRANSFER: from 8085e6cd to 80827447

 

STACK_TEXT:

f712ab74 8085e6cd 00000050 dbcc1000 00000000 nt!KeBugCheckEx+0x1b

f712abec 8088bc18 00000000 dbcc1000 00000000 nt!MmAccessFault+0xb25

f712abec 808ce49f 00000000 dbcc1000 00000000 nt!KiTrap0E+0xdc

f712acd0 808befdf e334ba80 00000001 e2d40000 nt!CmpFileWrite+0x5d

f712ad28 808bf9a5 00000053 e334ba80 e334bd78 nt!HvpWriteLog+0x2cd

f712ad3c 808c134d e334ba01 8b3798d0 808a4828 nt!HvSyncHive+0x71

f712ad58 808ca4b5 00000001 e334bd78 f712ad78 nt!CmpDoFlushNextHive+0xe1

f712ad80 8087f92f 00000000 00000000 8b3798d0 nt!CmpLazyFlushWorker+0x7f

f712adac 80948bd0 00000000 00000000 00000000 nt!ExpWorkerThread+0xeb

f712addc 8088d4e2 8087f844 00000001 00000000 nt!PspSystemThreadStartup+0x2e

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

 

 

STACK_COMMAND: kb

 

FOLLOWUP_IP:

nt!CmpFileWrite+5d

808ce49f 0fbe32 movsx esi,byte ptr [edx]

 

SYMBOL_STACK_INDEX: 3

 

FOLLOWUP_NAME: MachineOwner

 

MODULE_NAME: nt

 

IMAGE_NAME: ntkrpamp.exe

 

DEBUG_FLR_IMAGE_TIMESTAMP: 45ebdefe

 

SYMBOL_NAME: nt!CmpFileWrite+5d

 

FAILURE_BUCKET_ID: 0x50_nt!CmpFileWrite+5d

 

BUCKET_ID: 0x50_nt!CmpFileWrite+5d

 

Followup: MachineOwner

---------

 

 

 

"Mathieu CHATEAU" wrote:

> Hello,

>

> !analyze doesn't show up the name of the driver that crashed ?

>

> this may help:

> Explanation of error codes generated by Device Manager in Microsoft Windows

> XP Professional

> http://support.microsoft.com/default.aspx?scid=kb;EN-US;310123

>

>

>

> --

> Cordialement,

> Mathieu CHATEAU

> http://lordoftheping.blogspot.com

>

>

> "Bryan" <Bryan@discussions.microsoft.com> wrote in message

> news:0B562C27-C896-46D6-848A-A03489309165@microsoft.com...

> > Hi All,

> > I'm looking for some guidence on debugging a Kernal Dump from a Windows

> > 2003

> > SP1 server. I've been able to read the dump using WinDbg and it appears

> > to

> > be driver related but i can't determine any further what driver is causing

> > a

> > problem. Is there a place that i can submit the crash to be analyzed?

> >

> > thanks kindly!

>

>

Guest Edwin vMierlo [MVP]

Guest Edwin vMierlo [MVP]

Posted
Posted

Re: Looking for help with a Kernal Memory Dump

 

> Yeah, I just hate to use up hours for this. I can if that's the only way

but

> i was hoping there was a forum out there that would be able to look at the

> dump and give me some guidence.

>

 

 

!analyze -v

 

is a start, then use the WinDbg help file (I know a bit of standard answer,

but it goes too far to discuss kernel debugging in a windows newsgroup)

 Share
Go to topic listing
×
×
  • Create New...