Over 1 million tech questions and answers.

Guides for WinDbg - How to read dump files?

Q: Guides for WinDbg - How to read dump files?

Hello,
I am wanting to start reading my own dump files on Microsoft OS's (primarily 7 and 8) so I can figure out problems for myself. I have Windows Debugger (WinDbg) installed and have read a few guides but they are vague. There is still a whole lot I need to
learn. Any guides you guys can recommend? Maybe something a whole lot easier and more detailed or another debugger.
So far I have read these guides from MS ->

How to read the small memory dump file that is created by Windows if a crash occurs - https://support.microsoft.com/en-us/kb/315263
Crash dump analysis using the Windows debuggers (WinDbg) - https://msdn.microsoft.com/en-us/library/windows/hardware/ff539316?f=255&MSPPError=-2147217396
I don't understand symbols and haven't been able to get them to work and it mentions I386 folder but that isn't present in Windows 7 and 8. I wasn't able to get any of my minidumps to load.
Thanks

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Guides for WinDbg - How to read dump files?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 81.6

Hello all!

Occasionally I have dump files to run through WinDBG. Sometimes they are not kernal minidumps, but this doesn't matter. May I ask a quick question of you experts?

How do I run multiple files through WinDBG? I can run a single dump file perfectly file - symbols are set up well, but how do I do a big block?

Actually, would you also mind showing me how to do get a driver list, a probably caused by for all of them, and that slimmed down log.

I mean the driver list, this log:

Code:
BugCheck 1A, {8884, fffffa8002248c20, fffffa80021dfc50, 102}
Probably caused by : memory_corruption ( nt!MiRelinkStandbyPage+a2 )
??????????????????????????????????????????????????????????????????????????????????????``
BugCheck 1A, {8884, fffffa8004b636f0, fffffa8004b40f20, 500}
Probably caused by : memory_corruption ( nt!MiRelinkStandbyPage+a2 )
??????????????????????????????????????????????????????????????????????????????????????``
BugCheck 4E, {2, b4a97, 1affff, 200}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+8804 )


and this log:


Code:
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Debug session time: Mon Nov 29 17:36:30.614 2010 (UTC - 5:00)
System Uptime: 0 days 2:01:38.396
Probably caused by : memory_corruption ( nt!MiRelinkStandbyPage+a2 )
BUGCHECK_STR: 0x1a_8884
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
FAILURE_BUCKET_ID: X64_0x1a_8884_nt!MiRelinkStandbyPage+a2
???????????????????????????????????????????????... Read more

A:How do I run multiple dump files through WinDBG?

Rich
I have not needed multiple dumps, but I will refer this to the BSOD squad in 7 and you will get your answser.

Read other 7 answers
RELEVANCY SCORE 80

Hello,

I am trying to debug some crash dumps which all point to NTOSKRNL.EXE but I am unable to debug or even analyze it because the WinDBG throws me an error :-


Code:
************* Symbol Path validation summary **************Response Time (ms) Location
OK C:\symbols
Symbol search path is: C:\symbols
Executable search path is: C:\symbols
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
Machine Name:
Kernel base = 0xfffff801`0cc8a000 PsLoadedModuleList = 0xfffff801`0cf56a20
Debug session time: Sat Mar 22 19:54:14.327 2014 (UTC + 5:30)
System Uptime: 0 days 0:27:07.854
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................. Read more

A:Unable to make WinDBG analyze the Dump files

Hi

Your symbol search path is wrong. You should set it something like :

SRV*C:\symbols*http://msdl.microsoft.com/download/symbols

Then Windbg will download and save correct symbols in to the local cache.

Read other 4 answers
RELEVANCY SCORE 78.8

Hello there,

I am trying to debug some Crash Dump Files and I have not been able to load the Dump file properly because the WINDBG says the following error :-

Loading Dump File [C:\Users\Blueelvis_RoXXX\Desktop\030114-6531-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could... Read more

A:Symbol Loading Error In WinDBG while debugging dump files

In the debugger, add the symbol search path (file > symbol search path) and add

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

You can replace c:\symbols part with another directory if you want. That should help.

Read other 3 answers
RELEVANCY SCORE 66.4

My computer has been experiencing BSOD lately through out this month. I have attached some files with the dumps. Please help me figure out what was the cause of the BSODs. Thank you very much in advance.

A:Please help me read dump files

  
Quote: Originally Posted by monsteranh


My computer has been experiencing BSOD lately through out this month. I have attached some files with the dumps. Please help me figure out what was the cause of the BSODs. Thank you very much in advance.


Your video driver, re-install using this method.

When upgrading your graphic driver you MUST remove all traces of the current driver. In order to do that we recommend using Guru3D - Driver Sweeper
Or Phyxion.net - Driver Sweeper

When it is removed then download and install the fresh copy.

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\Seven Forums\053111-26754-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols;srv*e:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02c1d000 PsLoadedModuleList = 0xfffff800`02e62650
Debug session time: Tue May 31 22:09:52.090 2011 (GMT-4)
System Uptime: 0 days 21:16:40.932
Loading Kernel Symbols
...............................................................
..................................... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

All my dump files as well as others I've looked at in this forum, looks like hieroglyphics when I open them in Notepad, "PAGEDU64 `B x, p& P3$ d? ? ?? H X?? ??? ? Y ?? ? @? < <......"

What I'm doing wrong?
 

A:How to read dump files?

Download and use Bluescreenview...
 

Read other 2 answers
RELEVANCY SCORE 66.4

Hey everyone so I've been having some issues lately with my laptop bluescreening randomly. I'm running Windows 7 Ultimate x64 and can't seem to figure out what exactly is the issue with my computer. I've run chkdsk and have found no bad sectors as well as ran memtest 86 for 5 passes on each stick and came back ok. Also ran sfc /scannow and it came back with no errors. When I do get a blue screen the error it says is something like IRQL_DRIVER or something along those lines...so maybe it's possibly a driver issue? All my drivers have been updated.

So I attached 4 dump files and was wondering if someone could read them for me and possibly point me in the right direction?

Thanks!

A:Can someone read my Dump files?

Hi,

Remove Zone Alarm.

Zone Alarm Removal tool -> http://download.zonealarm.com/bin/fr...cpes_clean.exe (run in Safe Mode without Networking)

Also - turn driver verifier on

Using Driver Verifier to identify issues with Drivers

Regards,
Reventon
BUGCHECK SUMMARY

Code:

Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Fri Oct 1 08:44:23.043 2010 (GMT+13)
System Uptime: 0 days 2:07:52.056
BugCheck D1, {ffffffff00000000, 2, 8, ffffffff00000000}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
Bugcheck code 000000D1
Arguments ffffffff`00000000 00000000`00000002 00000000`00000008 ffffffff`00000000
??????????????????????????????????????????????????????????????????????????????????????``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Fri Oct 1 06:35:50.015 2010 (GMT+13)
System Uptime: 0 days 0:15:46.028
BugCheck D1, {ffffffff00000000, 2, 8, ffffffff00000000}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
Bugcheck code 000000D1
Arguments ffffffff`00000000 00000000`00000002 00000000`00000008 ffffffff`00000000
??????????????????????????????????????????????????????????????????????????????????????``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Fri Oct 1 05:22:46.291 2010 (GMT+13)
System Uptime: 0 days 0:03:47.305
BugCheck ... Read more

Read other 8 answers
RELEVANCY SCORE 66.4

Hi guys,im getting alot of BSOD everyday and i want someone to read the dump files.i have attached in rar the latest dmp files.

I would really appreciate if someone helps me. Cheers

A:Dump files to read for me

Dump Files is (.zip) Format...

Read other 9 answers
RELEVANCY SCORE 66.4

My pc started getting bsod and i have no idea why. Thanks in advance.

A:Can anyone read my dump files?

so i guess i should try to fix it myself? oh well.

Read other 7 answers
RELEVANCY SCORE 65.6

Did not know where to post this. I am trying to open a dump filed in WinDbg and keep getting this message and am not quiet sure how to proceed
 
 
I was also following the directions here https://www.sysnative.com/forums/bsod-kernel-dump-analysis-debugging-information/7627-register-windbg-dump-files-file-associations.html. I had no luck in completing this either. I had it typed in the cmd prompt as administrator as              C:\Program Files (x86)\Windows Kits\10\Debuggers\x86 windbg.exe -IA        and kept getting a message that amounted to "you don't know what you're doing"      

A:Trying to open dump file in WinDbg

Type/paste these 2 lines exactly as written:
 
cd\Program Files (x86)\Windows Kits\10\Debuggers\x86
 
windbg.exe -IA
 
You have to change the directory (folder) first, then issue the command for file association.
 
Regards. . .
 
jcgriff2
 
 
posted via mobile
 
 
 

Read other 0 answers
RELEVANCY SCORE 65.6

Hello.
I like to analysis a dump file with "windbg" but which commands are useful for do it? Can you show me some useful command that can help me to find the root of problem?

Thank you.

Read other answers
RELEVANCY SCORE 65.6

Hello!

I've done a forum search before opening a new topic, and the solutions I found in other topics are for reading BSOD minidumps, not application dump files, so for example BlueScreenView won't do me any good.

I have a 3rd party application that crashes frequently. The last time I created a dump file. After searching google for the better part of an hour on how to read dump files of applications specifically, I only came up with using dumpchk.exe for a solution, but the dump file is so large, I can not read the entire dump in the command line.

Is there a 3rd party application I can read entire dump files with?

Thanks in advance!

A:How do I read _application_ dump files?

The short version is you don't. Dump files are really only useful if you have access to the source code of the program they're for, so even if you could read them, it wouldn't help you much. Those dump files are intended for Microsoft's developers to be able to analyze what was going on at the time and determine if it had anything to do with Windows (or some other MS program). They're not intended for the average person, even the average developer.

Read other 7 answers
RELEVANCY SCORE 65.6

Hello everyone,

I am running Windows 7 Utimate 64-bit and I have gotten many random BSOD's while being use on internet . I have opened the dump files. And all of them say that probable cause is: ntoskrnl.exe ( nt+71f00 ).

Attachment 53661

I have attached a .zip file with these dump files too.
I've passed the test of memory, no erreurs was dectected.

Any information very much appreciated.

A:BSOD Please help me to read my dump files

Please help me, many thanks to you.

Read other 9 answers
RELEVANCY SCORE 65.6

Please help, been having a problem for about a month now, thanks..

I cant run that Windows_NT6_BSOD_v3.03_jcgriff2_.exe file I downloaded from this site, so i hope the crash dump files will do. Thanks..

A:Crash dump (help me read the files)

   Information
Bugcheck 0xA0 - Usual Cause : Drivers, Sleep problems or Hardware (PSU Mainly)

Probably caused by : ntkrpamp.exe ( nt!PopAllocateIrp+a0 )

If you have any Overclocked Hardware then please return back to Default Clock speed

Run a full scan with your AV

Could you also tell me the Make/model of your PSU and If you added any Hardware then please remove.

For Reference:

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Josh\AppData\Local\Temp\Temp1_crash dump files.zip\Mini060111-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
Machine Name:
Kernel base = 0x8244c000 PsLoadedModuleList = 0x82563c70
Debug session time: Wed Jun 1 01:40:06.236 2011 (UTC + 1:00)
System Uptime: 0 days 2:35:14.266
Loading Kernel Symbols
...............................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* ... Read more

Read other 19 answers
RELEVANCY SCORE 65.6

I've been running out of ideas now, and windbg somehow doesn't make me open the .dmp files, so I'm desperately asking for help :( I don't know what's wrong with my computer with the tons of BSOD.

Here's the link with attached dump file:
https://drive.google.com/open?id=1kuRVG6KLZhXM3NTuzguDFFDdiyhzDj5S

Read other answers
RELEVANCY SCORE 65.6

Hello everyone,

I am running Windows 7 Pro 32bit on HP and I have gotten many random BSOD's while being use on internet (play game online). I have updated lastest Windows , VGA, all driver from HP but still have BSOD. I can not read dump files. please help me

Thanks

A:BSOD Please help me to read my dump files

Only ran the 9 memory dumps from July - the one's from May (a total of 21) suggest the same thing.
The 9 from July are STOP 0x1 errors - Although I did see one STOP 0x119 (video driver) error in the May dumps along with several other errors blaming your ATI video drivers.

If you haven't done anything to fix the May errors (there were no errors in June), then please do the following:
- download the Display Driver only (NOT the entire Catalyst Control Center) from Global Provider of Innovative Graphics, Processors and Media Solutions | AMD
- uninstall the current ATI stuff from your system
- install the Display Driver and monitor for further BSOD's.

Then, if the errors are still occurring, try running Driver Verifier according to these directions:





Quote:
Using Driver Verifier is an iffy proposition. Most times it'll crash and it'll tell you what the driver is. But sometimes it'll crash and won't tell you the driver. Other times it'll crash before you can log in to Windows. If you can't get to Safe Mode, then you'll have to resort to offline editing of the registry to disable Driver Verifier.

So, I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista/Win7 Startup Repair feature).

Then, here's the procedure:
- Go to Start and type in "verifier" (without the quotes) and press Enter... Read more

Read other 1 answers
RELEVANCY SCORE 65.2

In short, I use Windows 7 Ultimate 32-bit and everytime I try to open Dump Files from either my computer or other computers with Microsoft's WinDbg.exe, it mainly gives these two errors at the end and WONT let me use any commands or examine the files:

"ERROR: Reload failure, partially initialized target
WaitForEvent failed".
------------------------------------------------------------------------------------------

Well, everytime I try to open a Crash Dump File (.DMP) that came from a game I use, it doesn't allow it. The thing is, there's only 2 of them out of the 20 something here that actually open, but I want to open the others too as they contain important information I need (Some of them are from different computers, but the thing is, I have about 12 on my computer that were created on my computer and only 2 of them open up). This is what happens when I use WinDbg.exe to try to open one of the dump files:


Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Kimberly\Desktop\Flash Drive\Debug View\Crash Dump Files\redluffy\irisclient v21769 2011-01-14 10-53-55.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUse... Read more

A:Crash Dump File Won't Open? [WINDBG.EXE]

Are you trying to open memory dump files or mini dump files? Make sure you computer is configured for mini dumps. Read the last part of the first post in this tutorial: http://www.sevenforums.com/tutorials...en-forums.html

Read other 7 answers
RELEVANCY SCORE 65.2

Hopefully this is the correct subforum to post this in. If it is not could somebody point me to the correct one?
I am using THIS guide here on tenforums.

When I try to dump the stack I input the command dps ffffd00026876000 ffffd00026870000. The two values are my base and limit values. I tripple checked them many times.

However everytime I input that command I get an error message saying

"^ Range error in 'dps ffffd00021787000 ffffd00021781000"
What is this about?

A:WINDBG Range Error While Trying To Dump The Stack

Solved.

My fault.

Limit first, Base second

Read other 0 answers
RELEVANCY SCORE 64.8

just got a new comp and final fantasy 14, put it in clicked english for my language and boom blue screen, didnt even get a chance to install and it happened 5 times after troubleshooting, i got system_service_exceeption for an error, finally found my dump files and zipped it with a system health report. please if anyone can decipher this THANKS IN ADVANCE

A:BSOD, someone read my dump files pleeease

Hi -

All 5 dumps had the same bugcheck -

0x3b (0xc0000005,,,) = system service threw an exception - 0xc0000005 = memory access violation. No probable cause named.

I found a loaded driver belonging to Symantec/ Norton -

Code:

SRTSPX64.SYS Wed Dec 02 00:58:24 2009 (4B160200)
Was there a trial offer on the new system for NIS, N360, other Norton product?

Run Norton Removal Tool - http://jcgriff2.com/NRT_N360_Removal.html

Is Webroot anti-virus only or an Internet Security app with a firewall? If firewall - remove Webroot; reboot upon comletion. Install MSE

Run the Driver Verifier -- http://jcgriff2.com/driver_verifier.htm


Windbg Logs
--> http://jcgriff2.net/BSOD_Logs/_99-db..._jcgriff2_.txt
--> http://jcgriff2.net/BSOD_Logs/_99-db...riff2_.txt.zip

Regards. . .

jcgriff2


`

BSOD BUGCHECK SUMMARY

Code:

Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Wed Sep 22 18:13:56.334 2010 (GMT-4)
System Uptime: 0 days 0:15:30.551
Probably caused by : ntkrnlmp.exe ( nt!PspInsertProcess+40 )
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: explorer.exe
Bugcheck code 0000003B
Arguments 00000000`c0000005 fffff800`033800c0 fffff880`056f6620 00000000`00000000
??????????????????????????????????????????????????????????????????????????????????????``
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Debug session time: Wed Sep 22 17:43:09.841 2010 (GMT-4)
System Upt... Read more

Read other 4 answers
RELEVANCY SCORE 64.8

i get these Page fault error alot

installed 3 months ago exactly after i biut this PC Win 7 x64

Please look into these Minidumps

A:BSOD in almost every action that i do Please read these dump files

Please remove any CD/DVD virtualization software, such as Daemon Tools/Alcohol 120%, as they use a driver called sptd.sys that is known to cause BSODs. Use add/remove programs to remove the software. After removing the software, use the sptd.sys uninstaller to remove sptd.sys from the system.

I prefer TotalMounter as my CD/DVD virtualization software as it allows me to burn images to a virtual CD/DVD if I just want an ISO file instead of a disc, and it is free.

Many use MagicISO - Convert BIN to ISO, Create, Edit, Burn, Extract ISO file, ISO/BIN converter/extractor/editor as well, which is also free.
Crashes are pointing to memory problems or driver conflicts.If you are overclocking any hardware, please stop.

Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).


   Warning
Before you proceed with the following, answer these two questions: Are you still under warranty? Does your warranty allow you to open up the machine to check hardware? If you are unsure of the answers to these questions, contact your system manufacturer. WARNING: The steps that follow can void your... Read more

Read other 1 answers
RELEVANCY SCORE 64.8

I've been having several regular BSOD(s) for the past two weeks. I suspect that my core is failing.

I reapplied some thermal paste and the temp is 20 degrees lower than it was running before I changed it. The voltage running through it seems to be normal.

I keep trying to pinpoint the exact errors, but my windbg keeps telling me I don't have the right symbols (even though they're configured to Microsoft's symbol server) to read WEA_ERROR_RECRODs.

Can someone with properly configured symbols paste the WEA error logs (!errrec)? That would really help me since I'm pretty much at a dead end since I can't get windbg to cooperate. Or is anyone able to help me pinpoint the exact trouble?'

I've already spent many hours:
memtest86 says my 4 sticks of memory are fine (ran from bootable CD)
western digital data scan says my hard drive is fine (ran from bootable CD)

Specs:
Vista 32-bit SP2
(Dell Inspiron 531)
AMD x64 5600

Periphs:
GTX 295
USB Mouse
USB Keyboard

Power Supply is Turbo Cool 860 ESA and is about 4 years old.

WinDBG not being cooperative:


Code:
Loading Dump File [C:\Users\Emily\Desktop\Kyle's Dumps\Mini082112-12.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: c:\Windows\Symbols
Executable search path is: C:\Windows\System32
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Pe... Read more

A:Can't read WHEA in my crash dump files. Help!

Still looking for anyone to take a look at the minidump files.

Read other 2 answers
RELEVANCY SCORE 64.8

I have a workstation that has started crashing on the 17th.


It seems to go down 4-6 times per day. Previously it had only crashed 2 times in about 2 years. I asked the user if they had installed anything differently or if they had power issues and was told no.

I have never been great at trying to read dumps, so I am posting here to ask for help .
 

A:Random XP crashes. Can someone help me read the dump files?

First, the cause of your issue cited in all your minidump files is nvufmz.sys but the bad news is there is absolutely nothing on the internet concerning what appears to be a driver.

Second, it is preventing both your Symantec and your Broadcom wireless driver b57xp32.sysw from loading.

* I strongly suggest running your security software.
 

Read other 1 answers
RELEVANCY SCORE 64.8

Blue screen continually can you please read these files thank you
 

A:Solved: Can someone please read my dump check files

Read other 11 answers
RELEVANCY SCORE 64.4

I've started getting in to analyzing my own memory dumps with WinDBG but the problem is I don't know which commands to use to properly utilize its features. For instance, (forgive me if I sound noobish about this I'm new to analyzing them) how do I view the call stacks for seeing if the probable cause lies in there?

For instance just opening the Kernel Dump in WinDbg tells me the probable cause is "ntkrnlmp.exe" But I doubt that it's the real cause of the BSOD.

Any tips would be appreciated and I apologize if this is in the wrong topic.

EDIT:
Also could anyone tell me if this driver seems to be the cause of this particular blue screen? This is the call stacks






Quote:
fffff880`04306790 fffff880`04e1e9d3 dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+0xa3
fffff880`043067d0 fffff880`04e387d9 dxgmms1!VIDMM_GLOBAL::PrepareDmaBuffer+0xe1b
fffff880`043069a0 fffff880`04e38514 dxgmms1!VidSchiSubmitRenderCommand+0x241
fffff880`04306b90 fffff880`04e38012 dxgmms1!VidSchiSubmitQueueCommand+0x50
fffff880`04306bc0 fffff800`0332d73a dxgmms1!VidSchiWorkerThread+0xd6
fffff880`04306c00 fffff800`030828e6 nt!PspSystemThreadStartup+0x5a
fffff880`04306c40 00000000`00000000 nt!KxStartSystemThread+0x16


Thanks again for any information

A:How do I use WinDBG to properly analyze a kernal memory dump?

I'm not a pro either but looking at that dxgmms1, it is a microsoft driver and unlikely to be the actual cause.

Driver Reference Table - dxgmms1.sys

My suspicion would be graphics drivers or the card depending on the BugCheck Code.

Here's an excellent driver reference, Driver Reference Table (DRT)

And BSOD index for BugChecks, BSOD Index

Also here's some good info for finding offending drivers,

Debugging A BSOD - My way

Read other 5 answers
RELEVANCY SCORE 64.4

I'm struggling to get WinDBG to work with a 32 bit dump file on 64 bit Win7. I have both WinDBG 32 bit and 64 bit installed. Both launch but cannot execute any SOS or .NET framework commands. I keep getting a generic message Failed to load data access DLL, 0x80004005

I've tried the recommended suggestion to run .cordll -ve -u -l, which returned CLR DLL status: No load attempts

Recently, I dowloaded sosex.dll to check deadlocks. It gave much more specific error;
CLRDLL: c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll:2.0.50727.4927 f:0
doesn't match desired version 2.0.50727.3082

So, looks like I need 3082 build of SOS and not 4927. Where can I get this file from?

Any other suggestions?

Thanks!

A:Windbg: How to debug 32 bit dump file on 64bit Win7

Use the debugger which matches the "bitness" of the dump you're trying to analyse. SOS actually has to use the CLR on the machine doing the debugging, so you won't be able to get very far with a 32-bit SOS attempting to load into a 64-bit debugger process (WinDBG) to analyse a 32-bit dump.

The mscorDACwks.dll (data access components) should (must) match the machine from which the dump was generated, not the one doing the debugging. Hence, either get mscordacwks.dll from the dump-generating machine, or hope to bob that they're uploaded that build to the symbol server and try this:

.symfix c:\SymCache
.reload
.cordll -ve -u -l

If that still fails...

!sym noisy
.reload

... and watch the output from the attempt to find mscordacwks.dll on the symbol server.

===============================================
EDIT: and then help yourself to a few of the "why is my machine BSODding?" questions, thanks

Read other 4 answers
RELEVANCY SCORE 64

I'm hoping someone can help me with my problem. I have Windows 7 Home 64-bit. Whenever I try to upload a document (like an email attachment) I get the BSOD. It occurs when my document box pops up so I can select the document I want to attach. The box doesn't fully load - and BSOD. This occurs in email and other websites in Firefox, Chrome and Open... but not in IE for whatever reason. IE is ok. When troubleshooting, I attempted to read the dump files - but BSOD again. I do have the info when my computer reboots and I'm hoping someone can help me:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF88007BBCC40
BCP3: 0000000000000000
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
 

A:BSOD when trying to Upload Documents or Read Dump Files

Hello BookNerdGirl and Welcome to TSG!

Please go to C:\Windows and copy the minidump folder to the desktop. Compress it and upload it here. Click Go Advanced and scroll down to Manage Attachments to do this.
 

Read other 2 answers
RELEVANCY SCORE 64

Hi,

I get random BSOD a lot since updating from 8 to 8.1. I don't know how to interpret these files, but I followed the instructions to make a zip with the diagnostics tool. I've attached this file, anyone who could help me interpret what is going wrong would be greatly appreciated.

Thanks

A:BSOD dont know how to read dump files but have attached

Hi pinksock.

Your BSODs are all stop 0x109 and they are not showing any possible cause.

Test your RAM modules for possible errors.
How to Test and Diagnose RAM Issues with Memtest86+
Run memtest for at least 8 passes, preferably overnight.

If it start showing errors/red lines, stop testing. A single error is enough to determine that something is going bad there.

Stress test the CPU.
Hardware - Stress Test With Prime95

If those tests are free from errors, enable Driver Verifier to monitor the drivers.
Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.



   Information
Why Driver Verifier:
It puts a stress on the drivers, ans so it makes the unstable drivers crash. Hopefully the driver that crashes is recorded in the memory dump.

How Can we know that DV is enabled:
It will make the system bit of slow, laggy.



   Warning
Before enabling DV, make it sure that you have earlier System restore points made in your computer. You can check it easily by using CCleaner looking at Tools > System Restore.

If there is no points, make a System Restore Point manually before enabling DV.



   Tip

If you fail to get on the Desktop because of DV, Boot into Advanced Boot Options > Safe mode. Disable DV there. Now boot normally again, and try following the instruction of enabling DV again.
If you cannot boot in Safe mode too, do a Syst... Read more

Read other 4 answers
RELEVANCY SCORE 64

Hi, I was trying to figure out what caused the Stop error I last encountered. I tried searching for any clues on Windows XP's mini dump, but I can't seem to find it. All I see are drivers loaded at that time, but the actual file I'm searching for, the file that caused the crash as indicated on the Stop error, is not there. It's actually Speedbit's Video Accelerator file, sbbotdi.sys. I have to find that out the hard way - waiting for the PC to trigger the stop error again. I saw people here asking for the minidump and replying with the exact file that caused the error. Thanks a lot

A:[SOLVED] How to read WinXP's Mini dump files

hello

just a suggestion if you haven't tried it yet but go to the home site of the company and inquire of them of the file and any related problems that might cause this

you might get the info you are lookin for there and reasons as why it is causing the error

for this sounds like it is an application error that is related to the program and not an issue of windows

i may be wrong !!!!

but the makers of the program should be able to answer your questions , if not check back you may find that you may have other advice waiting here

Mike

Read other 6 answers
RELEVANCY SCORE 64

I'm hoping someone can help me with my problem. I have Windows 7 Home 64-bit. Whenever I try to upload a document (like an email attachment) I get the BSOD. It occurs when my document box pops up so I can select the document I want to attach. The box doesn't fully load - and BSOD. This occurs in email and other websites in Firefox, Chrome and Open... but not in IE for whatever reason. IE is ok. When troubleshooting, I attempted to read the dump files - but BSOD again. I do have the info when my computer reboots and I'm hoping someone can help me:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF88007BBCC40
BCP3: 0000000000000000
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

A:BSOD when trying to Upload Documents or Read Dump Files

Post it following the Blue Screen of Death (BSOD) Posting Instructions

Read other 9 answers
RELEVANCY SCORE 63.6

Explorer.exe has started crashing recently (not randomly, it's always when doing certain things, fully reproduceable). It's the infamous one with exception code 0xc000041d. I followed the steps in this thread and now have the dump file at hand (down there ). If someone could tell me what causes the crash, I'd be real happy and all. If you want more information, I've got lots to give. I've got Win7 64-bit.

A:Explorer crashing constantly, dump file from WinDBG included

  
Quote: Originally Posted by Morgion


Explorer.exe has started crashing recently (not randomly, it's always when doing certain things, fully reproduceable). It's the infamous one with exception code 0xc000041d. I followed the steps in this thread and now have the dump file at hand (down there ). If someone could tell me what causes the crash, I'd be real happy and all. If you want more information, I've got lots to give. I've got Win7 64-bit.


Hello ! Welcome to SF !

You said it's reproducible so while doing what the Explorer crashes. Please mention the steps. Meanwhile i'll look at the Dump files

- Captain

Read other 7 answers
RELEVANCY SCORE 62

hey guys, I just followed the PortForward.com guide for setting up my static ip address and I'm sure did it perfectly. I then tried to forward some ports and i typed in my new IP adress blah blah blah and no matter what, the ports I try to forward just will not forward. (im testing them at www.canyouseeme.com, and through the certain programs for the ports.) I have the Linksys WRT54G and vista. I also have NO firewall. can someone please help me because I just cant figure out what the hell I'm doing wrong.
 

A:I read port forwarding guides, but no matter what, they wont forward

Read other 6 answers
RELEVANCY SCORE 60.4

OS: Windows 7 hp

If running 'windbg' and trying to open/read a minidump file, windows says
'no permission'.
How do I get permission to open/read the minidump files?
Thanks.

A:Windbg, how to open/read minidump file?

Run windbg as administrator. Right click the icon and select run as administrator.

Read other 2 answers
RELEVANCY SCORE 59.6

Can anyone look at this debugging report and tell me what could be causing my crashes

my computer keeps blue screen crashing often whether i am using firefox or playing sims 3. i have a 64 bit amd quad core chip with windows 7. here is the report i got after running a debugger on the minidump from today. it is soooo much appreciated. I have researched this but am at the end of my knowledge base.

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960006291de, fffff88007454b30, 0}

Probably caused by : hardware ( cdd!BitBltBitmap+5c6 )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff960006291de, Address of the instruction which caused the bugcheck
Arg3: fffff88007454b30, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NT... Read more

A:Is there a windbg expert reader out there to read a fault report?

0x3B errors are often caused by video card drivers but here it cites hardware which means their might be an issue with your video card.
 

Read other 7 answers
RELEVANCY SCORE 57.2

From AfterDawn .com. Very handy.http://www.afterdawn.com/guides/

A:Many guides to working with, and repairing, A V files

nice find

Read other 1 answers
RELEVANCY SCORE 54.8

Lets say you want to rerun the jcgriff utility after you fix the BSOD to see the state of the system, but the old Dbg files are still being picked up.

How are old WinDbg files cleared after fixing the BSOD?

A:Clearing old WinDbg files

You mean the old minidumps? They should be present at the /Windows/Minidump directory.

Read other 4 answers
RELEVANCY SCORE 54.8

Is it possible to open .dmp files by double clicking on them? I've associated them with WinDbg.exe but they don't open - I get the error below. I can only open them with ctrl + D. Is it possible?

A:How to open .dmp files with WinDbg

Yes. All you need to do is to run these two commands. Case sensitivity is important.

chdir /d C:\YOURWINDBGFOLDERHERE

windbg -IA

Read other 15 answers
RELEVANCY SCORE 53.6

I've been having BSoD's for well over a year now, once or twice almost every day. I've tried multiple times to figure out whats wrong but... I dont have ANY dump files.

I've followed instructions on how to enable them but it still doesn't create a file. Im really hoping you all can help me out here.

The current settings are:
Page files on both hard drives enabled.
Set custom page size to 17000MB-20000MB
System managed size and no paging file boxes are unchecked
Write an event to system log box checked
Automatically restart unchecked
Debug information set to small memory dump/kernal. Both settings dont work
Overwrite existing file box is greyed out when debug is set to small memory. Checked when set to kernal
Small and kernal memory dump location set to C:\Windows\Minidump and C:\Windows\Memory.DMP I created these folders as they were not present

I got a SSD awhile back and use it for my windows. However i didnt reformat my other hard drive and windows is still installed on the old one however i boot from the SSD (maybe this is some how the problem)

Im using WhoCrashed from Resplendence Software - Advanced System Tools and Developer Components to force a BSoD when trying to creat a dump file.

There are NO files in either folder. Both on the SSD or old hard drive.

I've searched many forums now and found others with what seems to be the same problem but with no solutions. I would VERY much appreciate the help!
The BSoD's seem to mostly happen when play... Read more

A:No dump file after BSoD. Dump files ARE enabled

Wrote stuff that was wrong. Ignore this reply

Read other 9 answers
RELEVANCY SCORE 53.6

A quick run down on where I'm at now:
I've been getting random BSODs, so I found out how to open .dmp files in the D:\Windows\minidump folder. I installed .Net 4.5 so I could install the Windows development kits, installed the kits, then I opened WinDbg and tried to open the folder. The pop up window informed me access was denied. I moved it to the desktop, tried again, same result.

After seeing access denied I did a search and found out about adding the registry hack that allows you to take ownership of a file. I added the hack, right click -> take ownership. No luck after having done so.

If I could get some help getting it open, it would be much appreciated.

Thanks
Edit: As posted below, from the directory with WinDbg.exe I ran it as an Administrator and it worked.

A:Access denied when trying to open .dmp files with WinDbg

Configuring the "Debugging Tools"
This should show you how, also if you don't mind would you upload a zip of the dumps so i can look at them as well. Just wanna see, i am somewhat new at this as well.
If you want real bsod help try this : BSOD posting instrucs: http://www.sevenforums.com/crashes-d...tructions.html

Read other 3 answers
RELEVANCY SCORE 52.8

I have been fighting multiple daily BSODs since mid June. I am a novice, so the debugging process is confusing. I have managed to run it several times and it has pointed to different .sys files. I have run memtest86 for several passes and the built-in Windows Memory Check, with no errors. It appears all drivers are up to date and I have uninstalled/re-installed the Q35 Chipset Express Driver a few times thinking that might help. I know this might sound crazy, but, it doesn't seem to crash inside software (eg. Quickbooks) but if I open Live Mail, IE or Chrome its just a matter of when it will crash. Any help is greatly appreciated. Thanks!

A:Multiple BSODs daily, generally .sys files blamed in WinDbg

Since no one has given any advice, I will add that I have uninstalled/reinstalled the ethernet card & drivers to no avail. I have installed Driver Booster and let it update any drivers it found to be old. As I type this I am in Safe Mode with networking. To this point I have not received BSOD in safe mode...

The most recent BSOD was cache_manager

Read other 9 answers
RELEVANCY SCORE 50.8

Could someone read my dump and let me know what happend after the BSOD?

A:Please read my dump?

Hi -

The bugcheck = 0xf4 = an object critical to Windows was suddently terminated.

Probable cause - Trend Micro Internet Security -

Code:
tmevtmgr.sys Mon Jul 06 02:10:28 2009 (4A519554)
I believe these drivers were involved as well (specifically the 1st 2) -

Code:
DSI_SiUSBXp_3_1.sys Tue Feb 06 18:12:17 2007 (45C90B51) - a gaming patach ..?
SiLib.sys Tue Feb 06 18:09:13 2007 (45C90A99) - USBXpress 64 bit
nvm62x32.sys Fri Oct 17 17:00:39 2008 (48F8FCF7) - - NVIDIA nForce Networking
Update NVIDIA nForce --> Drivers - Download NVIDIA Drivers

As for the first 2 - they appear to be a possible gaming patch.

I would suggest that you remove Trend Micro --> http://esupport.trendmicro.com/suppo...tID=EN-1037161

Use Microsoft Security Essentials --> http://www.microsoft.com/Security_Essentials/

Regards. . .

jcgriff2

.


Code:
Opened log file 'C:\Users\PalmDesert7\_jcgriff2_\dbug\__Kernel__\_99-dbug.txt'
Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\PalmDesert7\_jcgriff2_\dbug\__Kernel__\020910-16859-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.x86fre.win7_rtm.090713... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

Can i get a read on this dump file please trying to find out why some games stop responding

Thanks

( Guess windows 7 zip wont upload will try again soon thanks )

A:dump read plz TY

  
Quote: Originally Posted by niklas


Can i get a read on this dump file please trying to find out why some games stop responding

Thanks


sure but you need to upload it first. use these to find and upload it. http://www.sevenforums.com/crash-loc...d-problem.html
thanks

Ken

Read other 1 answers
RELEVANCY SCORE 50.4

Hey everyone so I've been having some issues lately with my pc bluescreening randomly. I'm running Windows 7 Ultimate Sp1 x32 and can't seem to figure out what exactly is the issue with my computer. I've run chkdsk and have found no bad sectors

So I attached dump file and was wondering if someone could read it for me and possibly point me in the right direction? thanks in advance

A:Can someone please read my Dump file?

You've got an hardware issue here.. You should try
-MEMTEST
-PRIME95
-SEAGATE TOOLS

Hope this gets you going.

Read other 6 answers
RELEVANCY SCORE 50.4

Please help me parse this dump log file. Our windows server 2003 has crashed recently 4 times.

Thanks,
Solomon
 

A:Please help read dump file

Your error is 0x00000050: PAGE_FAULT_IN_NONPAGED_AREA

This means requested data was not in memory and an invalid system memory address was referenced. This error can be caused by:

1. Defective memory (including main memory, L2 RAM cache, video RAM).

2. Incompatible software (including remote control and antivirus software) might cause this Stop message, as may other hardware problems (e.g., incorrect SCSI termination or a flawed PCI card).

This is what I suggest at this time:

A. Run memtest on your RAM for a minimum of 7 Passes. www.memtest.org

B. One processor of note is Sptd.sys which is a driver used by the CD Rom emulation program, Daemon Tools Version 4. There have been reports of problems with this driver. Google it and you'll see what I mean.

Therefore, either uninstall and then re-install or update this program.
 

Read other 2 answers
RELEVANCY SCORE 50.4

Im consistently getting the irql_not_less_or_equal error, and Id like to figure out whats causing it. I did a memtest so its not that faulty memory and nothing is overheating. Where on my computer can I find the logs or dump that record what happened, and would anyone be able to help me make sense of them?

A:irql_not_less_or_equal read dump

Hi,

Lets get some more info on your system so we can troubleshoot easier:

1. Download SysInternals AutoRuns from Microsoft TechNet - save to My Documents directory

http://live.sysinternals.com/autoruns.exe

2. Download Sysinfo collection app - save to My Documents -

http://jcgriff2.com/BSOD_XP_v1.3_jcgriff2_PROD_.exe

Run the second exe (it runs the first exe as well as other other applications that are included in XP)

You'll find a new folder in My Documents - TSF_XP_Support.

Please zip the folder up up and attach to next post.

Regards,
Reventon

Read other 1 answers
RELEVANCY SCORE 50.4

C:\Program Files\Support Tools>dumpchk c:\mini052110-03.dmp
Loading dump file c:\mini052110-03.dmp
----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 00707000
PfnDataBase 81c46000
PsLoadedModuleList 8055d720
PsActiveProcessHead 805638b8
MachineImageType 0000014c
NumberProcessors 00000002
BugCheckCode 100000d1
BugCheckParameter1 00000006
BugCheckParameter2 00000002
BugCheckParameter3 00000000
BugCheckParameter4 b9e367d4
PaeEnabled 00000001
KdDebuggerDataBlock 8054d2e0
MiniDumpFields 00000dff

TRIAGE_DUMP32:
ServicePackBuild 00000300
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 00000534
DriverListOffset 00003148
DriverCount 0000007b
StringPoolOffset 000055d0
StringPoolSize 00001110
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack 805511cc
DebuggerDataOffset 00002eb8
DebuggerDataSize 00000290
DataBlocksOffset 000066e0
DataBlocksCount 00000004


Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible

Kernel base = 0x... Read more

A:Who can read a dump file?

Hello Bry, not really up on this kind of thing but I have access to a beginners guide so would like to have a go but I think you need to zip the dump in its original ( .dmp ) format and then post it.

Read other 9 answers
RELEVANCY SCORE 50.4

Can someone give me an idea whats going on here. Random Reboots have increased quite a bit of late.

Sometimes its when it has been in sleep mode. Other times normal locked desktop.

A:Mini dump to read please?

Are you sure it's random reboots?
Not an update that reboots your computer - as a window behind a window you're working on?
What happens when it reboots exactly?

Read other 5 answers