Help reading Vista dump file

By kebrite
Jan 6, 2009
  1. G'day,

    i have a new vista machine with sp1 on it. it is crashing almost every other day and I have tried downloading the debugger and symbols but still don't think i'm analysing it right as when using the 'WinDbg' program I can't seem to get the dump file to use th esymbols. I have seriously been trying to debug this myself for weeks and finally turning to forums for assistance.

    I ahve attached my dump file for anyone interested in helping. I would really love to be able to read these file correctly as then I can do all the work myself.

    Also, I have already run a memory check which stated that there were no memory issues and chkdsk to ensure there were no bad sectors.

    Thanks in advance to anyone who can help.


    p.s. when I run '!analyze -v' i get the following:
    2: kd> !analyze -v
    * *
    * Bugcheck Analysis *
    * *

    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003. This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG. This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG. This will let us see why this breakpoint is
    Arg1: c0000005, The exception code that was not handled
    Arg2: 823f2c7e, The address that the exception occurred at
    Arg3: 8afcfb6c, Exception Record Address
    Arg4: 8afcf868, Context Record Address

    Debugging Details:

    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.

    *** ***
    *** ***
    *** Your debugger is not using the correct symbols ***
    *** ***
    *** In order for this command to work properly, your symbol path ***
    *** must point to .pdb files that have full type information. ***
    *** ***
    *** Certain .pdb files (such as the public OS symbols) do not ***
    *** contain the required information. Contact the group that ***
    *** provided you with these symbols if you need this command to ***
    *** work. ***
    *** ***
    *** Type referenced: nt!_KPRCB ***
    *** ***

    FAULTING_MODULE: 82203000 nt


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    823f2c7e 83790800 cmp dword ptr [ecx+8],0

    EXCEPTION_RECORD: 8afcfb6c -- (.exr 0xffffffff8afcfb6c)
    ExceptionAddress: 823f2c7e (nt+0x001efc7e)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 00000009
    Attempt to read from address 00000009

    CONTEXT: 8afcf868 -- (.cxr 0xffffffff8afcf868)
    eax=9ab5c608 ebx=9ab5c608 ecx=00000001 edx=8dcb5568 esi=8dcb5568 edi=8dcb5228
    eip=823f2c7e esp=8afcfc34 ebp=8afcfc48 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
    823f2c7e 83790800 cmp dword ptr [ecx+8],0 ds:0023:00000009=????????
    Resetting default scope





    LAST_CONTROL_TRANSFER: from 823f3e3b to 823f2c7e

    WARNING: Stack unwind information not available. Following frames may be wrong.
    8afcfc48 823f3e3b b4b84da0 00000000 8dcb5228 nt+0x1efc7e
    8afcfcd0 823f3061 8dcb5228 8afcfcf0 8dcb5550 nt+0x1f0e3b
    8afcfcf8 823f46de 82302e10 82338ea8 00000000 nt+0x1f0061
    8afcfd14 823f4554 82305100 8afcfd36 8afcfd3c nt+0x1f16de
    8afcfd44 8223b445 00000000 00000000 8458c020 nt+0x1f1554
    8afcfd7c 823d8b18 00000000 b4b84cb0 00000000 nt+0x38445
    8afcfdc0 82231a2e 8223b348 00000001 00000000 nt+0x1d5b18
    00000000 00000000 00000000 00000000 00000000 nt+0x2ea2e

    823f2c7e 83790800 cmp dword ptr [ecx+8],0


    SYMBOL_NAME: nt+1efc7e

    FOLLOWUP_NAME: MachineOwner

    IMAGE_NAME: ntoskrnl.exe

    STACK_COMMAND: .cxr 0xffffffff8afcf868 ; kb


    Followup: MachineOwner
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Your first error was 0xC0000218: UNKNOWN_HARD_ERROR

    A necessary Registry hive file couldn’t be loaded. The file may be corrupt or missing (requiring either an Emergency Repair Disk or a Windows reinstallation). The Registry files may have been corrupted because of hard disk corruption or some other hardware problem. A driver may have corrupted the Registry data while loading into memory, or the memory where the Registry is loading may have a parity error (turn off the external cache and check the physical RAM).

    Your second error is 0x0000009F: DRIVER_POWER_STATE_FAILURE

    A driver is in an inconsistent or invalid power state. Typically occurs during events that involve power state transitions, such as shutting down, or moving into or out of standby or hibernate mode. In other words, a driver is causing an inconsistant power state. A lot of people have experienced issues with Vista moving into or out of stanby or hibernation state.

    Another error is 0x0000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

    A system thread generated an exception which the error handler did not catch. There are numerous individual causes for this problem, including hardware incompatibility, a faulty device driver or system service, or some software issues.

    The last error is 0x8E and these are caused by hardware issues and in your case it cites memory corruption. Corrupted memory can cause numerous headaches even to go so far as having numerous other error reads.


    1. First and foremost run memtest on your RAM. This takes a long time but well worth it. Download from (it is free and very safe), burn it to a CD disk (ISO format) place it in your CD/DVD drive and reboot your PC. The test will take over and must run for a minimum of 7 Passes; 8 individual tests per Pass. Any errors and you have RAM that must be replaced.

    2. Run a full harddrive diagnostics. Get a free utility from your HD manufacturer's website.

    3. Run ChkDsk.

    4. Scan for possible infections.

    * Let us know of your results.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...