TechSpot

How do I diagnose my minidump file

By dawn
Aug 12, 2006
Topic Status:
Not open for further replies.
  1. I have downloaded and installed MS Debugging Tools for Windows, opened the minidump file and ran the !anyalyze -v command on the dump file, but I don't know what exactly is the error in the Bug Analysis. Can anyone tell me what to look for so I know which device is faulting?

    Thanks,
    dawn
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    You might want to take a look at this short tutorial HERE.

    If that doesn`t help, attach 5 or 6 of your latest minidumps here and I`ll take a look for you.

    Regards Howard :wave: :wave:
  3. dawn

    dawn Newcomer, in training Topic Starter

    Thanks! That was helpful. It looks like the culprit is ntoskrnl.exe, but what does that mean?? I've attached the minidump from yesterday. There were two, but they were exactly the same.

    Microsoft (R) Windows Debugger Version 6.6.0007.5
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [E:\New Folder\Mini081006-02.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\WINDOWS\Symbols
    Executable search path is: C:\WINDOWS\I386
    Unable to load image ntoskrnl.exe, Win32 error 2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
    Debug session time: Thu Aug 10 09:19:49.718 2006 (GMT-7)
    System Uptime: 0 days 4:16:21.264
    Unable to load image ntoskrnl.exe, Win32 error 2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    .........................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000000A, {c007b904, 2, 0, 804e91b7}

    Probably caused by : ntoskrnl.exe ( nt!IoSetThreadHardErrorMode+16 )

    Followup: MachineOwner
    ---------

    kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: c007b904, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 804e91b7, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: c007b904

    CURRENT_IRQL: 2

    FAULTING_IP:
    nt!IoSetThreadHardErrorMode+16
    804e91b7 f60301 test byte ptr [ebx],1

    CUSTOMER_CRASH_COUNT: 2

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0xA

    PROCESS_NAME: mcinsupd.exe

    LAST_CONTROL_TRANSFER: from 804ebace to 804e91b7

    STACK_TEXT:
    f7906e80 804ebace cff2ba55 00000023 83dff890 nt!IoSetThreadHardErrorMode+0x16
    f7906fa4 804dc378 cff2ba55 00000023 ffdff000 nt!MiInsertVad+0x36
    f7906fd0 804dbbd4 80559280 00000000 000f0550 nt!KiWaitTest+0x56
    f7906fd4 80559280 00000000 000f0550 00000000 nt!ExReleaseResourceLite+0x4
    f7906fd8 00000000 000f0550 00000000 00000000 nt!VdmStringIoBuffer+0x3a0


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!IoSetThreadHardErrorMode+16
    804e91b7 f60301 test byte ptr [ebx],1

    SYMBOL_STACK_INDEX: 0

    SYMBOL_NAME: nt!IoSetThreadHardErrorMode+16

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME: ntoskrnl.exe

    DEBUG_FLR_IMAGE_TIMESTAMP: 42250ff9

    FAILURE_BUCKET_ID: 0xA_nt!IoSetThreadHardErrorMode+16

    BUCKET_ID: 0xA_nt!IoSetThreadHardErrorMode+16

    Followup: MachineOwner
    ---------

    kd> lmvm nt
    start end module name
    804d7000 806eb100 nt M (pdb symbols) C:\WINDOWS\Symbols\exe\ntoskrnl.pdb
    Loaded symbol image file: ntoskrnl.exe
    Image path: ntoskrnl.exe
    Image name: ntoskrnl.exe
    Timestamp: Tue Mar 01 16:59:37 2005 (42250FF9)
    CheckSum: 002198AF
    ImageSize: 00214100
    Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
    WARNING: Whitespace at end of path element
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    While your minidump crashes at ntoskrnl.exe, it references mcinsupd.exe as the owning process. This is the McAfee VirusScan Daily Update Module.

    In other words, it possible your crash is caused by McAfee. Uninstalling and reinstalling McAffe may help. You should also check for any Mcafee updates that may be available.

    If you would like to post the actual minidumps, I`ll take a look at them and see what I can find.

    Regards Howard :)
  5. dawn

    dawn Newcomer, in training Topic Starter

    Thanks again. Really appreciate your replying right back. I can't get back to that computer until Tuesday afternoon. I just copied the minidump to a cd and brought it with me. Are you referring to the actual minidump as the file that says mini081006-2.dmp? If so, how do I attach it? When I open it its all greek and could only read them through the Windbg program from MS.
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    To attach your minidumps do the following.

    Click the reply button and scroll down and click on the manage attachments button. Click the browse button and browse to where your minidumps are. Click open and then click upload. Do this for each minidump you would like to attach.

    Once done, close the attachments window and continue your post, then click the submit button.

    Regards Howard :)
  7. dawn

    dawn Newcomer, in training Topic Starter

    Okay. Here it is.

    Thanks, Dawn

    Attached Files:

  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your minidump crashes with memory corruption. The owning process is mcinsupd.exe, which is your McAfee again.

    I believe you problem is either caused by McAfee or a possible ram problem.

    Disconnect from the net and completely uninstall McAfee. See if you still get BSOD`s. Don`t reconnect to the net, untill you have reinstalled McAfee.

    Let me know the results.

    Regards Howard :)
  9. dawn

    dawn Newcomer, in training Topic Starter

    Thanks, Howard. I will do just that on Tuesday and get back to you with the results. I appreciate all of your assistance.

    Have a good day,

    Dawn
  10. dawn

    dawn Newcomer, in training Topic Starter

    Hi Howard,

    I got the McAfee uninstalled and I did not have any sudden restarts. I did not reinstall it yet because I found a few more dmp files and if I'm reading them the way you are I'm thinking there are a few other problems. I attached a few more that I found. If you wouldn't mind looking at them I'd appreciate it.

    Thanks,

    Dawn:wave:

    Attached Files:

  11. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Your minidumps are crashing with various culprits. However, since you`re no longer getting any crashes, I`d say we`ve probably found the culprit, namely Mcafee.

    Download the free AVG antivirus programme from HERE. If you also require a good free firewall programme, then the free Zonealarm, or Kerio firewalls are a good choice. You can get them HERE and HERE.

    Once you`ve installed whatever Firewall you chose, install AVG and run the AVG updates. See if your system is still stable.

    Regards Howard :)
     
  12. dawn

    dawn Newcomer, in training Topic Starter

    Thanks. I was considering AVG, thought I'd wait until tomorrow to see if I have any more crashes, and I'll check out those firewalls too.

    Have a good day,
    Dawn
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.