Hey I want to pick some brains. It's more about a BSOD, but here goes.
I get a LOT of PCs that end up with a BSOD of 0X0000008E
Sometimes they have a message, sometimes they don't. Usualy like "IRQ_NOT_LESS_OR_EQUAL" or maybe "IRQL_...". Something like that.
I just happened to get this BSOD, with no message, while editing in Photoshop CS. Just up and crashes for no apparent reason. Here is the details:
So then, upon a restart, I get the "recovered from serious error" message like XP does (XP Pro btw). So I send an error report and it comes back blaming a device driver. But gives no clues.
This is the first BSOD I've had in a LONG time, so it's not like it happens regularly. Probably just a freak thing. But you never know.
It gave me the locations of the files that it was going to send in the error report, those files were:
Neither of those files/folders existed when I looked. sysdata.xml did not exist anywhere. And I found the minidump in the Windows directory.
---------------------------------------------
Now that being said, because I deal with a lot of BSODs in my work, I'd like to get started being able to analyze a minidump file. Sure it may have been a device driver that caused it and it might not have been. Maybe XP is guessing. But it did blame the win32k.sys file.
I open the minidump in Notepad or Wordpad and it is just all code for the most part.
So my question is, do any of you have a system, or a method, by which to troubleshoot BSODs and read minidump files? I know that those address in the BSOD say things like what is the calling address? Was it a read or write operation? And the like. Is that information even important? I mean, once I restart, what different does it make what part of memory made the call?
So then oh wise ones, how do I take the info in a BSOD, and read a minidump, and get any kind of usefull information? How could I really track down what driver is the culprit, if any?
thanks
zephead
08-17-2005, 03:36 AM
there a website that will help you identify your stop message and root out the cause. http://aumha.org/win5/kbestop.htm
Ad
08-17-2005, 03:36 AM
RealBlackStuff
08-17-2005, 06:54 AM
Send a PM to cpc2004, he is the furum 'guru' as far as dumps are concerned.
He'd be able to put you on the right track.
I've had only 1 BSOD ever (8E, same as you) since I installed XP-Pro/SP2 (7 May, 2005).
I rebooted and ignored it. Been fine since.
In my W2K/SP4 from October 2002 (!), which is still running, I've had maybe 3-4 BSODs over all those years. I think W2K is a lot more stable than XP.
cpc2004
08-17-2005, 11:49 AM
1) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
Debugging Tools from Microsoft[/url]
2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or whatever
3) open a CMD prompt and cd\program files\debugging tools for windows\
4) type the following stuff:
Code:
c:\program files\debugging tools>kd -z C:\WINDOWS\ Minidump\Mini081505-01.dmp
(it will spew a bunch)
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
5) You now have a debuglog.txt in c:\, open it in notepad and post the content here
Vigilante
08-18-2005, 04:42 AM
Thanks Zephead, I've come across that site before, guess I'll have to do some reading.
Thanks RBS, this dumb 0x8E I get so often. And what is microsoft's wise advice? Well basically swap ALL your hardware and reload. Well thanks!
And cpc2004, I hope you don't like memorize this stuff. lol. Thanks for getting started, I downloaded and installed the tools, pretty handy. I don't think the symbols path was right cause it gave an error in the log. But here is the log anyway as an attachment.
I'm learning, keep them suggestions rolling! CPC, if you could be verbose in your explaining my log file, it will help me understand.
Thanks guys.
cpc2004
08-18-2005, 04:53 AM
Create the folder c:\symbols
use the following command within windbg and it will fix the symbol problem.
.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
.reload
!analyze -v
Attach the output here
Vigilante
08-19-2005, 01:39 PM
OK, I created the folder and retyped the original commands.
How come you said type the commands within "windbg"? When we used a command called "kd" originally. Whats the diff between windbg and kd?
Here is the new log file, no symbol error.
Liquidlen
08-19-2005, 02:08 PM
Just thought you might want some more reading/instructions; I gave up on trying to decipher this stuff ,not my cup of tea.
You go boy; I far as I am concerned the more guys in here that can read those things the better.
http://support.microsoft.com/default.aspx?scid=kb;en-us;315263
Vigilante
08-20-2005, 05:20 PM
Thanks for the link. I'll be reading it!
Well I guess the only diff betwix "windbg" and "kd" is that one is graphical. Hey I learned something already!
Vigilante
09-06-2005, 04:30 PM
Hey CPC, need lesson 4 bro....
Ad
09-06-2005, 04:30 PM
cpc2004
09-07-2005, 01:13 PM
OK, I created the folder and retyped the original commands.
How come you said type the commands within "windbg"? When we used a command called "kd" originally. Whats the diff between windbg and kd?
Here is the new log file, no symbol error.
I believe that it is faulty RAM.
Vigilante
09-21-2005, 01:46 AM
Sorry to take so long. But anyhoo, why do you say that? I've never had the error before or after this one time. So how could it be faulty RAM? I'd like to think I've got pretty high quality parts in here. Could something else have happened and made it look like bad RAM? Like swap file corruption or overheat issues?
If you could take the time to pull out the few lines of the log you are reading and tell me what about them makes you think RAM.
Thanks.
cpc2004
09-22-2005, 10:33 AM
From the stack trace, windows crashes at xxxUpdateThreadsWindows which is task manager. I don't have source code of this module. Unless it is stack overlaid by faulty device driver. The task manager does not fail unless hardware error such as ram, CPU or motherboard. Windows debugging is not as easy as what you think.
I don't want to learn how to debug applications. But I'd at least try to find out what module crashes. In other words, if I can trace it to a driver file, DLL or other file that actually gives me any clue. That would be good.
I realise you're really smart about debugging Windows, I guess mabye you were a programmer once, or are? Or where did you learn what means what? And no offense, but it seems like almost every time you debug a minidump, you almost always say it's RAM. And often turns out not to be. So I guess minidumps can be really confusing too. Which is fine.
One last question though, cause I want to know: In that STACK_TEXT of mine, how do you know it was the updatethreadswindows that crashed? I don't see any special characters to mark it. I cause cause the memory address?
Thanks for your help though.
cpc2004
09-24-2005, 08:41 AM
Hi,
Even microsoft cannot provide the answer 100% correct. Most of system crashes reported at this forum are actually faulty ram and most of my answers are correct. I also resolve problem at another forum which are not free. Most of the their system crashes are related to software. It is remarkable result, if you can resolve half of the BSOD problem.
Hi Folks I m really new to this and a bit of a dinosaur
sorry if I m not in the right area
can some kind person look at my dump files and let me know if the easiest thing would be just throw out the equipment due many BSOD
which is IBM thinkpad T20
XP Pro SP2
Intel Pentium iii
696 Mhz
512 MB Ram
tks brgds
cpc2004
09-25-2005, 02:11 PM
I don't want to learn how to debug applications. But I'd at least try to find out what module crashes. In other words, if I can trace it to a driver file, DLL or other file that actually gives me any clue. That would be good.
I realise you're really smart about debugging Windows, I guess mabye you were a programmer once, or are? Or where did you learn what means what? And no offense, but it seems like almost every time you debug a minidump, you almost always say it's RAM. And often turns out not to be. So I guess minidumps can be really confusing too. Which is fine.
One last question though, cause I want to know: In that STACK_TEXT of mine, how do you know it was the updatethreadswindows that crashed? I don't see any special characters to mark it. I cause cause the memory address?
Thanks for your help though.
TRAP_FRAME: b9b774d0 -- (.trap ffffffffb9b774d0)
.trap ffffffffb9b774d0
ErrCode = 00000000
eax=e341f6a8 ebx=e27c10a8 ecx=bbe47220 edx=b9b77548 esi=0000029e edi=b4040d3b
eip=bf90752c esp=b9b77544 ebp=b9b77554 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00050246
win32k!xxxUpdateThreadsWindows+0x46:
bf90752c 8b762c mov esi,[esi+0x2c] ds:0023:000002ca=????????
Ernest Shackelt
10-04-2005, 09:27 AM
hi guys, hey 'cpc2004'!
i have problems with my machine for some time now.
from hanging up when playing games, to restarts within a frame to blue screens during boot up and even blue screens when installing WinXPProSP2 after formatting HDD, all 'randomly'.
it's getting me puke: by now !
i thought it must have something to do with my RAM, or so.
i tested around, switching RAM slots, put one out etc... it seemed like the 1st and 2nd RAM-slots on the MoBo were broken, cause both modules worked fine on the 3rd one.
i just bought the latest MSI 478 board (875P Neo FISR) but the problems continue as above.
i have 3 minidumps from the last few days, written into debuglogs.
it may discover my black sheeps, hopefully.
thx in advance,
ernesto
cpc2004
10-04-2005, 11:50 AM
Hi,
Open a new thread if you want me to help you.
Ernest Shackelt
10-04-2005, 12:43 PM
Hi,
Open a new thread if you want me to help you.
:o
well, if you say so...
i'm on it
DfraGG3r
06-27-2006, 07:31 AM
Hi there
I just formatted my pc and added some new parts. I was playing oblivion and went in the menu to exit the game. It like jammed and few sec after a bsod popped up. Bad Pool Header with 0x00000019. Attached is the dump file with your steps. jope you can help me cpc or someone else :'(
Cheers
gila
11-02-2006, 03:30 AM
Send a PM to cpc2004, he is the furum 'guru' as far as dumps are concerned.
He'd be able to put you on the right track.
I've had only 1 BSOD ever (8E, same as you) since I installed XP-Pro/SP2 (7 May, 2005).
I rebooted and ignored it. Been fine since.
In my W2K/SP4 from October 2002 (!), which is still running, I've had maybe 3-4 BSODs over all those years. I think W2K is a lot more stable than XP.
Thanks. Willstart learning to read minidumps....
gila
11-02-2006, 03:31 AM
1) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
Debugging Tools from Microsoft[/url]
2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or whatever
3) open a CMD prompt and cd\program files\debugging tools for windows\
4) type the following stuff:
Code:
c:\program files\debugging tools>kd -z C:\WINDOWS\ Minidump\Mini081505-01.dmp
(it will spew a bunch)
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
5) You now have a debuglog.txt in c:\, open it in notepad and post the content here
Thanks. Am going to try it!
sanrick
12-11-2006, 11:19 AM
I have been having the same issue too. I will go ahead and try using the debugging tools again. I basically changed HD, PSU, RAM, FAN and Video Card, still I'm getting a lot of BSODs.
Tedster
07-02-2007, 04:10 PM
This thread needs to be a sticky!
chrisjv2000
09-24-2007, 05:31 AM
I have at least 2 BSOD's in a week. Attached is my windbg log, can somebody help me here please ?
Thanks
Ndoan
10-18-2007, 12:01 AM
I bought this new asus motherboard and a new dual core cpu... since i started using it, it keeps rebooting... thought it was the RAM but i checked by replacing the sticks with new ones but its the same...
got this on the event viewer:
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 17/10/2007
Time: 12:22:10 PM
User: N/A
Computer: THE-MATRIX
Description:
Error code 0000009c, parameter1 00000000, parameter2 f7795050, parameter3 b2000000, parameter4 1040080f.
can someone plis help me... got the minidump but how do i attach it in here...
cheers
Nicky
Tedster
10-21-2007, 06:54 PM
Howard pointed out some were having difficulty with the previous link on minidumps and has suggested this one as a tutorial. http://forums.majorgeeks.com/showthread.php?t=35246
enjoy! :)
Dominique
11-27-2007, 08:42 PM
Hello,
As i saw you read dump as a guru I have mine in a thread under Windows OS:
What is issue? It is happening on all Windows 2000 workstations when I try to connect remotely and if the user trying to login does not have already a profile created locally....
Thank you,
Dominique
fresh
06-08-2008, 12:17 PM
pls can any1 help with read my minidump n tell me y my computer keeps showing dat blue screen
kimsland
06-08-2008, 12:25 PM
Inside the 1 MiniDump:
BugCheck F4, {3, 899481a0, 89948314, 805d2970}
Unable to load image mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
Probably caused by : hardware_disk
Probably caused by "Daemon Tools"
Try uninstalling it in Add/Remove programs
Also in future you should create your own thread
stevengfowler
06-28-2008, 07:13 PM
And what do I need to do? PLEASE HELP!
It's too long to post here. Can someone provide me with an email so I can send it so that you may look it over and help?
Sincerely,
Steven
stevengfowler (at) yahoo.com
Route44
06-28-2008, 07:39 PM
And what do I need to do? PLEASE HELP!
It's too long to post here. Can someone provide me with an email so I can send it so that you may look it over and help?
Sincerely,
Steven
stevengfowler (at) yahoo.com
1. First, start your own post. You will find that you will get quicker responses than attaching to an old thread.
2. Put your system specs in your profile including power supply and operating system.
3. Read the sticky in this forum ebtitled "Before posting your minidumps..." by Julio. Do the advice given there and see if those steps help you rectify your issues. And let us know.
4. Do make a public post. Just give the highlights. We don't need all the details. Someone will definitely come along and help.
Lastly, welcome to the forums. :wave:
momok
10-04-2008, 01:12 AM
I've gone through the steps as listed, but I'm getting the following:
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***Anyone knows how to rectify this?
kimsland
10-04-2008, 01:30 AM
Perhaps another link
Here you can learn how to read your own Minidump
http://forums.majorgeeks.com/showthread.php?t=35246
I've gone through the steps as listed, but I'm getting the following:
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***Anyone knows how to rectify this?
ok try this go to windbg(within debugging tools for windows) then go file>symbol fiel path and then input the location of the symbols folder you created (if you havent done this, just go to c: and create a folder with the name 'symbols', then input it in windbg)
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000002c, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 805418fb, address which referenced memory
This is an old thread. In the future you really need to start your own posting so that you can receive help all the quicker.
0xA errors are due to hardware or faulty drivers. In your case it is the Symantec CMC Firewall driver SysPlant.sys. You could update the software but we are recommending people to uninstall Symantec/Norton and go with better offerings. If you do decide to uninstall then make sure you go to their website, find the removal tool for your particular version and use it. This software is notorious for leaving remanants of itself behind.
Bookmark / Share this 
Post a reply, see related topics & more