1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Memory dump help would be much appreciated

By drjon ยท 12 replies
Jan 13, 2006
  1. I've just upgraded to CommView 5.1 (as 5.0 used to cause BSODs and they assured me there are completely new drivers in 5.1 that will fix that).However I just had a crash while it was running, so I'd be very keen to find out if it was related to CommView or not. If someone could please spare a few minutes to look at the dump I would appreciate it.
    Details are:
    "The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5
    (0xe56570d4, 0x00000002, 0x00000001, 0x8046a992). Microsoft Windows 2000
    [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP."

    (Not attaching the Memory Dump as 400MB :)
    Minidump attached.
    Thanks again

    Attached Files:

  2. elfi

    elfi TS Rookie Posts: 68

    Well does your pc startup after this or does it just hang.
    just go into your BIOS set first startup device to cd-rom
    and than enter your windows installation cd into your drive
    it wil than starup from your cd after that just do a repair maybe it'l help
  3. drjon

    drjon TS Rookie Topic Starter

    Runs fine - I'm just keen to find out why it died so I can work around it to stop it happening again (e.g. update a driver, remove an offending app). It's usually very reliable which is why I'd like to chase this down, especially if it's a Commview issue as that could affect a lot of people.
  4. drjon

    drjon TS Rookie Topic Starter

    Of course having said that, on another computer, I just noticed it has rebooted again (someone else had been playing on it and logged it on again, so I hadn't realised).
    I'll include that minidump too. If someone can help with where it's dying I'd be grateful.

    Attached Files:

  5. cpc2004

    cpc2004 TS Evangelist Posts: 1,994


    Your windows is w2k sp4 and microsoft does not have the symbolic map for this version. I can't format your minidumps properly. However the full memory dump has the symbolic map. Install mircosoft kd and format the full memory at your windows. The first crash is bugcheck C2 and the second crash is bugcheck 0A. Probably it is caused by faulty ram. Run memtest to stress test the ram.

    Mini011306-01.dmp BugCheck C5, {e56570d4, 2, 1, 8046a992}
    Mini011306-02.dmp BugCheck A, {1c618f2, 2, 1, 80458f9c}


    Install Windows Debugging Tools
    1) Create folder c:\symbols
    2) Download and install the http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
    3) Locate your latest memory.dmp file- C:\WINNT\memory.dmp
    4) open a CMD prompt and cd\program files\debugging tools for windows\
    5) type the following stuff:

    c:\program files\debugging tools>kd -z C:\WINNT\memory.dmp
    kd> .logopen c:\debuglog.txt
    kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

    You now have a debuglog.txt in c:\, open it in notepad and post the content to this thread.
  6. drjon

    drjon TS Rookie Topic Starter

    Thanks, that was excellent help and well written. I'm enclosing the file. While I'm at it I don't suppose you could also post a similar instant guide to turning minidumps into human readable form - I always thought that would be useful to know. Also a bonus question - would the same kd commands be the correct ones to use if my XP system had died?
    Thanks again

    Attached Files:

  7. cpc2004

    cpc2004 TS Evangelist Posts: 1,994


    KD can analysis minidump at XP, W2k and W2K. From the stack trace of your debug report, the culprit is faulty memory.
  8. drjon

    drjon TS Rookie Topic Starter

    I would like to ask why do you think it is faulty memory? I still think it's the Commview 5.1 drivers (The problems started when I installed it, I have uninstalled it and it's been stable ever since, but I'd really like to use it so would be nice to be sure).
  9. cpc2004

    cpc2004 TS Evangelist Posts: 1,994


    From the stack trace, I can't find footprint of commview and it is reason why I think it is faulty ram. If commview corrupt the memory, who knows. You can try "last known good config" to restore windows, if it is device driver problem.

    f246bcd4 8044cfbe 821e0000 00000427 00000001 nt!RtlClearBits+0x4a
    f246bcec 80440afb 00427082 003ffffc c03ddc10 nt!MiReleasePageFileSpace+0x42
    f246bd50 80440186 c03ddc10 00000019 00000001 nt!MiMakeOutswappedPageResident+0x2c9
    f246bd7c 8046397d 823a0a00 00000000 00000000 nt!MmInPageKernelStack+0x10e
    f246bd90 80463942 00000000 00000000 00000000 nt!KiInSwapKernelStacks+0x2f
    f246bda8 80454ab2 00000000 00000000 00000000 nt!KeSwapProcessOrStack+0x80
    f246bddc 804692a2 804638c2 00000000 00000000 nt!PspSystemThreadStartup+0x54
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
  10. joaquin.torres

    joaquin.torres TS Rookie

    Here is a dump file

    An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arg1: 817ffff6, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: 80847a69, address which referenced memory

    Debugging Details:
    READ_ADDRESS: 817ffff6
    80847a69 8a5e0e mov bl,[esi+0xe]



    LAST_CONTROL_TRANSFER: from 80847a69 to 80837ed5

    b8e87ac4 80847a69 badb0d00 00000015 80840440 nt!KiTrap0E+0x2a7
    b8e87b58 8082f2b2 000fffff fa13846c bf908994 nt!MiRemovePageByColor+0x21
    b8e87b90 8082f796 e19d3460 00008000 00000001 nt!MiResolveMappedFileFault+0x508
    b8e87bc4 8084a5e8 00000000 bf908994 c02fe420 nt!MiResolveProtoPteFault+0x1a6
    b8e87c5c 80849ce5 00000001 bf908994 c02fe420 nt!MiDispatchFault+0x834

    bf87f76c 83ff20 cmp edi,0x20


    FOLLOWUP_NAME: MachineOwner

    SYMBOL_NAME: win32k!NtUserCallOneParam+23

    MODULE_NAME: win32k

    IMAGE_NAME: win32k.sys


    FAILURE_BUCKET_ID: 0xA_win32k!NtUserCallOneParam+23

    BUCKET_ID: 0xA_win32k!NtUserCallOneParam+23

    Followup: MachineOwner

    eax=f772713c ebx=00000002 ecx=00000001 edx=00000000 esi=f7727120 edi=817ffff6
    eip=80837ed5 esp=b8e87aac ebp=b8e87ac4 iopl=0 nv up ei ng nz na po nc
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
    80837ed5 833d00ee8a8000 cmp dword ptr [nt!KiFreezeFlag (808aee00)],0x0 ds:0023:808aee00=00000000
    ChildEBP RetAddr Args to Child
    b8e87ac4 80847a69 badb0d00 00000015 80840440 nt!KiTrap0E+0x2a7 (FPO: [0,0] TrapFrame @ b8e87ac4)
    b8e87b58 8082f2b2 000fffff fa13846c bf908994 nt!MiRemovePageByColor+0x21 (FPO: [Non-Fpo])
    b8e87b90 8082f796 e19d3460 00008000 00000001 nt!MiResolveMappedFileFault+0x508 (FPO: [Non-Fpo])
    b8e87bc4 8084a5e8 00000000 bf908994 c02fe420 nt!MiResolveProtoPteFault+0x1a6 (FPO: [Non-Fpo])
    b8e87c5c 80849ce5 00000001 bf908994 c02fe420 nt!MiDispatchFault+0x834 (FPO: [Non-Fpo])
    b8e87cb8 80837d0a 00000000 bf908994 00000000 nt!MmAccessFault+0x64a (FPO: [Non-Fpo])
    b8e87cb8 bf908994 00000000 bf908994 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ b8e87cd0)
    b8e87d40 bf87f76c 00000000 b8e87d64 0012fcac win32k!_GetKeyboardType (FPO: [Non-Fpo])
    b8e87d54 80834d3f 00000000 00000029 0012fcb8 win32k!NtUserCallOneParam+0x23 (FPO: [Non-Fpo])
    b8e87d54 7c82ed54 00000000 00000029 0012fcb8 nt!KiFastCallEntry+0xfc (FPO: [0,0] TrapFrame @ b8e87d64)
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0012fcb8 00000000 00000000 00000000 00000000 0x7c82ed54
    start end module name
    80800000 80a75000 nt ntkrnlmp.exe Thu Mar 24 18:42:08 2005 (42435E60)
    80a75000 80aa1000 hal halmacpi.dll Thu Mar 24 18:28:37 2005 (42435B35)
    b8906000 b8917980 NAVENG NAVENG.sys Mon Nov 28 18:03:55 2005 (438B9AEB)
    b8918000 b89cdec0 NAVEX15 NAVEX15.sys Mon Nov 28 17:52:12 2005 (438B982C)
    b8a46000 b8a71000 RDPWD RDPWD.SYS Thu Mar 24 18:27:16 2005 (42435AE4)
    b8a9d000 b8aa0600 prepdrv prepdrv.sys Mon Jun 28 01:09:18 2004 (40DFB60E)
    b8c79000 b8cb7000 NAVAP NAVAP.sys Thu Mar 04 20:01:02 2004 (4047DF5E)
    b8cb7000 b8cc7a60 SYMEVENT SYMEVENT.SYS Wed May 14 00:45:43 2003 (3EC1D807)
    b9790000 b97ba000 Fastfat Fastfat.SYS Thu Mar 24 18:40:20 2005 (42435DF4)
    b98da000 b98e5000 TDTCP TDTCP.SYS Thu Mar 24 18:27:15 2005 (42435AE3)
    b9a3a000 b9a4b000 NAVAPEL NAVAPEL.SYS Thu Mar 04 20:01:07 2004 (4047DF63)
    b9b13000 b9b72000 srv srv.sys Thu Mar 24 18:40:19 2005 (42435DF3)
    b9cb6000 b9cb8600 lm78nt lm78nt.sys Fri Apr 04 05:24:52 2003 (3E8D6B84)
    ba02a000 ba033000 ndisuio ndisuio.sys Thu Mar 24 18:33:16 2005 (42435C4C)
    ba072000 ba087000 Cdfs Cdfs.SYS Thu Mar 24 18:40:55 2005 (42435E17)
    ba0d7000 ba0e8000 Fips Fips.SYS Thu Mar 24 18:40:33 2005 (42435E01)
    ba0e8000 ba15e000 mrxsmb mrxsmb.sys Thu Mar 24 18:41:13 2005 (42435E29)
    ba186000 ba1b6000 rdbss rdbss.sys Thu Mar 24 18:40:49 2005 (42435E11)
    ba1b6000 ba1e0000 afd afd.sys unavailable (FFFFFFFE)
    ba1e0000 ba211000 netbt netbt.sys Thu Mar 24 18:40:31 2005 (42435DFF)
    ba211000 ba272000 tcpip tcpip.sys Thu Mar 24 18:40:31 2005 (42435DFF)
    ba272000 ba28b000 ipsec ipsec.sys Thu Mar 24 18:40:49 2005 (42435E11)
    ba34b000 ba35f000 usbhub usbhub.sys Thu Mar 24 18:30:46 2005 (42435BB6)
    ba67f000 ba745000 dmboot dmboot.sys unavailable (FFFFFFFE)
    ba79f000 ba7df000 update update.sys Thu Mar 24 18:40:27 2005 (42435DFB)
    ba83f000 ba849000 Dxapi Dxapi.sys Tue Mar 25 01:06:01 2003 (3E7FFFD9)
    ba85f000 ba86d000 dump_symmpi dump_symmpi.sys Fri May 23 09:15:25 2003 (3ECE2CFD)
    ba86f000 ba879000 dump_diskdump dump_diskdump.sys Thu Mar 24 18:28:56 2005 (42435B48)
    ba87f000 ba8b6000 rdpdr rdpdr.sys Thu Mar 24 18:30:20 2005 (42435B9C)
    ba8b6000 ba8c9000 raspptp raspptp.sys Thu Mar 24 18:40:43 2005 (42435E0B)
    ba8c9000 ba8e3000 ndiswan ndiswan.sys Thu Mar 24 18:40:46 2005 (42435E0E)
    ba8e3000 ba8f8000 rasl2tp rasl2tp.sys Thu Mar 24 18:40:29 2005 (42435DFD)
    ba8f8000 ba915a80 b57xp32 b57xp32.sys Mon Aug 23 16:49:29 2004 (412A6669)
    ba916000 ba940000 USBPORT USBPORT.SYS Thu Mar 24 18:30:43 2005 (42435BB3)
    ba940000 ba968000 ks ks.sys Thu Mar 24 18:41:03 2005 (42435E1F)
    ba968000 ba97c000 redbook redbook.sys Thu Mar 24 18:28:46 2005 (42435B3E)
    ba97c000 ba991000 cdrom cdrom.sys Thu Mar 24 18:28:57 2005 (42435B49)
    ba991000 ba9a4000 i8042prt i8042prt.sys Thu Mar 24 18:41:05 2005 (42435E21)
    ba9a4000 ba9b8000 mf mf.sys Thu Mar 24 18:34:12 2005 (42435C84)
    ba9b8000 ba9d3000 VIDEOPRT VIDEOPRT.SYS Thu Mar 24 18:29:53 2005 (42435B81)
    ba9d3000 baa26d80 ati2mpad ati2mpad.sys Thu Jul 18 20:13:20 2002 (3D3767B0)
    baadd000 baae3000 TWGSYSIN TWGSYSIN.SYS Thu Apr 03 11:37:58 2003 (3E8C7176)
    bab15000 bab1c160 tlmkagent_2_1_0_0 tlmkagent-2_1_0_0.sys Fri Jul 02 f7011000 f701a000 mssmbios mssmbios.sys Thu Mar 24 18:34:14 2005 (42435C86)
    f7021000 f702d680 baspxp32 baspxp32.sys Wed Feb 05 14:17:52 2003 (3E417170)
    f7031000 f703c000 ptilink ptilink.sys Thu Mar 24 18:28:25 2005 (42435B29)
    f7051000 f7059ee0 smbushc smbushc.sys Fri Apr 04 05:23:40 2003 (3E8D6B3C)
    f7061000 f706e000 wanarp wanarp.sys Thu Mar 24 18:34:07 2005 (42435C7F)
    f7071000 f707a5a0 ibmcomw ibmcomw.sys Thu Jul 15 13:10:17 2004 (40F6C889)
    f70c5000 f70c8f80 ibmhpa ibmhpa.sys Sat Feb 08 00:55:15 2003 (3E44A9D3)
    f7101000 f7120000 Mup Mup.sys Thu Mar 24 18:40:49 2005 (42435E11)
    f7120000 f7133080 rdacdisk rdacdisk.sys Thu Jul 22 12:04:56 2004 (40FFF3B8)
    f7134000 f716a000 NDIS NDIS.sys Thu Mar 24 18:40:26 2005 (42435DFA)
    f716a000 f71ff000 Ntfs Ntfs.sys Thu Mar 24 18:40:29 2005 (42435DFD)
    f71ff000 f7226000 KSecDD KSecDD.sys Thu Mar 24 18:28:53 2005 (42435B45)
    f7226000 f724b000 fltmgr fltmgr.sys Thu Mar 24 18:30:25 2005 (42435BA1)
    f724b000 f725e000 CLASSPNP CLASSPNP.SYS Thu Mar 24 18:40:23 2005 (42435DF7)
    f725e000 f727d000 SCSIPORT SCSIPORT.SYS Thu Mar 24 18:40:26 2005 (42435DFA)
    f727d000 f7382120 ql2300 ql2300.sys Mon Jul 26 17:49:50 2004 (41058A8E)
    f7383000 f739f000 atapi atapi.sys Thu Mar 24 18:28:49 2005 (42435B41)
    f739f000 f73c9000 volsnap volsnap.sys Thu Mar 24 18:29:10 2005 (42435B56)
    f73c9000 f73f5000 dmio dmio.sys Thu Mar 24 18:30:02 2005 (42435B8A)
    f73f5000 f741c000 ftdisk ftdisk.sys Thu Mar 24 18:29:00 2005 (42435B4C)
    f741c000 f7432000 pci pci.sys Thu Mar 24 18:34:14 2005 (42435C86)
    f7432000 f7466000 ACPI ACPI.sys Thu Mar 24 18:34:09 2005 (42435C81)
    f7487000 f7490000 WMILIB WMILIB.SYS Tue Mar 25 01:13:00 2003 (3E80017C)
    f7497000 f74a6000 isapnp isapnp.sys Tue Mar 25 01:16:35 2003 (3E800253)
    f74a7000 f74b4000 PCIIDEX PCIIDEX.SYS Thu Mar 24 18:28:48 2005 (42435B40)
    f74b7000 f74c7000 MountMgr MountMgr.sys Thu Mar 24 18:27:23 2005 (42435AEB)
    f74c7000 f74d2000 PartMgr PartMgr.sys Thu Mar 24 18:40:34 2005 (42435E02)
    f74d7000 f74e5000 symmpi symmpi.sys Fri May 23 09:15:25 2003 (3ECE2CFD)
    f74e7000 f74f7000 disk disk.sys Thu Mar 24 18:28:58 2005 (42435B4A)
    f74f7000 f7503000 Dfs Dfs.sys Thu Mar 24 18:30:28 2005 (42435BA4)
    Unloaded modules:
    b8918000 b89ce000 NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    b8906000 b8918000 NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    b8b73000 b8c29000 NAVEX15.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    b8ac1000 b8ad3000 NAVENG.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    b9ced000 b9d02000 Serial.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f76f7000 f7705000 imapi.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f77d7000 f77df000 Sfloppy.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    f7507000 f7510000 smbushc.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    Closing open log file c:\debuglog.txt
  11. indytycoon

    indytycoon TS Rookie

    I had this same problem, then I updated my video card drivers and it went away.
  12. drjon

    drjon TS Rookie Topic Starter

    The problem here turned out to be ts_lb.sys, which is the part of CommView that identifies which process is sending network traffic.

    I've been chasing them over it and after a couple of even more dud versions their latest effort seems good so far.

    I've also worked out how to read memory dumps, which will be handy (though hopefully not too handy).
  13. cpc2004

    cpc2004 TS Evangelist Posts: 1,994

    Hi Drjon,

    From the stack trace we cannot find the footprint of ts_lb.sys. If ts_lb.sys corrupt the windows storage, we cannot find out the culprit unless we install a storage alternation trap to catch the culprit on the spot. For example, some version of ZoneAlarm caused blue screen problem, but most users with the same version do not encounter blue screen problem. Probably ZoneAlarm and some device driver use same piece of common system storage. ZA thinks it is owner of the storage and other device driver such as eMule also thinks it is owner of the storage. When emule is active and corrupt the storage of ZA. Consequently ZA accesses the corrupted storage and windows crashes.

    I'm glad to know that your problem is resolved and thanks for your information.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...