Needing help with crash dump analysis

0

00pontiac

Posts: 14   +0
Having a problem with appcrashes on my vista based pc. Three programs, all related, used to run beautifully for me, then suddenly one day there's appcrashes.

I've installed windows debugging tools and have full dumps, a dump from taskmanager, and my adplus log that I was able to ferret out. But beyond these I'm stuck, I have no idea how to read them and despite my ability to google with the best of them I have no idea what to do now.

If you read the log you'll see the program is visual pinball. Please really needing help, I'm not just a table author, I'm a player lol sorry, stupid joke, but I can't afford a new computer (as that's the only thing besides this that might work at this point) I'm at my wits end here.

I'm posting my adplus log, hope this is relevant, the full dumps and task manager dump are a bit to big to post... but I'll find a way if needed.

Stein
 

Attachments

  • ADPlus_log_3a54_2011-06-29_20-12-13-940.log
    31.2 KB · Views: 5
How to find and post your Minidump Files:

My Computer > C Drive > Windows Folder > Minidump Folder > Minidump Files.

It is these files that we need (not the folder). Attach to your next post the five most recent dumps. Notice the Manage Attachments button at the bottom when you go to post the next time; the Zip option will compress the files in order for you to attach. You can Zip up to five files per Zip; if you only have one or two you don’t need to zip them, just attach as is. Please do us a favor and don’t Zip each one individually.
 
thanks for the help, it is greatly appreciated.

what's confusing is the manage attachments feature here only accepts a 200k filesize.

my dump files are over 100megs each, and around 30megs each zipped. that's why I posted the original adplus log.

I tried anyways but they are not being uploaded.

unless I'm still not understanding, or somethings gone terribly wrong, I'll post these on the web somewhere and post the link shortly.
 
here is the link, sorry for not putting it in link tags, my post count must be 5 or greater to add a link here.
 
ok, I can understand no one wanting to help.

could someone tell me then, if I needed to learn this myself what would be a good spot to start? maybe some links, or even just some advice. the microsoft site isn't helping, and some of the recent places I've been to have apparently not helped, such as installing ms debugging tools or running the adplus tool for the log. which obviously is not what I want to be doing.

I might be a noob here, but I'm not stupid, I'm just stuck.

Stein
 
what's confusing is the manage attachments feature here only accepts a 200k filesize.
my dump files are over 100megs each, and around 30megs each zipped
Click to expand...

That is weird. Can you please see how your system is configured to record minidump files?

Steps for to check this are:

1. Right click on My Computer
2. Go to Properties
3. Then click on "Advanced System Settings"
4. Go to Advanced Tab
5. Click on Settings Under "Startup and Recovery"
6. Ensure that 'Small Memory Dump' is selected under Write Debugging Information.

Whenever you have an BSOD next time around please zip it and attach with your next post.
 
Thanks for your help. My problem is an Appcrash tho, maybe this has something to do with it? I don't know, but I did find my dump size set to Kernel instead of Small, so after changing that and restarting I tried again. But still the dump file is > 100 megs.
 
I will get back to you on this dump size issue, can you please have a look at your Event Viewer logs, especially looking at the yellow/red tagged events and tell me whatever details are available. You can do so by going Control Panel > Administrative Tools > Event Viewer.
 
well it seems my computer is a complete mess, it was new in 2008 and there's been a lot of activity on it, there's just too many red and yellow flagged items for me to guess which ones would be appropriate to post here.

I thought maybe the "Windows Logs>Application" section and I found a red Error flagged for my application that's crashing, I'll post it here but I have my doubts that this is what I should be looking for...

I just can't thank you enough for your help, I wish I were more knowledgeable about these things...

Faulting application VPinball 81.exe, version 1.0.0.3, time stamp 0x49416c37, faulting module VPinball 81.exe, version 1.0.0.3, time stamp 0x49416c37, exception code 0xc0000005, fault offset 0x0000942d, process id 0x1aec, application start time 0x01cc427d57bb0000.
Click to expand...
 
Please download BlueScreenView and select folder where your minidumps are located to view results. Then rightly click on each entry and save the results in txt form, then attach these with your next post.
 
Actually, I already had that program as well as most of the other nirsoft apps, despite the fact I don't know what I'm doing I've been busy trying...

My next problem, BlueScreenView doesn't recognize any of my dump files.
 
In that case we have no option but to try to install debugging tools on your system.

Please download appropriate version for your PC from here.

Note: Please select appropriate version according to your OS, i.e. x64 or x86.

Once you have downloaded and installed Windbg, please follow these steps:

1. Create a folder named MSS in C:\ drive
2. Open Windbg
3. Press Ctrl+S, and cut/paste this in the appearing box:

srv*c:\mss*http://msdl.microsoft.com/download/symbols

4. Click on OK.

5. Then Ctrol+D, and scroll to the folder containing minidumps, you can can then select one minidump at a time for analysis.
6. It will take some time as the appropriate symbols get downloaded / and dump is analyzed, once that is done please paste the results here.

Lastly, please provide us with complete system specifications of your computer.
 
ok, I had already managed to download and install the debugging tools and the symbols on my own. Here are the results, I don't think this is right as it does not appear to be much information... there wasn't any activity after trying to install the symbol files. I'm thinking I must be going wrong somehow with that. However, I do have the symbols installed in my windows folder after my first attempt, there are many other folders inside the symbols folder. But anyhow, this is what I came up with as per you instructions...

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\00Pontiac\AppData\Local\Temp\VPinball 81.DMP]
User Mini Dump File with Full Memory: Only application data is available

Symbol search path is: srv*c:\mss*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Version 6002 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS Personal
Machine Name:
Debug session time: Mon Jun 27 22:46:38.000 2011 (UTC - 7:00)
System Uptime: 1 days 3:21:49.701
Process Uptime: 0 days 0:00:10.000
................................................................
.
eax=020e6000 ebx=0051eee8 ecx=020e5fe8 edx=00001000 esi=00000000 edi=029557f0
eip=77185ca4 esp=0012faf0 ebp=0012fb20 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
77185ca4 c3 ret
Click to expand...

My specs as follows:

Dell XPS 420
Windows Vista Home Premium SP2
Intel Core2 Quad Q6600 2.4GHz w/3 GB Memory and Dell Bios A07
 
The complete debug report looks like this:

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Minidumps\Brad94\Mini071711-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\mss*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_gdr.101209-1647
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Jul 18 01:43:31.500 2011 (GMT+5)
System Uptime: 0 days 0:22:58.195
Loading Kernel Symbols
...............................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 10000050, {e9a0d354, 0, b741274a, 2}

Unable to load image cmuda3.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for cmuda3.sys
*** ERROR: Module load completed but symbols could not be loaded for cmuda3.sys

Could not read faulting driver name
Probably caused by : portcls.sys ( portcls!DispatchDeviceIoControl+3e )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e9a0d354, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: b741274a, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: e9a0d354

FAULTING_IP:
portcls!DispatchDeviceIoControl+3e
b741274a ff5210 call dword ptr [edx+10h]

MM_INTERNAL_CODE: 2

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: fsx.exe

LAST_CONTROL_TRANSFER: from b7579f1f to b741274a

STACK_TEXT:
b11e0a48 b7579f1f 89fe1030 864cd910 b11e0a70 portcls!DispatchDeviceIoControl+0x3e
b11e0a58 b74128c0 89fe1030 864cd910 00000000 ks!KsDispatchIrp+0x126
b11e0a70 b7412881 89fe1030 864cd910 b11e0ad4 portcls!KsoDispatchIrp+0x43
b11e0a80 b755b8b9 89fe1030 864cd910 86f24ca0 portcls!PcDispatchIrp+0x5f
WARNING: Stack unwind information not available. Following frames may be wrong.
b11e0ad4 b21a2757 86f24ca0 00000000 002f0003 cmuda3+0x1358b9
b11e0b2c b21aa2ee ffea3ebf 00000000 00000003 sysaudio!SetVirtualVolume+0x94
b11e0b54 b7579f5c 8604a500 86052c00 86052bf8 sysaudio!PinVirtualPropertyHandler+0xbb
b11e0bb8 b7579ed9 8604a500 00000003 b21a1a58 ks!KspPropertyHandler+0x616
b11e0bdc b21a328c 8604a500 00000003 b21a1a30 ks!KsPropertyHandler+0x19
b11e0c30 b7579f95 88e1f500 8604a500 b11e0c64 sysaudio!CPinInstance::pinDispatchIoControl+0x115
b11e0c40 804ef19f 88e1f500 8604a500 806e7410 ks!DispatchDeviceIoControl+0x28
b11e0c50 8057f98e 8604a648 86aafe90 8604a500 nt!IopfCallDriver+0x31
b11e0c64 8058081d 88e1f500 8604a500 86aafe90 nt!IopSynchronousServiceTail+0x70
b11e0d00 80579298 00001cbc 00000f30 00000000 nt!IopXxxControlFile+0x5c5
b11e0d34 8054167c 00001cbc 00000f30 00000000 nt!NtDeviceIoControlFile+0x2a
b11e0d34 7c90e514 00001cbc 00000f30 00000000 nt!KiFastCallEntry+0xfc
0006fc44 00000000 00000000 00000000 00000000 0x7c90e514


STACK_COMMAND: kb

FOLLOWUP_IP:
portcls!DispatchDeviceIoControl+3e
b741274a ff5210 call dword ptr [edx+10h]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: portcls!DispatchDeviceIoControl+3e

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: portcls

IMAGE_NAME: portcls.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 48025ccc

FAILURE_BUCKET_ID: 0x50_portcls!DispatchDeviceIoControl+3e

BUCKET_ID: 0x50_portcls!DispatchDeviceIoControl+3e

Followup: MachineOwner
---------
Click to expand...

So kindly post the complete results.

Note: You need to click on !analyze -v to have details of analysis.
 
ok... again I've followed these steps as best I'm able, and still coming up with issues... I figure now would be a good time to remind you how much I really appreciate you trying to walk me thru this mess.

presently I'm getting an error that the debugger can't find the symbols

"Module load completed but symbols could not be loaded for Future Pinball.exe"

this is a different, but closely related application that's all from the same dev team / developer, there's three apps actually, they all crash in the same spot everytime. I figured I'd try each one to see if maybe they symbols could be found. my broken logic at work I suppose.

the dev of this app is a friend of mine who I've just written to see if he had any idea of where this, or me, is going wrong. hope to hear from him soon.

meanwhile, here's what I'm coming up with now.

btw, my symbol path is not the default one I know, but where they've been stored on my local drive.

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\00pontiac\AppData\Local\Temp\Future Pinball.DMP]
User Mini Dump File with Full Memory: Only application data is available

Symbol search path is: srv*c:\windows\symbols *http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Version 6002 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS Personal
Machine Name:
Debug session time: Tue Jul 19 14:56:00.000 2011 (UTC - 7:00)
System Uptime: 4 days 23:16:39.877
Process Uptime: 0 days 0:04:17.000
................................................................
....................
eax=00000000 ebx=00000002 ecx=00000400 edx=00000000 esi=00000000 edi=00000000
eip=77855ca4 esp=0012e700 ebp=0012e79c iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200246
ntdll!KiFastSystemCallRet:
77855ca4 c3 ret
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** ERROR: Module load completed but symbols could not be loaded for Future Pinball.exe
*** WARNING: Unable to verify checksum for fmod.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for fmod.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for nvoglv32.dll -

FAULTING_IP:
Future_Pinball+79983
00479983 8b10 mov edx,dword ptr [eax]

EXCEPTION_RECORD: 0012e9f4 -- (.exr 0x12e9f4)
ExceptionAddress: 00479983 (Future_Pinball+0x00079983)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000

FAULTING_THREAD: 00001994

DEFAULT_BUCKET_ID: NULL_POINTER_READ

PROCESS_NAME: Future Pinball.exe

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.

EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

MOD_LIST: <ANALYSIS/>

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

CONTEXT: 0012ea10 -- (.cxr 0x12ea10)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=4c025030 edi=4c137204
eip=00479983 esp=0012ecdc ebp=4ffd8c20 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
Future_Pinball+0x79983:
00479983 8b10 mov edx,dword ptr [eax] ds:0023:00000000=????????
Resetting default scope

READ_ADDRESS: 00000000

FOLLOWUP_IP:
Future_Pinball+79983
00479983 8b10 mov edx,dword ptr [eax]

PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ

BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ_LOADER_INIT_FAILURE_c0000034_LOADER_INIT_FAILURE_c0000034

LAST_CONTROL_TRANSFER: from 0045b3da to 00479983

STACK_TEXT:
0012ecdc 00479983 future_pinball+0x79983
0012ed1c 0045b3da future_pinball+0x5b3da


STACK_COMMAND: .cxr 0012EA10 ; kb ; dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; dds 12ecdc ; kb

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: future_pinball+79983

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: Future_Pinball

IMAGE_NAME: Future Pinball.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4d1d68d3

FAILURE_BUCKET_ID: NULL_POINTER_READ_80000003_Future_Pinball.exe!Unknown

BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_LOADER_INIT_FAILURE_c0000034_LOADER_INIT_FAILURE_c0000034_future_pinball+79983

Followup: MachineOwner
---------

0:000> .exr 0x12e9f4
ExceptionAddress: 00479983 (Future_Pinball+0x00079983)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
0:000> lmvm Future_Pinball
start end module name
00400000 01f3f000 Future_Pinball (no symbols)
Loaded symbol image file: Future Pinball.exe
Image path: G:\Pinball\future pinball\Future Pinball.exe
Image name: Future Pinball.exe
Timestamp: Thu Dec 30 21:23:31 2010 (4D1D68D3)
CheckSum: 01B46D22
ImageSize: 01B3F000
File version: 1.9.2008.1225
Product version: 1.9.2008.1225
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0c09.04b0
CompanyName: BSP Software Design Solutions
ProductName: Future Pinball
InternalName: Future Pinball
OriginalFilename: Future Pinball.exe
ProductVersion: 1, 9, 2008, 1225
FileVersion: 1, 9, 2008, 1225
FileDescription: Future Pinball
LegalCopyright: Copyright 2008
LegalTrademarks: (C) 2008 BSP Software Design Solutions
Comments: 3D Pinball Construction
Click to expand...
 
I know what you mean, but the problem is, if a piece of software is doing something which is causing all these issues, they are in best position to help (hopefully).
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Forget hallucinations, ChatGPT has developed full blown dementia
Replies
17
Views
317
TempleOrion
TempleOrion
Julio Franco
This is how ChatGPT can help get you a new software job
Replies
0
Views
687
Julio Franco
Julio Franco
Bob O'Donnell
I got to play with the Apple Vision Pro and saw the future of computing. Again.
2
Replies
25
Views
2K
RandomWAN
R

Latest posts

Back