Reading those minidumps

Status
Not open for further replies.
H

Hatrick

Posts: 90   +0
Hi, I'm new, so if I ask stupid questions or offend protocols, please speak up.

Having far too many 'system error, category 102, event 1003) happenings in WniXP(Home), I decided to try to have a first ever look at the minidump files.

Following the instructions in the Microsoft support document, I downloaded the Windows debugging tools, copied i386 from the CD to Windows, moved the minidump files to the suggested location, cut and pasted the batch file into the correct folder and connected to the net before running the batch file.

This is what I got:-

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\minidump\mini112506-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\i386
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Sat Nov 25 12:33:22.656 2006 (GMT+0)
System Uptime: 0 days 1:36:12.218
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Loading Kernel Symbols
........................................................................................................................................
Loading User Symbols
Loading unloaded module list
............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, e30e0000, f016b72c, 0}

ANALYSIS: Kernel with unknown size. Will force reload symbols with known size.
ANALYSIS: Force reload command: .reload /f ntoskrnl.exe=FFFFFFFF804D7000,213F80,42250FF9
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Probably caused by : win32k.sys ( win32k!HmgRemoveObject+a0 )

Followup: MachineOwner
---------

It appears that, despite the net connection, the debugger was unable to connect with the symbols files. Is it possible that this is because Firefox is my default browser? Surely Microsoft is not that small minded.
Can anyone explain the significance of the 'Probably caused by : win32k.sys' comment in the penultimate line? Should I just run sfc /scannow, or is it something deeper than that?

Think carefully before offering help because, if I get to see the contents of the files, I will almost certainly be back to ask what it all means. <BG>
 
Hatrick said:
Hi, I'm new, so if I ask stupid questions or offend protocols, please speak up.Think carefully before offering help because, if I get to see the contents of the files, I will almost certainly be back to ask what it all means. <BG>
Click to expand...


Hi Hatrick and welcome to the TS forum

You cant offend us were to old for that so dont worry as for reading minidumps, congrats on taking the initiative and actually doing something about your problem, most just come in and take and never give back.

I started reading minidumps a while back, I had trouble using the online symbols so I downloaded them to my hard drive, its a very big file so you need lots of room. Once downloaded just tell MSdebugger the path to the symbols in the setup options.

Once you have that sorted, here's a hint, open up the help file and use the search option on the error code, most are in the format 0X0xxx where x is a number or letter, the help file will list the faults associated with the code and will point you in the right direction, Google is also a good place to look up the error codes, you will find that the errors are listed frequently on Google and may have more than one reason for them, search through until you find a webpage that refers specifically to the problem you are having.

SO do a google on win32k.sys and read the threads as a starter and go from there, i'm in here most nights or feel free to PM me and help where I can...


Regards
 
I cannot read minidumps as well. But i would like to know how to save and link my minidumps to my post so others can read them. Can someone plz tell me how to do this?
 
Open up My computer and then navigate to:
C:\Windows\Minidump

If this folder doesn't exist, or there's nothing in there, it would mean on of three things:
1: You don't have any errors or recent BSODs/restarts lately
2: Your Windows folder is somewhere else, which case look for it, or type in %systemroot%\minidump in the Start>Run box.
3: Its not enabled on your PC. To fix:
>>Right click My computer icon on the desktop then Properties>Advanced Tab>[Startup and Recovery] Settings
-Uncheck Auto restart
-[Writing Debugging information] Select Complete memory dump from the drop down box
 
Ididmyc600 said:
Hi Hatrick and welcome to the TS forum

>> congrats on taking the initiative and actually doing something about your problem, most just come in and take and never give back.

And I thought only we Brits said 'congrats' - or we did in the forties when I was a teenager.

>> I had trouble using the online symbols so I downloaded them to my hard drive.

I found this excellent article at :- http://www.networkworld.com/news/2005/041105-windows-crash.html
There is some good basic information in it, to add to what you've told me later in your post, - including how to avoid dumping 700MB of files on your hard disk - and that, combined with the doc on mindumps from MS has helped me to read them and start the long road to understanding.

Thanks for the help offer. I might need to take you up on it.

All the best.
Click to expand...
 
Hatrick said:
And I thought only we Brits said 'congrats' - or we did in the forties when I was a teenager.

>> I had trouble using the online symbols so I downloaded them to my hard drive.

I found this excellent article at :- http://www.networkworld.com/news/2005/041105-windows-crash.html
There is some good basic information in it, to add to what you've told me later in your post, - including how to avoid dumping 700MB of files on your hard disk - and that, combined with the doc on mindumps from MS has helped me to read them and start the long road to understanding.

Thanks for the help offer. I might need to take you up on it.

All the best.
Click to expand...


I am a Brit, born and bred, congrats is coz im to lazy to type congrat.... see even now I cant be bothered,
As for the other part of your post sorry I forgot to mention those things, by default most times its set to dump a 64k file, not the full 700mb, if it does that it cant be read my windebug,

If you get good at reading them then come here on the evenings when your free, there is always lots of bluescreen\minidump posts to be read and answered..

Cheers

tjyaz27

As to how to attach a file to your post, when you post a message there is a little paperclip just above where you type, its next to the smiley face, click it and the rest is self explanatory.

Regards
 
K im going to send you the minidumps

Ok thanks. Recently I have been getting a blue screen when trying to download the patch for the game World of Warcraft. it says DRIVER_IRQS_NOT_LESS_OR_EQUAL. I meet all the requirements for this game and I even bought a new graphics card. World of Warcraft is the only game I have this issue with. Here are my minidumps plz try and figure out what is wrong.

This one didnt fit in.

Thanks in advance
 

Attachments

  • Mini112606-02.zip
    19.7 KB · Views: 5
Hi,

The system is crashed without any pattern. I believe that the culprit is faulty ram as hardware error occurs randomly. Run memtest to stress test the ram.

Mini102006-01.dmp BugCheck 100000D1, {bb33120, 2, 1, 85abb009}
Probably caused by : ntkrpamp.exe ( nt!IoStartPacket+8d )

Mini111506-01.dmp BugCheck 100000D1, {c, 2, 0, aa021ccf}
Probably caused by : MpFirewall.sys ( MpFirewall+2ccf )

Mini112606-01.dmp BugCheck 100000D0, {80000, 2, 1, 80547ed8}
Probably caused by : wg111v2.sys ( wg111v2+5c60 )

Mini112606-02.dmp BugCheck 100000D1, {7dcb8f00, 2, 1, 86248877}
Probably caused by : ntkrpamp.exe ( nt!IoStartPacket+8d )

Mini112606-03.dmp BugCheck 100000D1, {ac2028, 2, 0, f48fd76f}
Probably caused by : afd.sys ( afd!AfdGetReceiveBuffer+4f )
 
greenflash said:
and if you are analyzing dumps on a local machine you shouldnt install Daemon Tools on that pc:)
Click to expand...


Why?
I have that and Alcohol on mine and I have no problems as far as I can see...


Regards
 
New Error

Ok I got a few new errors (my ram is ok). I bought a new graphics card and now when I get in the game it has a blue screen and a new error:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

0x000000D1 (0x00001028, 0x00000002, 0x00000000, 0xF6F1S1E7)

USBPORT.SYS- ADDRESS F6F1SIE7 base at F6F0D000, Datestamp 435ec23d


I think this error might be caused by my netgear router. I have NETGEAR WG111v2. It has a 54mbps. Here are my minidumps.
 

Attachments

  • Mini120906-01.zip
    30.1 KB · Views: 5
all your minidumps were corrupted (driver list not recorded on there)

It faulted on a driver issue. > DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

Suggestion:
-update all your drivers, including motherboard chipset drivers.

USBPORT.sys relates to your USB drivers. Maybe take out all extra USB devices (including hubs) and see if its stable. If it is, put one device at a time until you find your culprit.

Attatched is the debug logs.
 
Status
Not open for further replies.

Similar threads

A
VMware exploited 34 vulnerable device drivers to gain full control of Windows 11
Replies
3
Views
361
OortCloud
O
Cal Jeffrey
Microsoft had a "Cart of Death" to intentionally crash and debug early Windows USB infrastructure
Replies
2
Views
361
peacecloud
P
N
'Terminator' tool uses vulnerable Windows driver to kill almost any security software
Replies
3
Views
689
hwertz
hwertz

Latest posts

Back