1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Windows XP BSOD -- How do I read the DMP file?

By pizzaboy
Apr 12, 2006
  1. Howdy,

    Windows XP SP2 gave me a BSOD today when I was logging in after a fresh reboot... I've tried to track the cause down and have hit a brick-wall due to my lack of knowledge of Windows Debugging.

    Any help you could offer would be greatly appreciated!

    The BSOD error message is:


    Microsoft's Error reporting wizard gave the following info:

    BCCode : 100000d1
    BCP1 : 000000ED
    BCP2 : 00000002
    BCP3 : 00000000
    BCP4 : 000000ED
    OSVer : 5_1_2600
    SP : 2_0
    Product : 768_1

    A google search turned up the fact that this is probably related to an "out of date" driver... One that's not compatible with XP. So now I'm trying to figure out which driver has caused this BSOD.

    Since the crash generated a memory dump, I took the mini-dump file that it generated and analyzed it with MS's DUMPCHK.exe and here are the results:

    ----- 32 bit Kernel Mini Dump Analysis

    MajorVersion 0000000f
    MinorVersion 00000a28
    DirectoryTableBase 00039000
    PfnDataBase 81051000
    PsLoadedModuleList 8055a420
    PsActiveProcessHead 805604d8
    MachineImageType 0000014c
    NumberProcessors 00000001
    BugCheckCode 100000d1
    BugCheckParameter1 000000ed
    BugCheckParameter2 00000002
    BugCheckParameter3 00000000
    BugCheckParameter4 000000ed
    PaeEnabled 00000000
    KdDebuggerDataBlock 8054c060
    MiniDumpFields 00000dff

    ServicePackBuild 00000200
    SizeOfDump 00010000
    ValidOffset 0000fffc
    ContextOffset 00000320
    ExceptionOffset 000007d0
    MmOffset 00001068
    UnloadedDriversOffset 000010a0
    PrcbOffset 00001878
    ProcessOffset 000024c8
    ThreadOffset 00002728
    CallStackOffset 00002980
    SizeOfCallStack 000005e0
    DriverListOffset 000031f0
    DriverCount 0000009d
    StringPoolOffset 00006090
    StringPoolSize 000015e0
    BrokenDriverOffset 00000000
    TriageOptions 00000041
    TopOfStack f899ca20
    DebuggerDataOffset 00002f60
    DebuggerDataSize 00000290
    DataBlocksOffset 00007670
    DataBlocksCount 00000002

    Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
    Debug session time: Wed Apr 12 11:44:55 2006
    System Uptime: 0 days 0:00:39
    start end module name
    804d7000 806eb100 nt Checksum: 002198AF Timestamp: Tue Mar 01 17:59:37 2005 (42250FF9)

    Unloaded modules:
    a9e3d000 a9e4d000 Serial.SYS Timestamp: unavailable (00000000)
    f89f1000 f89f5000 kbdhid.sys Timestamp: unavailable (00000000)
    f88f1000 f88f6000 Cdaudio.SYS Timestamp: unavailable (00000000)
    f89ed000 f89f0000 Sfloppy.SYS Timestamp: unavailable (00000000)
    f88e9000 f88ee000 Flpydisk.SYS Timestamp: unavailable (00000000)
    f88e1000 f88e8000 Fdc.SYS Timestamp: unavailable (00000000)

    Finished dump check

    The problem is I don't know what any of this means.

    Two questions:

    1. Does this information give any clue as to the cause of my crash?
    2. What command line options should I be running with DUMPCHK.exe to get the proper results. The following command line options are available:

    DUMPCHK [options] <CrashDumpFile>

    -? Displays the command syntax.
    -p Prints the header only (with no validation).
    -v Specifies verbose mode.
    -q Performs a quick test. Not available in Windows XP.
    -c Does dump validation.
    -x Does extra file validation; takes several minutes.
    -e Does dump exam.
    -y <Path> Sets the symbol search path for a dump exam.
    If the symbol search path is empty, the CD-ROM
    is used for symbols.
    -b <Path> Sets the image search path for a dump exam.
    If the symbol search path is empty, %SystemRoot%\System32
    is used for symbols.
    -k <File> Sets the name of the kernel to File.
    -h <File> Sets the name of the HAL to File.

    So... any help anyone could offer on this would be most appreciated.

    I'm not a technophobe and I guess it's time I start to learn about this stuff.

    Thanks in advance...!
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You`d be better off using the winDbg programme, it is part of the Windows debugging tools.

    Look at this short tutorial on how to read minidumpsHERE.

    You might want to go HERE and follow the instructions.

    Regards Howard :wave: :wave:
  3. solomonw

    solomonw TS Rookie

    windows server 2003 v64 bit dump file

    how can I analyzy a dump file. Log file attached.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...