How To Receive Help Diagnosing Blue Screens and Windows Crashes Part 2

Discussion in 'Windows OS's' started by Jan Benedict, Dec 18, 2012.

  1. Jan Benedict

    Jan Benedict Geek

    Likes Received:
    10
    Trophy Points:
    18
    6. Next, click on the File menu and select the Open Crash Dump option. When the dialog box opens, click on the Browse button and browse to the location of the memory dump file and then double-click on it to load it into the Debugger. You may be prompted to save the workspace again, but just click on the No button. A window will now open and the dump file text will fill the debugging screen.

    Here's an example of of an analysis report from a Minidump file. If this was a complete or kernel dump, it would be much larger.
    Microsoft ® Windows Debugger Version 6.8.0004.0 AMD64
    Copyright © Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\FUBAR\Desktop\Mini070108-03.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt
    Built by: 2600.xpsp_sp2_gdr.070227-2254
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
    Debug session time: Tue Jul 1 16:28:22.439 2008 (GMT-4)
    System Uptime: 0 days 0:04:00.921
    Loading Kernel Symbols
    ..................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    .........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000008E, {c0000005, 84c64731, f4fecc3c, 0}



    Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

    Followup: MachineOwner
    ---------​
    7. The next step is to click on the !analyze -v link that's highlighted in blue in the report above. This will generate more information, which would look something like this:
    Microsoft ® Windows Debugger Version 6.8.0004.0 AMD64
    Copyright © Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Users\FUBAR\Desktop\Mini070108-03.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt
    Built by: 2600.xpsp_sp2_gdr.070227-2254
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
    Debug session time: Tue Jul 1 16:28:22.439 2008 (GMT-4)
    System Uptime: 0 days 0:04:00.921
    Loading Kernel Symbols
    ..................................................................................................................................................
    Loading User Symbols
    Loading unloaded module list
    .........
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000008E, {c0000005, 84c64731, f4fecc3c, 0}



    Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************


    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003. This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG. This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG. This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 84c64731, The address that the exception occurred at
    Arg3: f4fecc3c, Trap Frame
    Arg4: 00000000

    Debugging Details:
    ------------------




    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    FAULTING_IP:
    +ffffffff84c64731
    84c64731 ?? ???

    TRAP_FRAME: f4fecc3c -- (.trap 0xfffffffff4fecc3c)
    Unable to read trap frame at f4fecc3c

    CUSTOMER_CRASH_COUNT: 3

    DEFAULT_BUCKET_ID: DRIVER_FAULT

    BUGCHECK_STR: 0x8E

    LAST_CONTROL_TRANSFER: from 00000000 to 84c64731

    STACK_TEXT:
    f4feccac 00000000 00000000 01790000 00000000 0x84c64731


    STACK_COMMAND: .trap 0xfffffffff4fecc3c ; kb

    SYMBOL_NAME: ANALYSIS_INCONCLUSIVE

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: Unknown_Module

    IMAGE_NAME: Unknown_Image

    DEBUG_FLR_IMAGE_TIMESTAMP: 0

    FAILURE_BUCKET_ID: 0x8E_ANALYSIS_INCONCLUSIVE

    BUCKET_ID: 0x8E_ANALYSIS_INCONCLUSIVE

    Followup: MachineOwner
    ---------
    8. Once this is done, we want to copy the text of the dump file analysis report. To do this, select the Edit menu item in the Debugging Tools window and then select Copy Window Text to Clipboard. Now, return to Bleeping Computer and paste the information into your next post.

    9. Post at forums to get help.
     

Share This Page