Page 1 of 1

Trouble shooting stop errors and the memory dump Or: OMG WTF ANOTHER BSOD Rate Topic: ***** 1 Votes

#1 Thorian   User is offline

  • Pirate Medic
  • member icon

Reputation: 22
  • View blog
  • Posts: 5,904
  • Joined: 06-June 02

Post icon  Posted 04 August 2006 - 07:36 AM

Trouble shooting stop Errors and the memory dump
Or so you have a BSOD and you don’t know why

To determine what happened first you will need to ensure that the computer did make a physical memory dump file.

Go to “C:\WINNT\” or “C:\WINDOWS” and look for a folder called MINIDUMP or a file called MEMORY.DMP

The files you will need to analyze will be one of those

To actually analyze the file you will need to use a toolkit. And no I’m not talking about a sledgehammer and crowbar. I am referring to the Debugging Tools for Windows Available here http://www.microsoft...installx86.mspx

After you have downloaded and installed the toolkit you will be ready to get into the nuts and bolts about figuring out what the hell is going on.

Click Start>Programs>Debugging Tools for Windows>WinDbg

You will be presented with a program that looks kind of like notepad.

Next we need to set a variable to fully decode the memory dump file.


Click on File, Symbol File Path and paste this string in the box

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Click ok and then save the workspace (so you don’t have to enter that string every time once again it would be nice for Microsoft to actually be proactive.

To open the memory dump and look at it you will need to click on File > Open Crash Dump. And browse to the path where you found your memory dump earlier.

Double click on the dump file you want to analyze and go get a cup of Coffee, as this will take a few minutes.

You will get a dump file that resembles the below when you get back

Quote

Microsoft ® Windows Debugger Version 6.6.0007.5
Copyright © Microsoft Corporation. All rights reserved.



Loading Dump File [C:\WINDOWS\Minidump\Mini073106-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.050301-1521
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Mon Jul 31 15:36:14.473 2006 (GMT-5)
System Uptime: 12 days 6:16:42.797
Loading Kernel Symbols
.............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf87b02d, f709d8a0, 0}

Probably caused by : win32k.sys ( win32k!RawInputRequestedForMouse+1c )

Followup: MachineOwner
---------


Now to decipher the dump report

Under the Bug Check {} those are the stop codes googling those particular codes will give you information that may or may not be benificial to your troubleshooting

And looking up the Probably Caused By: will give you an ides on where to start troubleshooting

Luckily for me when my PC did this it was right after I just installed a mouse and was able to get a patch to fix the mouse driver that was crashing my kernel (testing a USB laser mouse instead of my PS2 Optical)

I hope you have found this little write up enlightening as it was for me to write it.

Carl

Is This A Good Question/Topic? 0
  • +

Replies To: Trouble shooting stop errors and the memory dump

#2 MarkoDaGeek   User is offline

  • Dirty Technophile
  • member icon

Reputation: 14
  • View blog
  • Posts: 11,158
  • Joined: 13-October 01

Posted 06 August 2006 - 08:53 PM

Nice, the perfect First Responce to the pesky BSOD.

Great Tutorial.
Was This Post Helpful? 0
  • +
  • -

#3 Thorian   User is offline

  • Pirate Medic
  • member icon

Reputation: 22
  • View blog
  • Posts: 5,904
  • Joined: 06-June 02

Posted 11 August 2006 - 09:30 AM

Oh I just got the September 2006 Maximum PC sitting on my desk apparently they and they have an article that would be a good mate with this tutorial.

it goes in to specific trouble shooting beyond the device driver level that I touched upon here.

Pages 42-50

I hit the photo copier and made a copy for the other techs I work with.
Was This Post Helpful? 0
  • +
  • -

#4 c0nceal   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 12-January 07

Posted 13 January 2007 - 02:50 PM

I did all of the steps but when I try to analyze the memory dump file it says that the "debugee is not connected" Any more ideas?
Was This Post Helpful? 0
  • +
  • -

#5 Thorian   User is offline

  • Pirate Medic
  • member icon

Reputation: 22
  • View blog
  • Posts: 5,904
  • Joined: 06-June 02

Posted 15 January 2007 - 10:37 AM

View Postc0nceal, on 13 Jan, 2007 - 03:50 PM, said:

I did all of the steps but when I try to analyze the memory dump file it says that the "debugee is not connected" Any more ideas?



Attach the minidump file here and Ill take a look when I have time.
Was This Post Helpful? 0
  • +
  • -

#6 Thorian   User is offline

  • Pirate Medic
  • member icon

Reputation: 22
  • View blog
  • Posts: 5,904
  • Joined: 06-June 02

Posted 06 March 2007 - 10:32 AM

After going through a bunch of Minidump files this week that disconnected to debugee is normal you just need to wait a while as the program decodes the dump.

The computer you are using to analyze the dump needs to have a internet connection as it downloads the symbols as needed on the fly.
Was This Post Helpful? 0
  • +
  • -

#7 pkiss   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 21-May 07

Posted 21 May 2007 - 10:48 PM

I wanted to try these steps because when I try to start my computer I get the blue screen with the physical memory dump message. However, windows 2000 won't open, so I have to go in through "safe mode". When I tried downloading the debugger program windows won't let me because I'm in safe mode. Any other suggestion?

Thanks





View PostThorian, on 4 Aug, 2006 - 07:36 AM, said:

Trouble shooting stop Errors and the memory dump
Or so you have a BSOD and you don’t know why

To determine what happened first you will need to ensure that the computer did make a physical memory dump file.

Go to “C:\WINNT\” or “C:\WINDOWS” and look for a folder called MINIDUMP or a file called MEMORY.DMP

The files you will need to analyze will be one of those

To actually analyze the file you will need to use a toolkit. And no I’m not talking about a sledgehammer and crowbar. I am referring to the Debugging Tools for Windows Available here http://www.microsoft...installx86.mspx

After you have downloaded and installed the toolkit you will be ready to get into the nuts and bolts about figuring out what the hell is going on.

Click Start>Programs>Debugging Tools for Windows>WinDbg

You will be presented with a program that looks kind of like notepad.

Next we need to set a variable to fully decode the memory dump file.


Click on File, Symbol File Path and paste this string in the box

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Click ok and then save the workspace (so you don’t have to enter that string every time once again it would be nice for Microsoft to actually be proactive.

To open the memory dump and look at it you will need to click on File > Open Crash Dump. And browse to the path where you found your memory dump earlier.

Double click on the dump file you want to analyze and go get a cup of Coffee, as this will take a few minutes.

You will get a dump file that resembles the below when you get back

Quote

Microsoft ® Windows Debugger Version 6.6.0007.5
Copyright © Microsoft Corporation. All rights reserved.



Loading Dump File [C:\WINDOWS\Minidump\Mini073106-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.050301-1521
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Mon Jul 31 15:36:14.473 2006 (GMT-5)
System Uptime: 12 days 6:16:42.797
Loading Kernel Symbols
.............................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf87b02d, f709d8a0, 0}

Probably caused by : win32k.sys ( win32k!RawInputRequestedForMouse+1c )

Followup: MachineOwner
---------


Now to decipher the dump report

Under the Bug Check {} those are the stop codes googling those particular codes will give you information that may or may not be benificial to your troubleshooting

And looking up the Probably Caused By: will give you an ides on where to start troubleshooting

Luckily for me when my PC did this it was right after I just installed a mouse and was able to get a patch to fix the mouse driver that was crashing my kernel (testing a USB laser mouse instead of my PS2 Optical)

I hope you have found this little write up enlightening as it was for me to write it.

Carl

Was This Post Helpful? 0
  • +
  • -
Page 1 of 1