Getting dump from BSOD

[abc23023]

Hello everyone,

First of all i would like to apologize for this really simple question, but i've searched for hours with no answer.

After a BSOD, how do i read the "dump" that is produced, to pinpoint the cause of the error?

I'm running vista 64 bit btw.

 

[pat mcgroin]

goto start right click computer|properties|advanced system settings|startup and recovery |settings and uncheck auto restart.
The next BSOD will produce a error msg. that you have time to read.

 

[abc23023]

thanks for the help pat, however, i was looking for the more "complicated" dump. Here's an example i pulled from another website, How do i get this?

READ_ADDRESS: GetPointerFromAddress: unable to read from 825315ac
Unable to read MiSystemVaType memory at 825117e0
00000000

CURRENT_IRQL: 2

FAULTING_IP:
tcpip!IppGetInterfaceScopeZone+1f
9518c534 8b00 mov eax,dword ptr [eax]

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: vsmon.exe

TRAP_FRAME: a3662830 -- (.trap 0xffffffffa3662830)
ErrCode = 00000000
eax=00000000 ebx=87fdd9c0 ecx=000000f0 edx=000000c0 esi=85fe3300 edi=00000000
eip=9518c534 esp=a36628a4 ebp=a36628a4 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
tcpip!IppGetInterfaceScopeZone+0x1f:
9518c534 8b00 mov eax,dword ptr [eax] ds:0023:00000000=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from 9518c534 to 8248fdc4

STACK_TEXT:
a3662830 9518c534 badb0d00 000000c0 951e29c8 nt!KiTrap0E+0x2ac
a36628a4 9517dc93 85fe3300 0000000e 85fe3348 tcpip!IppGetInterfaceScopeZone+0x1f
a36628c0 9517e02a 87fdd9c0 a3662a24 e0000001 tcpip!IppRouteToDestination+0x56
a3662908 95197000 951e29c8 85fe3300 951e29c8 tcpip!IppJoinPath+0x9c
a3662a64 951c032f 00000000 00000007 951e29c8 tcpip!IppSendDatagramsCommon+0x26c
a3662afc 94a11e9d 00000000 00000007 88b7b620 tcpip!IppInspectInjectTlSend+0xd7
a3662b58 953ccb78 88844798 00000000 0000088c fwpkclnt!FwpsInjectTransportSendAsync0+0x220
WARNING: Stack unwind information not available. Following frames may be wrong.
a3662ba8 953c9ba6 8823a678 8571d980 8571d984 vsdatant+0x29b78
a3662bbc 953cffa0 04bfed10 00000001 8571d980 vsdatant+0x26ba6
a3662be0 953d036a 887b7c98 00000001 04bfed10 vsdatant+0x2cfa0
a3662c18 953cf235 88139948 8571d968 88139948 vsdatant+0x2d36a
a3662c2c 82427f9b 88139948 8571d968 8571d968 vsdatant+0x2c235
a3662c44 82588f55 887b7c98 8571d968 8571d9d8 nt!IofCallDriver+0x63
a3662c64 82589f15 88139948 887b7c98 04bfed00 nt!IopSynchronousServiceTail+0x1e0
a3662d00 8258ee7d 88139948 8571d968 00000000 nt!IopXxxControlFile+0x6b7
a3662d34 8248caea 000003c0 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a3662d34 773a0f34 000003c0 00000000 00000000 nt!KiFastCallEntry+0x12a
04bfeca4 00000000 00000000 00000000 00000000 0x773a0f34


STACK_COMMAND: kb

FOLLOWUP_IP:
fwpkclnt!FwpsInjectTransportSendAsync0+220
94a11e9d ff75f4 push dword ptr [ebp-0Ch]

SYMBOL_STACK_INDEX: 6

SYMBOL_NAME: fwpkclnt!FwpsInjectTransportSendAsync0+220

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fwpkclnt

IMAGE_NAME: fwpkclnt.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b2f6

FAILURE_BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

BUCKET_ID: 0xD1_fwpkclnt!FwpsInjectTransportSendAsync0+220

Followup: MachineOwner

 

[pat mcgroin]

where it lists process name vsmon is a zone alarm file.
Try turning that off for a while and see if it happens again.
ZA could need a upgrade.

 

[abc23023]

Here's an example i pulled from another website

sorry pat, but that log is what i WANT to read, the one i put was merely an example one pulled off of another website.

How do i read mine?

-thanks for the help

 

[dmroeder]

I believe you need this from MS. Once you have installed it, then you must find memory.dmp (in the WINDOWS folder). There are also dmp files in /windows/minidump