How to debug a memory dump ?

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I had a blue screen with the error : DRIVER_IRQL_NOT_LESS_OR_EQUAL .
On the Microsoft knowledge base, there are different articles and I don't
which one is the right one.
So I saw the article 314084 (
http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee ) which
explains how to gather information after a memory dump in Windows XP. It says
that using dumpchk.exe , one can get a value for ExceptionAddress. The
problem is that when I use dumpchk.exe, I don't see any field called
ExceptionAddress.
Probably dumpchk.exe has been updated for Service Pack 2 and the Microsoft
article doesn't apply to SP 2.
I would liek to identify the driver that caused the exception.
Can you help ?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Jacques,
What's the rest of the DRIVER_IRQL_NOT_LESS_OR_EQUAL error message?
Best,
Treeman


--
Treeman


------------------------------------------------------------------------
Treeman's Profile: http://www.msusenet.com/member.php?userid=1260
View this thread: http://www.msusenet.com/t-1870935261

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

I don't know because it appeared 1 second.
The dump file is :

Loading dump file Mini072705-01.dmp
----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 00039000
PfnDataBase 81d53000
PsLoadedModuleList 8055a420
PsActiveProcessHead 805604d8
MachineImageType 0000014c
NumberProcessors 00000001
BugCheckCode 100000d1
BugCheckParameter1 f6775328
BugCheckParameter2 00000002
BugCheckParameter3 00000000
BugCheckParameter4 f6775328
PaeEnabled 00000000
KdDebuggerDataBlock 8054c060
MiniDumpFields 00000dff

TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 000005a0
DriverListOffset 000031b0
DriverCount 00000095
StringPoolOffset 00005df0
StringPoolSize 000014d0
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack 8054fee0
DebuggerDataOffset 00002f20
DebuggerDataSize 00000290
DataBlocksOffset 000072c0
DataBlocksCount 00000003


Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed Jul 27 12:13:39 2005
System Uptime: 0 days 1:21:09
start end module name
804d7000 806eb100 nt Checksum: 002198AF Timestamp: Wed Mar 02
01:
59:37 2005 (42250FF9)

Unloaded modules:
f054d000 f0577000 kmixer.sys Timestamp: unavailable (00000000)
f054d000 f0577000 kmixer.sys Timestamp: unavailable (00000000)
f7e47000 f7e48000 drmkaud.sys Timestamp: unavailable (00000000)
f11fe000 f1228000 kmixer.sys Timestamp: unavailable (00000000)
f14fe000 f150b000 DMusic.sys Timestamp: unavailable (00000000)
f150e000 f151c000 swmidi.sys Timestamp: unavailable (00000000)
f12c8000 f12eb000 aec.sys Timestamp: unavailable (00000000)
f7d90000 f7d92000 splitter.sys Timestamp: unavailable (00000000)
f7f11000 f7f12000 SiSPort.sys Timestamp: unavailable (00000000)
f10be000 f10ce000 Serial.SYS Timestamp: unavailable (00000000)
f78a8000 f78b1000 processr.sys Timestamp: unavailable (00000000)
f7bf0000 f7bf5000 Cdaudio.SYS Timestamp: unavailable (00000000)
f7be8000 f7bed000 Flpydisk.SYS Timestamp: unavailable (00000000)
f7be0000 f7be7000 Fdc.SYS Timestamp: unavailable (00000000)

Finished dump check


"Treeman" wrote:

>
> Jacques,
> What's the rest of the DRIVER_IRQL_NOT_LESS_OR_EQUAL error message?
> Best,
> Treeman
>
>
> --
> Treeman
>
>
> ------------------------------------------------------------------------
> Treeman's Profile: http://www.msusenet.com/member.php?userid=1260
> View this thread: http://www.msusenet.com/t-1870935261
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=DRIVER_IRQL_NOT_LESS_OR_EQUAL&x=13&y=13

Look in the Event Viewer.

Event ID & the Event Source are very important.

To open the Event Viewer...
Start | Run | Type: eventvwr | Clcik OK

For any Events that seem related to the problem...

Double click the event in Event Viewer | Click: the button below the second
arrow (looks like two pages) [[Copies the details of the event to the
Clipboard.]] | Paste into Notepad | Click:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge
Base articles | Follow any links that might be useful

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308427

Event Viewer overview
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/event_overview_01.mspx

This can also be very useful.
You need to have the Event ID & the Event Source.

To view Windows XP Events and Errors, type the Source (for example, Print)
and/or the Event code (for example, 20) into the ID field, then click the Go
button. Source and Event codes may be found in the Event Viewer logs.

Windows XP Home/Professional Events and Errors
http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20XP%20Professional&ProdName=Windows%20Operating%20System&MajorMinor=5.1&LCID=1033

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:5C9674D5-351B-4B83-BE62-D62DAB41D6B0@microsoft.com,
Jacques <Jacques@discussions.microsoft.com> hunted and pecked:
> I had a blue screen with the error : DRIVER_IRQL_NOT_LESS_OR_EQUAL .
> On the Microsoft knowledge base, there are different articles and I don't
> which one is the right one.
> So I saw the article 314084 (
> http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee )
> which explains how to gather information after a memory dump in Windows
> XP. It says that using dumpchk.exe , one can get a value for
> ExceptionAddress. The problem is that when I use dumpchk.exe, I don't see
> any field called ExceptionAddress.
> Probably dumpchk.exe has been updated for Service Pack 2 and the Microsoft
> article doesn't apply to SP 2.
> I would liek to identify the driver that caused the exception.
> Can you help ?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

The event is shown below but it's not helpful :

Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 7/27/2005
Time: 12:14:56 PM
User: N/A
Computer: COMPAQ-VDHFEUVA
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1
(0xf6775328, 0x00000002, 0x00000000, 0xf6775328). A dump was saved in:
C:\WINDOWS\Minidump\Mini072705-01.dmp.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



"Wesley Vogel" wrote:

> http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=DRIVER_IRQL_NOT_LESS_OR_EQUAL&x=13&y=13
>
> Look in the Event Viewer.
>
> Event ID & the Event Source are very important.
>
> To open the Event Viewer...
> Start | Run | Type: eventvwr | Clcik OK
>
> For any Events that seem related to the problem...
>
> Double click the event in Event Viewer | Click: the button below the second
> arrow (looks like two pages) [[Copies the details of the event to the
> Clipboard.]] | Paste into Notepad | Click:
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge
> Base articles | Follow any links that might be useful
>
> HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
> http://support.microsoft.com/default.aspx?scid=kb;en-us;308427
>
> Event Viewer overview
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/event_overview_01.mspx
>
> This can also be very useful.
> You need to have the Event ID & the Event Source.
>
> To view Windows XP Events and Errors, type the Source (for example, Print)
> and/or the Event code (for example, 20) into the ID field, then click the Go
> button. Source and Event codes may be found in the Event Viewer logs.
>
> Windows XP Home/Professional Events and Errors
> http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20XP%20Professional&ProdName=Windows%20Operating%20System&MajorMinor=5.1&LCID=1033
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:5C9674D5-351B-4B83-BE62-D62DAB41D6B0@microsoft.com,
> Jacques <Jacques@discussions.microsoft.com> hunted and pecked:
> > I had a blue screen with the error : DRIVER_IRQL_NOT_LESS_OR_EQUAL .
> > On the Microsoft knowledge base, there are different articles and I don't
> > which one is the right one.
> > So I saw the article 314084 (
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee )
> > which explains how to gather information after a memory dump in Windows
> > XP. It says that using dumpchk.exe , one can get a value for
> > ExceptionAddress. The problem is that when I use dumpchk.exe, I don't see
> > any field called ExceptionAddress.
> > Probably dumpchk.exe has been updated for Service Pack 2 and the Microsoft
> > article doesn't apply to SP 2.
> > I would liek to identify the driver that caused the exception.
> > Can you help ?
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Oops. Just found this in my drafs folder. I thought I sent it.

Was there an error in the Event Viewer in Application or System around the
time that you see the Save Dump? I.e. Date: 7/27/2005 Time: 12:14:56 PM

DRIVER_IRQL_NOT_LESS_OR_EQUAL brings up a lot of hits.
http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=DRIVER_IRQL_NOT_LESS_OR_EQUAL+&x=15&y=11

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:944C4C43-3FDC-41CF-99FB-EA679E6BA201@microsoft.com,
Jacques <Jacques@discussions.microsoft.com> hunted and pecked:
> The event is shown below but it's not helpful :
>
> Event Type: Information
> Event Source: Save Dump
> Event Category: None
> Event ID: 1001
> Date: 7/27/2005
> Time: 12:14:56 PM
> User: N/A
> Computer: COMPAQ-VDHFEUVA
> Description:
> The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1
> (0xf6775328, 0x00000002, 0x00000000, 0xf6775328). A dump was saved in:
> C:\WINDOWS\Minidump\Mini072705-01.dmp.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
> "Wesley Vogel" wrote:
>
>>
http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=DRIVER_IRQL_NOT_LESS_OR_EQUAL&x=13&y=13
>>
>> Look in the Event Viewer.
>>
>> Event ID & the Event Source are very important.
>>
>> To open the Event Viewer...
>> Start | Run | Type: eventvwr | Clcik OK
>>
>> For any Events that seem related to the problem...
>>
>> Double click the event in Event Viewer | Click: the button below the
>> second arrow (looks like two pages) [[Copies the details of the event to
>> the Clipboard.]] | Paste into Notepad | Click:
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> Read all info | Copy and paste to Notepad | Click the [+] Related
>> Knowledge Base articles | Follow any links that might be useful
>>
>> HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;308427
>>
>> Event Viewer overview
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/event_overview_01.mspx
>>
>> This can also be very useful.
>> You need to have the Event ID & the Event Source.
>>
>> To view Windows XP Events and Errors, type the Source (for example,
>> Print) and/or the Event code (for example, 20) into the ID field, then
>> click the Go button. Source and Event codes may be found in the Event
>> Viewer logs.
>>
>> Windows XP Home/Professional Events and Errors
>>
http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20XP%20Professional&ProdName=Windows%20Operating%20System&MajorMinor=5.1&LCID=1033
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:5C9674D5-351B-4B83-BE62-D62DAB41D6B0@microsoft.com,
>> Jacques <Jacques@discussions.microsoft.com> hunted and pecked:
>>> I had a blue screen with the error : DRIVER_IRQL_NOT_LESS_OR_EQUAL .
>>> On the Microsoft knowledge base, there are different articles and I
>>> don't which one is the right one.
>>> So I saw the article 314084 (
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee )
>>> which explains how to gather information after a memory dump in Windows
>>> XP. It says that using dumpchk.exe , one can get a value for
>>> ExceptionAddress. The problem is that when I use dumpchk.exe, I don't
>>> see any field called ExceptionAddress.
>>> Probably dumpchk.exe has been updated for Service Pack 2 and the
>>> Microsoft article doesn't apply to SP 2.
>>> I would liek to identify the driver that caused the exception.
>>> Can you help ?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

As I said in my first post, I knew there was all these articles. But to know
which one to use, I need to identify the driver that caused the exception.
For that, I followed the article 314084 but I don't have the field
ExceptionAddress , as I shown in my second post. Does anyone know how to
debug a memory dump in Windows XP SP2 ?

"Wesley Vogel" wrote:

> Oops. Just found this in my drafs folder. I thought I sent it.
>
> Was there an error in the Event Viewer in Application or System around the
> time that you see the Save Dump? I.e. Date: 7/27/2005 Time: 12:14:56 PM
>
> DRIVER_IRQL_NOT_LESS_OR_EQUAL brings up a lot of hits.
> http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=DRIVER_IRQL_NOT_LESS_OR_EQUAL+&x=15&y=11
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:944C4C43-3FDC-41CF-99FB-EA679E6BA201@microsoft.com,
> Jacques <Jacques@discussions.microsoft.com> hunted and pecked:
> > The event is shown below but it's not helpful :
> >
> > Event Type: Information
> > Event Source: Save Dump
> > Event Category: None
> > Event ID: 1001
> > Date: 7/27/2005
> > Time: 12:14:56 PM
> > User: N/A
> > Computer: COMPAQ-VDHFEUVA
> > Description:
> > The computer has rebooted from a bugcheck. The bugcheck was: 0x100000d1
> > (0xf6775328, 0x00000002, 0x00000000, 0xf6775328). A dump was saved in:
> > C:\WINDOWS\Minidump\Mini072705-01.dmp.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> >
> >
> > "Wesley Vogel" wrote:
> >
> >>
> http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=DRIVER_IRQL_NOT_LESS_OR_EQUAL&x=13&y=13
> >>
> >> Look in the Event Viewer.
> >>
> >> Event ID & the Event Source are very important.
> >>
> >> To open the Event Viewer...
> >> Start | Run | Type: eventvwr | Clcik OK
> >>
> >> For any Events that seem related to the problem...
> >>
> >> Double click the event in Event Viewer | Click: the button below the
> >> second arrow (looks like two pages) [[Copies the details of the event to
> >> the Clipboard.]] | Paste into Notepad | Click:
> >> For more information, see Help and Support Center at
> >> http://go.microsoft.com/fwlink/events.asp.
> >>
> >> Read all info | Copy and paste to Notepad | Click the [+] Related
> >> Knowledge Base articles | Follow any links that might be useful
> >>
> >> HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;308427
> >>
> >> Event Viewer overview
> >>
> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/event_overview_01.mspx
> >>
> >> This can also be very useful.
> >> You need to have the Event ID & the Event Source.
> >>
> >> To view Windows XP Events and Errors, type the Source (for example,
> >> Print) and/or the Event code (for example, 20) into the ID field, then
> >> click the Go button. Source and Event codes may be found in the Event
> >> Viewer logs.
> >>
> >> Windows XP Home/Professional Events and Errors
> >>
> http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20XP%20Professional&ProdName=Windows%20Operating%20System&MajorMinor=5.1&LCID=1033
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:5C9674D5-351B-4B83-BE62-D62DAB41D6B0@microsoft.com,
> >> Jacques <Jacques@discussions.microsoft.com> hunted and pecked:
> >>> I had a blue screen with the error : DRIVER_IRQL_NOT_LESS_OR_EQUAL .
> >>> On the Microsoft knowledge base, there are different articles and I
> >>> don't which one is the right one.
> >>> So I saw the article 314084 (
> >>> http://support.microsoft.com/default.aspx?scid=kb;en-us;314084&sd=ee )
> >>> which explains how to gather information after a memory dump in Windows
> >>> XP. It says that using dumpchk.exe , one can get a value for
> >>> ExceptionAddress. The problem is that when I use dumpchk.exe, I don't
> >>> see any field called ExceptionAddress.
> >>> Probably dumpchk.exe has been updated for Service Pack 2 and the
> >>> Microsoft article doesn't apply to SP 2.
> >>> I would liek to identify the driver that caused the exception.
> >>> Can you help ?
>
>