Memory Dump Debugging
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Memory Dump Debugging

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Memory Dump Debugging

    Anyone got any experience debugging Memory dump? I got a good 520 MG Memory Dump to debug from Windows XP.

    I got this info
    Event Type: Information
    Event Source: Save Dump
    Event Category: None
    Event ID: 1001
    Date: 3/17/2004
    Time: 2:18:33 PM
    User: N/A
    Computer: *Remove*
    Description:
    The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x00000008, 0x80042000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    When using ""dumpchk.exe Memory.dmp -v" from command prompt, I get this info.
    PHP Code:
    ****************************************************************
    **
    ** 
    Windows 2000 Crash Dump Analysis
    **
    ****************************************************************
    *
    Filename . . . . . . .memory.dmp
    Signature
    . . . . . . .PAGE
    ValidDump
    . . . . . . .DUMP
    MajorVersion 
    . . . . .free system
    MinorVersion 
    . . . . .2600
    DirectoryTableBase 
    .0x00039000
    PfnDataBase
    . . . . . .0x81051000
    PsLoadedModuleList 
    .0x80543530
    PsActiveProcessHead
    .0x80545578
    MachineImageType 
    . . .i386
    NumberProcessors 
    . . .1
    BugCheckCode 
    . . . . .0x0000007f
    BugCheckParameter1 
    .0x00000008
    BugCheckParameter2 
    .0x80042000
    BugCheckParameter3 
    .0x00000000
    BugCheckParameter4 
    .0x00000000

    ExceptionCode
    . . . . .0x80000003
    ExceptionFlags 
    . . . .0x00000001
    ExceptionAddress 
    . . .0x804f4103


    **************
    **************--&
    gtValidating the integrity of the PsLoadedModuleList
    **************

    Validating Module    Base       Size       Time/Date
    ntoskrnl
    .exe         0x804D4000 0x001D6280 Thu Apr 24 11:57:43 2003
    hal
    .dll              0x806AB000 0x00012E80 Thu Aug 29 04:05:02 2002
    kdcom
    .dll            0xF8A35000 0x00002000 Fri Aug 17 16:49:10 2001
    BOOTVID
    .dll          0xF8945000 0x00003000 Fri Aug 17 16:49:09 2001
    ACPI
    .sys             0xF84E8000 0x0002C000 Thu Aug 29 04:09:03 2002
    WMILIB
    .SYS           0xF8A37000 0x00002000 Fri Aug 17 17:07:23 2001
    pci
    .sys              0xF8535000 0x00010000 Thu Aug 29 04:09:10 2002
    isapnp
    .sys           0xF8545000 0x00009000 Fri Aug 17 16:58:01 2001
    compbatt
    .sys         0xF8949000 0x00003000 Fri Aug 17 16:57:58 2001
    BATTC
    .SYS            0xF894D000 0x00004000 Fri Aug 17 16:57:52 2001
    pciide
    .sys           0xF8AFD000 0x00001000 Fri Aug 17 16:51:49 2001
    PCIIDEX
    .SYS          0xF87B5000 0x00006000 Thu Aug 29 04:27:47 2002
    pcmcia
    .sys           0xF84CB000 0x0001D000 Thu Aug 29 04:09:09 2002
    MountMgr
    .sys         0xF8555000 0x0000A000 Fri Aug 17 16:47:36 2001
    ftdisk
    .sys           0xF84AC000 0x0001F000 Fri Aug 17 16:52:41 2001
    ACPIEC
    .sys           0xF8951000 0x00003000 Fri Aug 17 16:57:55 2001
    OPRGHDLR
    .SYS         0xF8AFE000 0x00001000 Fri Aug 17 16:57:55 2001
    PartMgr
    .sys          0xF87BD000 0x00005000 Fri Aug 17 21:32:23 2001
    VolSnap
    .sys          0xF8565000 0x0000C000 Fri Aug 17 16:53:19 2001
    atapi
    .sys            0xF8496000 0x00016000 Thu Aug 29 04:27:48 2002
    disk
    .sys             0xF8575000 0x00009000 Thu Aug 29 04:27:56 2002
    CLASSPNP
    .SYS         0xF8585000 0x0000C000 Thu Aug 29 05:08:42 2002
    sr
    .sys               0xF8485000 0x00011000 Thu Aug 29 04:17:56 2002
    PxHelp20
    .sys         0xF87C5000 0x00005000 Fri Jan 03 17:10:17 2003
    drvmcdb
    .sys          0xF8471000 0x00014000 Fri Dec 20 16:25:01 2002
    ino_flpy
    .sys         0xF87CD000 0x00005000 Fri Jan 03 14:08:13 2003
    KSecDD
    .sys           0xF845D000 0x00014000 Fri Aug 17 16:50:01 2001
    Ntfs
    .sys             0xF83D3000 0x0008A000 Thu Aug 29 05:13:37 2002
    NDIS
    .sys             0xF83AB000 0x00028000 Mon Sep 30 14:58:04 2002
    Mup
    .sys              0xF8391000 0x0001A000 Thu Aug 29 05:12:53 2002
    agp440
    .sys           0xF87D5000 0x00007000 Fri Aug 17 16:57:59 2001
    gv3
    .sys              0xF87F5000 0x00008000 Mon Nov 18 20:20:43 2002
    ati2mtag
    .sys         0xF829C000 0x0009C000 Thu Nov 20 22:24:47 2003
    VIDEOPRT
    .SYS         0xF828A000 0x00012000 Thu Aug 29 04:32:03 2002
    usbuhci
    .sys          0xF8805000 0x00005000 Thu Jul 03 20:51:44 2003
    USBPORT
    .SYS          0xF8268000 0x00022000 Thu Jul 03 20:49:27 2003
    usbehci
    .sys          0xF8815000 0x00007000 Thu Jul 03 20:50:45 2003
    e100b325
    .sys         0xF8242000 0x00026000 Tue Oct 28 15:09:53 2003
    i8042prt
    .sys         0xF85C5000 0x0000D000 Mon Jun 02 17:20:07 2003
    kbdclass
    .sys         0xF882D000 0x00006000 Thu Aug 29 04:26:59 2002
    SynTP
    .sys            0xF8200000 0x00042000 Thu Jul 31 18:04:02 2003
    USBD
    .SYS             0xF8A45000 0x00002000 Fri Aug 17 17:02:58 2001
    mouclass
    .sys         0xF8835000 0x00006000 Thu Aug 29 04:27:00 2002
    fdc
    .sys              0xF8845000 0x00007000 Fri Aug 17 16:51:22 2001
    serial
    .sys           0xF85D5000 0x00010000 Thu Aug 29 05:08:27 2002
    serenum
    .sys          0xF89E1000 0x00004000 Fri Aug 17 16:50:13 2001
    parport
    .sys          0xF81ED000 0x00013000 Thu Aug 29 04:27:29 2002
    nscirda
    .sys          0xF884D000 0x00006000 Fri Aug 17 16:51:31 2001
    irenum
    .sys           0xF89ED000 0x00003000 Fri Aug 17 16:51:19 2001
    CmBatt
    .sys           0xF89F9000 0x00004000 Thu Aug 29 04:09:04 2002
    ibmpmdrv
    .sys         0xF8855000 0x00007000 Wed Jul 02 22:54:03 2003
    imapi
    .sys            0xF85E5000 0x0000A000 Thu Aug 29 04:28:05 2002
    sscdbhk5
    .sys         0xF8A4B000 0x00002000 Tue Dec 24 13:52:25 2002
    cdrom
    .sys            0xF85F5000 0x0000C000 Thu Aug 29 04:27:55 2002
    redbook
    .sys          0xF8605000 0x0000E000 Thu Aug 29 04:27:45 2002
    ks
    .sys               0xF81CD000 0x00020000 Wed Dec 04 12:09:38 2002
    smwdm
    .sys            0xF813F000 0x0008E000 Mon Oct 27 14:09:03 2003
    portcls
    .sys          0xF811E000 0x00021000 Thu Aug 29 05:00:58 2002
    drmk
    .sys             0xF8615000 0x0000F000 Thu Aug 29 04:32:30 2002
    aeaudio
    .sys          0xF8106000 0x00018000 Thu Oct 23 14:17:07 2003
    AGRSM
    .sys            0xF7FE1000 0x00125000 Fri Jun 27 08:53:43 2003
    Modem
    .SYS            0xF8885000 0x00008000 Fri Aug 17 16:57:35 2001
    audstub
    .sys          0xF8BA2000 0x00001000 Fri Aug 17 16:59:40 2001
    rasirda
    .sys          0xF8895000 0x00005000 Fri Aug 17 16:51:29 2001
    TDI
    .SYS              0xF8A15000 0x00004000 Fri Aug 17 16:57:25 2001
    rasl2tp
    .sys          0xF8625000 0x0000C000 Thu Aug 29 05:06:36 2002
    ndistapi
    .sys         0xF8A21000 0x00003000 Fri Aug 17 16:55:29 2001
    ndiswan
    .sys          0xF7FA3000 0x00016000 Thu Aug 29 04:58:38 2002
    raspppoe
    .sys         0xF8635000 0x0000A000 Fri Aug 17 16:55:33 2001
    raspptp
    .sys          0xF8645000 0x0000C000 Tue Oct 01 20:52:28 2002
    psched
    .sys           0xF7F92000 0x00011000 Thu Aug 29 04:35:54 2002
    msgpc
    .sys            0xF8655000 0x00009000 Fri Aug 17 16:54:19 2001
    ptilink
    .sys          0xF88A5000 0x00005000 Fri Aug 17 16:49:53 2001
    raspti
    .sys           0xF88B5000 0x00005000 Fri Aug 17 16:55:32 2001
    rdpdr
    .sys            0xF7F65000 0x0002D000 Thu Aug 29 04:06:34 2002
    termdd
    .sys           0xF8665000 0x0000A000 Thu Aug 29 04:40:32 2002
    swenum
    .sys           0xF8BAB000 0x00001000 Wed Dec 04 12:10:07 2002
    update
    .sys           0xF7F43000 0x00022000 Fri Aug 17 23:53:56 2001
    NDProxy
    .SYS          0xF8685000 0x0000A000 Fri Aug 17 16:55:30 2001
    usbhub
    .sys           0xF86B5000 0x0000D000 Thu Jul 03 20:52:56 2003
    i2omgmt
    .SYS          0xF8A75000 0x00002000 Fri Aug 17 16:56:15 2001
    Fs_Rec
    .SYS           0xF8A79000 0x00002000 Fri Aug 17 16:49:37 2001
    Null
    .SYS             0xF8BC1000 0x00001000 Fri Aug 17 16:47:39 2001
    Beep
    .SYS             0xF8A7D000 0x00002000 Fri Aug 17 16:47:33 2001
    ssrtln
    .sys           0xF88FD000 0x00006000 Tue Dec 24 13:51:44 2002
    vga
    .sys              0xF890D000 0x00005000 Thu Aug 29 04:32:03 2002
    mnmdd
    .SYS            0xF8A81000 0x00002000 Fri Aug 17 16:57:28 2001
    RDPCDD
    .sys           0xF8A85000 0x00002000 Fri Aug 17 16:46:56 2001
    Msfs
    .SYS             0xF891D000 0x00005000 Fri Aug 17 16:50:02 2001
    Npfs
    .SYS             0xF892D000 0x00008000 Fri Aug 17 16:50:03 2001
    rasacd
    .sys           0xF89D9000 0x00003000 Fri Aug 17 16:55:39 2001
    ipsec
    .sys            0xF86E5000 0x0000F000 Thu Aug 29 05:07:19 2002
    tcpip
    .sys            0xEDDA9000 0x00052000 Thu Aug 29 04:58:10 2002
    netbt
    .sys            0xEDD84000 0x00025000 Tue Jul 08 19:48:51 2003
    wanarp
    .sys           0xF86F5000 0x00009000 Fri Aug 17 16:55:23 2001
    netbios
    .sys          0xF8705000 0x00009000 Thu Aug 29 04:35:45 2002
    TSMAPIP
    .SYS          0xF87ED000 0x00006000 Thu Jun 27 23:59:23 2002
    Tppwr
    .sys            0xF87FD000 0x00008000 Tue Dec 10 11:36:51 2002
    TPHKDRV
    .SYS          0xF7FCD000 0x00004000 Sun Jun 22 18:33:56 2003
    TDSMAPI
    .SYS          0xF880D000 0x00006000 Thu Nov 28 02:11:29 2002
    Smapint
    .sys          0xF881D000 0x00008000 Wed Dec 04 08:58:05 2002
    rdbss
    .sys            0xEDD14000 0x00028000 Thu Aug 29 04:58:48 2002
    mrxsmb
    .sys           0xEDCB4000 0x00060000 Mon Nov 18 14:27:37 2002
    IBMBLDID
    .SYS         0xF8BD7000 0x00001000 Sun May 27 11:18:51 2001
    Fips
    .SYS             0xF8725000 0x00009000 Fri Aug 17 21:31:49 2001
    Cdfs
    .SYS             0xF8745000 0x0000F000 Thu Aug 29 04:58:50 2002
    dump_atapi
    .sys       0xEDBDE000 0x00016000 Thu Aug 29 04:27:48 2002
    dump_WMILIB
    .SYS      0xF8A8D000 0x00002000 Fri Aug 17 17:07:23 2001
    win32k
    .sys           0xBF800000 0x001B7000 header paged out
    watchdog
    .sys         0xF7E8F000 0x00004000 Thu Aug 29 04:32:20 2002
    Dxapi
    .sys            0xF7E87000 0x00003000 Fri Aug 17 16:53:19 2001
    dxg
    .sys              0xBFF80000 0x00011000 header paged out
    dxgthk
    .sys           0xF8C55000 0x00001000 Fri Aug 17 16:53:12 2001
    ati2dvag
    .dll         0xBF9B7000 0x0005F000 header paged out
    ati3d1ag
    .dll         0xBFA16000 0x000D1000 header paged out
    drvnddm
    .sys          0xEDC74000 0x0000A000 Tue Dec 24 13:38:04 2002
    ino_fltr
    .sys         0xEDA82000 0x0001C000 Fri Jan 03 16:12:50 2003
    tfsndres
    .sys         0xF8C21000 0x00001000 Fri Jan 10 16:46:59 2003
    tfsnifs
    .sys          0xEDC64000 0x0000E000 Fri Jan 10 16:43:40 2003
    tfsnopio
    .sys         0xEDB96000 0x00004000 Fri Jan 10 16:45:21 2003
    tfsnpool
    .sys         0xF8AB9000 0x00002000 Fri Jan 10 16:43:54 2003
    tfsnboio
    .sys         0xF8925000 0x00006000 Fri Jan 10 16:44:15 2003
    tfsncofs
    .sys         0xEDC24000 0x00009000 Fri Jan 10 16:45:03 2003
    tfsndrct
    .sys         0xF8C75000 0x00001000 Fri Jan 10 16:45:17 2003
    tfsnudf
    .sys          0xEDA43000 0x00017000 Fri Jan 10 16:44:10 2003
    tfsnudfa
    .sys         0xEDA2B000 0x00018000 Fri Jan 10 16:46:37 2003
    afd
    .sys              0xED942000 0x00021000 Thu Aug 29 05:01:13 2002
    irda
    .sys             0xEDB2E000 0x0000E000 Fri Aug 17 16:51:32 2001
    ndisuio
    .sys          0xEDAA2000 0x00003000 Thu Aug 29 04:35:40 2002
    mrxdav
    .sys           0xED7AF000 0x0002B000 Fri Aug 17 16:50:20 2001
    ParVdm
    .SYS           0xF8AE1000 0x00002000 Fri Aug 17 16:49:49 2001
    srv
    .sys              0xED620000 0x0004F000 Fri Mar 28 14:54:53 2003
    PMEMNT
    .SYS           0xF8AB7000 0x00002000 Thu Sep 30 11:51:09 1999
    sysaudio
    .sys         0xEDC34000 0x0000E000 Thu Aug 29 05:01:17 2002
    wdmaud
    .sys           0xED4AA000 0x00013000 Thu Aug 29 05:00:46 2002
    ATMFD
    .DLL            0xBFFA0000 0x00043000 header paged out
    HPBF3522
    .DLL         0xBFAE7000 0x0016C000 header paged out
    ntdll
    .dll            0xBFC53000 0x000A7000 header paged out
    Fastfat
    .SYS          0xECD29000 0x00024000 Thu Aug 29 05:12:45 2002

    **************
    **************--&
    gtNo errors in the module list.
    **************
    **************
    **************--&
    gtThis dump file is good!
    ************** 
    If you made it here, M$ crash analyst that popup after the reboot told it's a device driver that lead to the crash but all other info I have lead me to a hardware failure like the Microsoft Knowledge Base Article - 137539 said with error 0x00000008 who is a Double Fault.

    Bottom Line, with a complety memory dump, and the error code from Event Viewer, how can I verified where is coming my error. Thank for info!
    -Simon \"SDK\"

  2. #2
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,696
    Holy hell, that's a nasty dump...

    It does look like a hardware failure to me, but Windows is not my specialty.

    Anyone else here able to read this MS mess?
    Real security doesn't come with an installer.

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    how often do you get these fails ?

    I honestly couldn't tell you how to debug it with that dump info..


    this error does seem to point to a hardware fault, so I'd debug using the process of elimination theory. I'd start out with testing the memory..or if you can get other sticks or memory to try out. (get some crucial memory .. cheap memory is just that.. cheap)

    here are three memory diags.. try them all.

    docmemory version 2
    http://www.utilitygeek.com/details.php?fileid=130

    memtest86
    www.memtest86.com

    microsoft's memory diag
    http://www.majorgeeks.com/download3955.html

    these are bootdisk diags.. no hard drive or any peripheral needs to be hooked up if you wanted to disconnect.. If you rule out memory as being at fault.. you could try lowering your fsb in your bios or loosing the timing on the ram.

    tell us the motherboard type, the type of ram (and manufacturer), the bios revision, the temp's that the motherboard is reporting.. and if it seems to happen more often when the system is operating at high loads.. (intensive games, many apps running, etc.)

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    The Pc is a New R40 Thinkpad from IBM. It work flawless from the day I gave to the users (12 Decembre 2003) to the fist crash (31 January 2004). But I know that around this date of the 31 of January, I upgrade all my PC to the version 7.0 of my Antivirus, InoculateIT.

    So this make me thing a flaw in the antivirus kernel or something. I have another R40 users who having the same problem while another one is not having it at all. I'll probably test the Memory but I'm really looking forward to get more info of this dump. I'm looking for program that can do like pstat utilites but from the info of the memory dump.
    -Simon \"SDK\"

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Bump up! Anyone got more info here?
    -Simon \"SDK\"

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi,

    Try the memory testing and reinstall your AV.

    ati2dvag.dll 0xBF9B7000 0x0005F000 header paged out
    Looks like you have an ATI Radeon video card..............is it a 9600 by any chance?

    1. Update the video drivers
    2. Update the MoBo BIOS

    If that doesn't work:

    3. Update DirectX


    And if that doesn't work:

    Try a different video card (nVidia or whatever)

    AFAIK ATI 9800s should work..........I have had problems with a 9700 but fixed it with new drivers.

    Good luck

  7. #7
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    It's a laptop. The video card is an ATI MOBILITY RADEON 7500 (32 MB). Their 7 drivers with header paged out? Why did you pick ati2dvag.dll?
    -Simon \"SDK\"

  8. #8
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    If I had to guess, I would say it is the kernel that barfed, at least on this memory dump:

    Here is why:
    ExceptionAddress . . .0x804f4103

    ntoskrnl.exe 0x804D4000 0x001D6280 Thu Apr 24 11:57:43 2003

    ntoskrnl.exe is from 0x804d4000 to 0x806AA280, and the exception was at 0x804f4103, which means in this process. Unfortunately, with the double fault, this is probably to be expected. Are you getting any other faults before this?

    Have you tried disabling or removing hardware and then booting to see if the error happens again? Have you tried updating device drivers?

    I would pay special attention to:
    win32k.sys 0xBF800000 0x001B7000 header paged out
    dxg.sys 0xBFF80000 0x00011000 header paged out
    ati2dvag.dll 0xBF9B7000 0x0005F000 header paged out
    ati3d1ag.dll 0xBFA16000 0x000D1000 header paged out
    ATMFD.DLL 0xBFFA0000 0x00043000 header paged out
    HPBF3522.DLL 0xBFAE7000 0x0016C000 header paged out
    ntdll.dll 0xBFC53000 0x000A7000 header paged out

    I am sure ati is in reference to your graphics and dxg I believe is related to this in that it is part of directX (don't quote me), given that the majority of these appear related to graphics, I would start with reinstalling your graphic drivers. You may also want to look at HPBF3522.DLL which strikes me as maybe a HP printer driver..., but I would only look at this after you have looked at the ATI stuff.

    Hope that helps some...
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  9. #9
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Like I said before, this is a laptop and I CANNOT remove hardware. The only hardware that is add and remove is a PCMCIA flash card from a digital Camera. But I'll check the video card drivers.

    Does anyone have good info on this? Rare Google Find? M$ Lost in the huge M$ site?
    -Simon \"SDK\"

  10. #10
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Originally posted here by SDK
    Like I said before, this is a laptop and I CANNOT remove hardware. The only hardware that is add and remove is a PCMCIA flash card from a digital Camera. But I'll check the video card drivers.

    Does anyone have good info on this? Rare Google Find? M$ Lost in the huge M$ site?
    You'll note I said:

    DISABLING or removing hardware
    You can do this from control panel -> system -> hardware -> device manager
    Right click and (disable or uninstall, it varies) (be careful what you disable or you may have problems, stick to periphial devices, and make sure you have current drivers available if you uninstall).
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •