|
-
March 17th, 2004, 10:23 PM
#1
Memory Dump Debugging
Anyone got any experience debugging Memory dump? I got a good 520 MG Memory Dump to debug from Windows XP. 
I got this info
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date: 3/17/2004
Time: 2:18:33 PM
User: N/A
Computer: *Remove*
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x00000008, 0x80042000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
When using ""dumpchk.exe Memory.dmp -v" from command prompt, I get this info.
PHP Code:
****************************************************************
**
** Windows 2000 Crash Dump Analysis
**
****************************************************************
*
Filename . . . . . . .memory.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .2600
DirectoryTableBase . .0x00039000
PfnDataBase. . . . . .0x81051000
PsLoadedModuleList . .0x80543530
PsActiveProcessHead. .0x80545578
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x0000007f
BugCheckParameter1 . .0x00000008
BugCheckParameter2 . .0x80042000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000
ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x804f4103
**************
**************--> Validating the integrity of the PsLoadedModuleList
**************
Validating Module Base Size Time/Date
ntoskrnl.exe 0x804D4000 0x001D6280 Thu Apr 24 11:57:43 2003
hal.dll 0x806AB000 0x00012E80 Thu Aug 29 04:05:02 2002
kdcom.dll 0xF8A35000 0x00002000 Fri Aug 17 16:49:10 2001
BOOTVID.dll 0xF8945000 0x00003000 Fri Aug 17 16:49:09 2001
ACPI.sys 0xF84E8000 0x0002C000 Thu Aug 29 04:09:03 2002
WMILIB.SYS 0xF8A37000 0x00002000 Fri Aug 17 17:07:23 2001
pci.sys 0xF8535000 0x00010000 Thu Aug 29 04:09:10 2002
isapnp.sys 0xF8545000 0x00009000 Fri Aug 17 16:58:01 2001
compbatt.sys 0xF8949000 0x00003000 Fri Aug 17 16:57:58 2001
BATTC.SYS 0xF894D000 0x00004000 Fri Aug 17 16:57:52 2001
pciide.sys 0xF8AFD000 0x00001000 Fri Aug 17 16:51:49 2001
PCIIDEX.SYS 0xF87B5000 0x00006000 Thu Aug 29 04:27:47 2002
pcmcia.sys 0xF84CB000 0x0001D000 Thu Aug 29 04:09:09 2002
MountMgr.sys 0xF8555000 0x0000A000 Fri Aug 17 16:47:36 2001
ftdisk.sys 0xF84AC000 0x0001F000 Fri Aug 17 16:52:41 2001
ACPIEC.sys 0xF8951000 0x00003000 Fri Aug 17 16:57:55 2001
OPRGHDLR.SYS 0xF8AFE000 0x00001000 Fri Aug 17 16:57:55 2001
PartMgr.sys 0xF87BD000 0x00005000 Fri Aug 17 21:32:23 2001
VolSnap.sys 0xF8565000 0x0000C000 Fri Aug 17 16:53:19 2001
atapi.sys 0xF8496000 0x00016000 Thu Aug 29 04:27:48 2002
disk.sys 0xF8575000 0x00009000 Thu Aug 29 04:27:56 2002
CLASSPNP.SYS 0xF8585000 0x0000C000 Thu Aug 29 05:08:42 2002
sr.sys 0xF8485000 0x00011000 Thu Aug 29 04:17:56 2002
PxHelp20.sys 0xF87C5000 0x00005000 Fri Jan 03 17:10:17 2003
drvmcdb.sys 0xF8471000 0x00014000 Fri Dec 20 16:25:01 2002
ino_flpy.sys 0xF87CD000 0x00005000 Fri Jan 03 14:08:13 2003
KSecDD.sys 0xF845D000 0x00014000 Fri Aug 17 16:50:01 2001
Ntfs.sys 0xF83D3000 0x0008A000 Thu Aug 29 05:13:37 2002
NDIS.sys 0xF83AB000 0x00028000 Mon Sep 30 14:58:04 2002
Mup.sys 0xF8391000 0x0001A000 Thu Aug 29 05:12:53 2002
agp440.sys 0xF87D5000 0x00007000 Fri Aug 17 16:57:59 2001
gv3.sys 0xF87F5000 0x00008000 Mon Nov 18 20:20:43 2002
ati2mtag.sys 0xF829C000 0x0009C000 Thu Nov 20 22:24:47 2003
VIDEOPRT.SYS 0xF828A000 0x00012000 Thu Aug 29 04:32:03 2002
usbuhci.sys 0xF8805000 0x00005000 Thu Jul 03 20:51:44 2003
USBPORT.SYS 0xF8268000 0x00022000 Thu Jul 03 20:49:27 2003
usbehci.sys 0xF8815000 0x00007000 Thu Jul 03 20:50:45 2003
e100b325.sys 0xF8242000 0x00026000 Tue Oct 28 15:09:53 2003
i8042prt.sys 0xF85C5000 0x0000D000 Mon Jun 02 17:20:07 2003
kbdclass.sys 0xF882D000 0x00006000 Thu Aug 29 04:26:59 2002
SynTP.sys 0xF8200000 0x00042000 Thu Jul 31 18:04:02 2003
USBD.SYS 0xF8A45000 0x00002000 Fri Aug 17 17:02:58 2001
mouclass.sys 0xF8835000 0x00006000 Thu Aug 29 04:27:00 2002
fdc.sys 0xF8845000 0x00007000 Fri Aug 17 16:51:22 2001
serial.sys 0xF85D5000 0x00010000 Thu Aug 29 05:08:27 2002
serenum.sys 0xF89E1000 0x00004000 Fri Aug 17 16:50:13 2001
parport.sys 0xF81ED000 0x00013000 Thu Aug 29 04:27:29 2002
nscirda.sys 0xF884D000 0x00006000 Fri Aug 17 16:51:31 2001
irenum.sys 0xF89ED000 0x00003000 Fri Aug 17 16:51:19 2001
CmBatt.sys 0xF89F9000 0x00004000 Thu Aug 29 04:09:04 2002
ibmpmdrv.sys 0xF8855000 0x00007000 Wed Jul 02 22:54:03 2003
imapi.sys 0xF85E5000 0x0000A000 Thu Aug 29 04:28:05 2002
sscdbhk5.sys 0xF8A4B000 0x00002000 Tue Dec 24 13:52:25 2002
cdrom.sys 0xF85F5000 0x0000C000 Thu Aug 29 04:27:55 2002
redbook.sys 0xF8605000 0x0000E000 Thu Aug 29 04:27:45 2002
ks.sys 0xF81CD000 0x00020000 Wed Dec 04 12:09:38 2002
smwdm.sys 0xF813F000 0x0008E000 Mon Oct 27 14:09:03 2003
portcls.sys 0xF811E000 0x00021000 Thu Aug 29 05:00:58 2002
drmk.sys 0xF8615000 0x0000F000 Thu Aug 29 04:32:30 2002
aeaudio.sys 0xF8106000 0x00018000 Thu Oct 23 14:17:07 2003
AGRSM.sys 0xF7FE1000 0x00125000 Fri Jun 27 08:53:43 2003
Modem.SYS 0xF8885000 0x00008000 Fri Aug 17 16:57:35 2001
audstub.sys 0xF8BA2000 0x00001000 Fri Aug 17 16:59:40 2001
rasirda.sys 0xF8895000 0x00005000 Fri Aug 17 16:51:29 2001
TDI.SYS 0xF8A15000 0x00004000 Fri Aug 17 16:57:25 2001
rasl2tp.sys 0xF8625000 0x0000C000 Thu Aug 29 05:06:36 2002
ndistapi.sys 0xF8A21000 0x00003000 Fri Aug 17 16:55:29 2001
ndiswan.sys 0xF7FA3000 0x00016000 Thu Aug 29 04:58:38 2002
raspppoe.sys 0xF8635000 0x0000A000 Fri Aug 17 16:55:33 2001
raspptp.sys 0xF8645000 0x0000C000 Tue Oct 01 20:52:28 2002
psched.sys 0xF7F92000 0x00011000 Thu Aug 29 04:35:54 2002
msgpc.sys 0xF8655000 0x00009000 Fri Aug 17 16:54:19 2001
ptilink.sys 0xF88A5000 0x00005000 Fri Aug 17 16:49:53 2001
raspti.sys 0xF88B5000 0x00005000 Fri Aug 17 16:55:32 2001
rdpdr.sys 0xF7F65000 0x0002D000 Thu Aug 29 04:06:34 2002
termdd.sys 0xF8665000 0x0000A000 Thu Aug 29 04:40:32 2002
swenum.sys 0xF8BAB000 0x00001000 Wed Dec 04 12:10:07 2002
update.sys 0xF7F43000 0x00022000 Fri Aug 17 23:53:56 2001
NDProxy.SYS 0xF8685000 0x0000A000 Fri Aug 17 16:55:30 2001
usbhub.sys 0xF86B5000 0x0000D000 Thu Jul 03 20:52:56 2003
i2omgmt.SYS 0xF8A75000 0x00002000 Fri Aug 17 16:56:15 2001
Fs_Rec.SYS 0xF8A79000 0x00002000 Fri Aug 17 16:49:37 2001
Null.SYS 0xF8BC1000 0x00001000 Fri Aug 17 16:47:39 2001
Beep.SYS 0xF8A7D000 0x00002000 Fri Aug 17 16:47:33 2001
ssrtln.sys 0xF88FD000 0x00006000 Tue Dec 24 13:51:44 2002
vga.sys 0xF890D000 0x00005000 Thu Aug 29 04:32:03 2002
mnmdd.SYS 0xF8A81000 0x00002000 Fri Aug 17 16:57:28 2001
RDPCDD.sys 0xF8A85000 0x00002000 Fri Aug 17 16:46:56 2001
Msfs.SYS 0xF891D000 0x00005000 Fri Aug 17 16:50:02 2001
Npfs.SYS 0xF892D000 0x00008000 Fri Aug 17 16:50:03 2001
rasacd.sys 0xF89D9000 0x00003000 Fri Aug 17 16:55:39 2001
ipsec.sys 0xF86E5000 0x0000F000 Thu Aug 29 05:07:19 2002
tcpip.sys 0xEDDA9000 0x00052000 Thu Aug 29 04:58:10 2002
netbt.sys 0xEDD84000 0x00025000 Tue Jul 08 19:48:51 2003
wanarp.sys 0xF86F5000 0x00009000 Fri Aug 17 16:55:23 2001
netbios.sys 0xF8705000 0x00009000 Thu Aug 29 04:35:45 2002
TSMAPIP.SYS 0xF87ED000 0x00006000 Thu Jun 27 23:59:23 2002
Tppwr.sys 0xF87FD000 0x00008000 Tue Dec 10 11:36:51 2002
TPHKDRV.SYS 0xF7FCD000 0x00004000 Sun Jun 22 18:33:56 2003
TDSMAPI.SYS 0xF880D000 0x00006000 Thu Nov 28 02:11:29 2002
Smapint.sys 0xF881D000 0x00008000 Wed Dec 04 08:58:05 2002
rdbss.sys 0xEDD14000 0x00028000 Thu Aug 29 04:58:48 2002
mrxsmb.sys 0xEDCB4000 0x00060000 Mon Nov 18 14:27:37 2002
IBMBLDID.SYS 0xF8BD7000 0x00001000 Sun May 27 11:18:51 2001
Fips.SYS 0xF8725000 0x00009000 Fri Aug 17 21:31:49 2001
Cdfs.SYS 0xF8745000 0x0000F000 Thu Aug 29 04:58:50 2002
dump_atapi.sys 0xEDBDE000 0x00016000 Thu Aug 29 04:27:48 2002
dump_WMILIB.SYS 0xF8A8D000 0x00002000 Fri Aug 17 17:07:23 2001
win32k.sys 0xBF800000 0x001B7000 header paged out
watchdog.sys 0xF7E8F000 0x00004000 Thu Aug 29 04:32:20 2002
Dxapi.sys 0xF7E87000 0x00003000 Fri Aug 17 16:53:19 2001
dxg.sys 0xBFF80000 0x00011000 header paged out
dxgthk.sys 0xF8C55000 0x00001000 Fri Aug 17 16:53:12 2001
ati2dvag.dll 0xBF9B7000 0x0005F000 header paged out
ati3d1ag.dll 0xBFA16000 0x000D1000 header paged out
drvnddm.sys 0xEDC74000 0x0000A000 Tue Dec 24 13:38:04 2002
ino_fltr.sys 0xEDA82000 0x0001C000 Fri Jan 03 16:12:50 2003
tfsndres.sys 0xF8C21000 0x00001000 Fri Jan 10 16:46:59 2003
tfsnifs.sys 0xEDC64000 0x0000E000 Fri Jan 10 16:43:40 2003
tfsnopio.sys 0xEDB96000 0x00004000 Fri Jan 10 16:45:21 2003
tfsnpool.sys 0xF8AB9000 0x00002000 Fri Jan 10 16:43:54 2003
tfsnboio.sys 0xF8925000 0x00006000 Fri Jan 10 16:44:15 2003
tfsncofs.sys 0xEDC24000 0x00009000 Fri Jan 10 16:45:03 2003
tfsndrct.sys 0xF8C75000 0x00001000 Fri Jan 10 16:45:17 2003
tfsnudf.sys 0xEDA43000 0x00017000 Fri Jan 10 16:44:10 2003
tfsnudfa.sys 0xEDA2B000 0x00018000 Fri Jan 10 16:46:37 2003
afd.sys 0xED942000 0x00021000 Thu Aug 29 05:01:13 2002
irda.sys 0xEDB2E000 0x0000E000 Fri Aug 17 16:51:32 2001
ndisuio.sys 0xEDAA2000 0x00003000 Thu Aug 29 04:35:40 2002
mrxdav.sys 0xED7AF000 0x0002B000 Fri Aug 17 16:50:20 2001
ParVdm.SYS 0xF8AE1000 0x00002000 Fri Aug 17 16:49:49 2001
srv.sys 0xED620000 0x0004F000 Fri Mar 28 14:54:53 2003
PMEMNT.SYS 0xF8AB7000 0x00002000 Thu Sep 30 11:51:09 1999
sysaudio.sys 0xEDC34000 0x0000E000 Thu Aug 29 05:01:17 2002
wdmaud.sys 0xED4AA000 0x00013000 Thu Aug 29 05:00:46 2002
ATMFD.DLL 0xBFFA0000 0x00043000 header paged out
HPBF3522.DLL 0xBFAE7000 0x0016C000 header paged out
ntdll.dll 0xBFC53000 0x000A7000 header paged out
Fastfat.SYS 0xECD29000 0x00024000 Thu Aug 29 05:12:45 2002
**************
**************--> No errors in the module list.
**************
**************
**************--> This dump file is good!
**************
If you made it here, M$ crash analyst that popup after the reboot told it's a device driver that lead to the crash but all other info I have lead me to a hardware failure like the Microsoft Knowledge Base Article - 137539 said with error 0x00000008 who is a Double Fault.
Bottom Line, with a complety memory dump, and the error code from Event Viewer, how can I verified where is coming my error. Thank for info!
-
March 17th, 2004, 10:35 PM
#2
Holy hell, that's a nasty dump... 
It does look like a hardware failure to me, but Windows is not my specialty.
Anyone else here able to read this MS mess?
Real security doesn't come with an installer.
-
March 17th, 2004, 11:55 PM
#3
how often do you get these fails ?
I honestly couldn't tell you how to debug it with that dump info..
this error does seem to point to a hardware fault, so I'd debug using the process of elimination theory. I'd start out with testing the memory..or if you can get other sticks or memory to try out. (get some crucial memory .. cheap memory is just that.. cheap)
here are three memory diags.. try them all.
docmemory version 2
http://www.utilitygeek.com/details.php?fileid=130
memtest86
www.memtest86.com
microsoft's memory diag
http://www.majorgeeks.com/download3955.html
these are bootdisk diags.. no hard drive or any peripheral needs to be hooked up if you wanted to disconnect.. If you rule out memory as being at fault.. you could try lowering your fsb in your bios or loosing the timing on the ram.
tell us the motherboard type, the type of ram (and manufacturer), the bios revision, the temp's that the motherboard is reporting.. and if it seems to happen more often when the system is operating at high loads.. (intensive games, many apps running, etc.)
-
March 18th, 2004, 03:40 PM
#4
The Pc is a New R40 Thinkpad from IBM. It work flawless from the day I gave to the users (12 Decembre 2003) to the fist crash (31 January 2004). But I know that around this date of the 31 of January, I upgrade all my PC to the version 7.0 of my Antivirus, InoculateIT.
So this make me thing a flaw in the antivirus kernel or something. I have another R40 users who having the same problem while another one is not having it at all. I'll probably test the Memory but I'm really looking forward to get more info of this dump. I'm looking for program that can do like pstat utilites but from the info of the memory dump.
-
March 22nd, 2004, 04:43 PM
#5
Bump up! Anyone got more info here?
-
March 22nd, 2004, 08:22 PM
#6
Hi,
Try the memory testing and reinstall your AV.
ati2dvag.dll 0xBF9B7000 0x0005F000 header paged out
Looks like you have an ATI Radeon video card..............is it a 9600 by any chance?
1. Update the video drivers
2. Update the MoBo BIOS
If that doesn't work:
3. Update DirectX
And if that doesn't work:
Try a different video card (nVidia or whatever)
AFAIK ATI 9800s should work..........I have had problems with a 9700 but fixed it with new drivers.
Good luck
-
March 22nd, 2004, 10:14 PM
#7
It's a laptop. The video card is an ATI MOBILITY RADEON 7500 (32 MB). Their 7 drivers with header paged out? Why did you pick ati2dvag.dll?
-
March 22nd, 2004, 10:26 PM
#8
If I had to guess, I would say it is the kernel that barfed, at least on this memory dump:
Here is why:
ExceptionAddress . . .0x804f4103
ntoskrnl.exe 0x804D4000 0x001D6280 Thu Apr 24 11:57:43 2003
ntoskrnl.exe is from 0x804d4000 to 0x806AA280, and the exception was at 0x804f4103, which means in this process. Unfortunately, with the double fault, this is probably to be expected. Are you getting any other faults before this?
Have you tried disabling or removing hardware and then booting to see if the error happens again? Have you tried updating device drivers?
I would pay special attention to:
win32k.sys 0xBF800000 0x001B7000 header paged out
dxg.sys 0xBFF80000 0x00011000 header paged out
ati2dvag.dll 0xBF9B7000 0x0005F000 header paged out
ati3d1ag.dll 0xBFA16000 0x000D1000 header paged out
ATMFD.DLL 0xBFFA0000 0x00043000 header paged out
HPBF3522.DLL 0xBFAE7000 0x0016C000 header paged out
ntdll.dll 0xBFC53000 0x000A7000 header paged out
I am sure ati is in reference to your graphics and dxg I believe is related to this in that it is part of directX (don't quote me), given that the majority of these appear related to graphics, I would start with reinstalling your graphic drivers. You may also want to look at HPBF3522.DLL which strikes me as maybe a HP printer driver..., but I would only look at this after you have looked at the ATI stuff.
Hope that helps some...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
March 22nd, 2004, 10:33 PM
#9
Like I said before, this is a laptop and I CANNOT remove hardware. The only hardware that is add and remove is a PCMCIA flash card from a digital Camera. But I'll check the video card drivers.
Does anyone have good info on this? Rare Google Find? M$ Lost in the huge M$ site?
-
March 22nd, 2004, 10:45 PM
#10
Originally posted here by SDK
Like I said before, this is a laptop and I CANNOT remove hardware. The only hardware that is add and remove is a PCMCIA flash card from a digital Camera. But I'll check the video card drivers.
Does anyone have good info on this? Rare Google Find? M$ Lost in the huge M$ site?
You'll note I said:
DISABLING or removing hardware
You can do this from control panel -> system -> hardware -> device manager
Right click and (disable or uninstall, it varies) (be careful what you disable or you may have problems, stick to periphial devices, and make sure you have current drivers available if you uninstall).
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
