How to read Minidump files?

Discussion in 'OT Technology' started by kronik85, Mar 3, 2008.

  1. kronik85

    kronik85 New Member

    Joined:
    Feb 8, 2005
    Messages:
    34,837
    Likes Received:
    0
    Location:
    Deutschland
    My computer has been blue screening lately, and I looked into it and it seems the best way to determine whats the culprit is examining the minidump file (the STOP code was 0x40000080) however I don't have much experience with the windows debugger nor processes/memory modules. Anyone else mind taking a look and letting me know what they see?

    http://www.megaupload.com/?d=7ZDD1ZET
     
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    i'm downloading the symbols, so give me a few mins.
     
  3. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    the first dump occured today at 7:49:20.671, at which point the system had been up for 18:22:07.362.

    The offending driver is NVENETFD.sys. It is the nVidia LAN driver. Generally this failure is caused by excessive connections, common with p2p filesharing such as bittorrent.
     
  4. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    looks like you have an old driver... try getting the latest one.

    Code:
    1: kd> lmvm NVENETFD
    start    end        module name
    baab8000 baac0300   NVENETFD T (no symbols)           
        Loaded symbol image file: NVENETFD.sys
        Image path: NVENETFD.sys
        Image name: NVENETFD.sys
        Timestamp:        Wed Apr 06 03:22:26 2005 (4253B862)
        CheckSum:         00013877
        ImageSize:        00008300
        Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0
     
  5. kronik85

    kronik85 New Member

    Joined:
    Feb 8, 2005
    Messages:
    34,837
    Likes Received:
    0
    Location:
    Deutschland
    i solved my driver problem (at least with regard to the NIC) i believe, finding that the drivers i was using were in fact old as hell. however i am getting a machine_check_exception 0x000009C. minidump is http://www.megaupload.com/?d=SEM8OV0K if you don't mind looking at this one as well. thanks.
     
  6. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    that minidump also shows a memory access error.


    Code:
    SYMBOL_STACK_INDEX:  1
    
    SYMBOL_NAME:  NVENETFD+38f8
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: NVENETFD
    
    [B]IMAGE_NAME:  NVENETFD.sys[/B]
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4253b862
    
    FAILURE_BUCKET_ID:  0xD1_NVENETFD+38f8
    
    BUCKET_ID:  0xD1_NVENETFD+38f8

    Code:
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 3c015da4, memory referenced
    Arg2: 00000002, IRQL
    Arg3: 00000000, value 0 = read operation, 1 = write operation
    Arg4: ba532c49, address which referenced memory
    You appear to be using the same old driver:
    Code:
    1: kd> lmvm NVENETFD
    start    end        module name
    b597f000 b5987300   NVENETFD T (no symbols)           
        Loaded symbol image file: NVENETFD.sys
        Image path: NVENETFD.sys
        Image name: NVENETFD.sys
        Timestamp:        [B]Wed Apr 06 03:22:26 2005[/B] (4253B862)
        CheckSum:         00013877
        ImageSize:        00008300
        Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0





    At this point I recommend updating your driver, because it appears you didn't. I also recommend downloading memtest86+ and giving a few passes at your RAM.
     
  7. Barky

    Barky woof

    Joined:
    Apr 27, 2007
    Messages:
    706
    Likes Received:
    0
    Location:
    Auburn University
    just a quick question, where does the minidump get placed and what program can I use to examine them? This would be useful for me.
     
  8. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    you need windbg from microsoft to extract/analyze them. You also need the debugging symbols from the windows ddk (driver development kit) and you need some other crap that comes with Visual Studio.
     
  9. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
  10. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Why the hell don't Minidumps get processed automatically into something users can understand?
     
  11. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    Good question.

    But if everything was on auto pilot, there would be no need for techs like you now would there.


    :squint:





























    :mamoru:
     
  12. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    techs like deuse want "auto-pilot" because that's the only way they can understand them :mamoru:
     
  13. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    it DOES tell you the offending module. Dumps include other things that can be useful to diagnose WHY it happened, and to help developers fix their product. Minidumps are very minimal. You can actually have it dump the contents of your system memory and that can be very useful.
     
  14. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    I think he meant without having to use a symbol package or debugging tool.
     
  15. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    It DOES tell you without having to use a symbol package!!!

    Ever get this message???

    [​IMG]

    [​IMG]
     
  16. kronik85

    kronik85 New Member

    Joined:
    Feb 8, 2005
    Messages:
    34,837
    Likes Received:
    0
    Location:
    Deutschland
    i thought it was my ram in the past, and ran some memtests. i'll give memtest86+ a shot.
     
  17. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    You don't get that at a blue screen, though.
     

Share This Page