problems using windbg

hi all,

i downloaded windbg ver. 4.0.0018.0 recently and installed it on my system
running win2k pro. i wanted to analyse a crash dump generated on win2k pro.
checked build. but every time i open the crash dump file, it says that
“Failure data gathered by the operating system was incomplete. Cannot
proceed …”. I made sure that the target machine completed its dumping
activity and then brought the file for analysis.
Can some one what the problem might be?

Another question: I am searching for symbol files of win2k free and checked
build. Also i want symbol files for nt4 sp6 but i was unable to get them on
the installation CDs. Where can I get them?

Regards.

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

For the first question I don’t know, but for the second one it could be
useful if you go and look at http://www.microsoft.com/ddk/debugging/ ->
“NEW: How to get symbols”.
It works (at least for me).
Wbr Primoz

-----Original Message-----
From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
Sent: Friday, January 04, 2002 7:34 AM
To: Kernel Debugging Interest List
Subject: [windbg] problems using windbg

hi all,

i downloaded windbg ver. 4.0.0018.0 recently and installed it on my system
running win2k pro. i wanted to analyse a crash dump generated on win2k pro.
checked build. but every time i open the crash dump file, it says that
“Failure data gathered by the operating system was incomplete. Cannot
proceed …”. I made sure that the target machine completed its dumping
activity and then brought the file for analysis.
Can some one what the problem might be?

Another question: I am searching for symbol files of win2k free and checked
build. Also i want symbol files for nt4 sp6 but i was unable to get them on
the installation CDs. Where can I get them?

Regards.

You are currently subscribed to windbg as: xxxxx@hermes.si
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

The first means the dump file is corrupt

-----Original Message-----
From: Primoz Beltram [mailto:xxxxx@hermes.si]
Sent: Friday, January 04, 2002 3:52 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: problems using windbg

For the first question I don’t know, but for the second one it could be
useful if you go and look at http://www.microsoft.com/ddk/debugging/ ->
“NEW: How to get symbols”.
It works (at least for me).
Wbr Primoz

-----Original Message-----
From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
Sent: Friday, January 04, 2002 7:34 AM
To: Kernel Debugging Interest List
Subject: [windbg] problems using windbg

hi all,

i downloaded windbg ver. 4.0.0018.0 recently and installed it on my
system
running win2k pro. i wanted to analyse a crash dump generated on win2k
pro.
checked build. but every time i open the crash dump file, it says that
“Failure data gathered by the operating system was incomplete. Cannot
proceed …”. I made sure that the target machine completed its dumping

activity and then brought the file for analysis.
Can some one what the problem might be?

Another question: I am searching for symbol files of win2k free and
checked
build. Also i want symbol files for nt4 sp6 but i was unable to get them
on
the installation CDs. Where can I get them?

Regards.

You are currently subscribed to windbg as: xxxxx@hermes.si To
unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

When the dumping activity is completed, you need to give the system
sometime to finish the copying. You can use dumpchk.exe to verify the
memory.dmp.

Suifun

Primoz Beltram

.si> cc:
Sent by: Subject: [windbg] RE: problems using windbg
xxxxx@lis
ts.osr.com

01/04/2002 03:52 AM
Please respond to
“Kernel Debugging
Interest List”

For the first question I don’t know, but for the second one it could be
useful if you go and look at http://www.microsoft.com/ddk/debugging/ ->
“NEW: How to get symbols”.
It works (at least for me).
Wbr Primoz

-----Original Message-----
From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
Sent: Friday, January 04, 2002 7:34 AM
To: Kernel Debugging Interest List
Subject: [windbg] problems using windbg

hi all,

i downloaded windbg ver. 4.0.0018.0 recently and installed it on my system
running win2k pro. i wanted to analyse a crash dump generated on win2k pro.

checked build. but every time i open the crash dump file, it says that
“Failure data gathered by the operating system was incomplete. Cannot
proceed …”. I made sure that the target machine completed its dumping
activity and then brought the file for analysis.
Can some one what the problem might be?

Another question: I am searching for symbol files of win2k free and checked

build. Also i want symbol files for nt4 sp6 but i was unable to get them on

the installation CDs. Where can I get them?

Regards.

—
You are currently subscribed to windbg as: xxxxx@hermes.si
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to windbg as: suifun@us.ibm.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

I’ve had corrupted dump files under several circumstances - that is,
i’ve had WinDBG tell me that it cannot process my dump file. It gives
different error messages at different times.

o Assuming that i have circumstances under my control - what are
reasons why a dump file can get corrupted?

o More importantly - what kinds of actions can i take to make sure
that dump files are created whole, healthy and ready to be analyzed?

Thanks for whatever insights you can share…

i There’s a Cross |
r h to bridge |
c the Great Divide… |

Rich Pennenga – Voice/Fax (732) 817-5927
Avaya, Rm 2B-530A, 101 Crawfords Corner Road
Holmdel, NJ 07733 – http://www.avaya.com

> -----Original Message-----
> From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
> Sent: Friday, January 04, 2002 12:02 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: problems using windbg
>
>
> The first means the dump file is corrupt
>
> -----Original Message-----
> From: Primoz Beltram [mailto:xxxxx@hermes.si]
> Sent: Friday, January 04, 2002 3:52 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: problems using windbg
>
>
> For the first question I don’t know, but for the second one
> it could be
> useful if you go and look at
> http://www.microsoft.com/ddk/debugging/ ->
> “NEW: How to get symbols”.
> It works (at least for me).
> Wbr Primoz
>
>
> -----Original Message-----
> From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
> Sent: Friday, January 04, 2002 7:34 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] problems using windbg
>
> hi all,
>
> i downloaded windbg ver. 4.0.0018.0 recently and installed it on my
> system
> running win2k pro. i wanted to analyse a crash dump generated on win2k
> pro.
> checked build. but every time i open the crash dump file, it
> says that
> “Failure data gathered by the operating system was incomplete. Cannot
> proceed …”. I made sure that the target machine completed
> its dumping
>
> activity and then brought the file for analysis.
> Can some one what the problem might be?
>
> Another question: I am searching for symbol files of win2k free and
> checked
> build. Also i want symbol files for nt4 sp6 but i was unable
> to get them
> on
> the installation CDs. Where can I get them?
>
> Regards.
>
> —
> You are currently subscribed to windbg as: xxxxx@hermes.si To
> unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to windbg as: xxxxx@microsoft.com To
> unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to windbg as: xxxxx@avaya.com
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

The dump is made when the OS is crashed. This places great restrictions
on what can happen. I don’t understand it completely, but the dev that
owns the dump code assured me that sometimes dumps just can’t be made
completely.

Using storage subsystem off the HCT list has made a difference with some
people. Also make sure the pagefile (on the system drive) is a big
larger in size that physical RAM.

If you can consistently get it to happen then they might be interested
in gathering more information. Send mail to xxxxx@microsoft.com if
this is the case.

-----Original Message-----
From: Pennenga, Richard J (Rich) [mailto:xxxxx@avaya.com]
Sent: Friday, January 04, 2002 1:14 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: problems using windbg

I’ve had corrupted dump files under several circumstances - that is,
i’ve had WinDBG tell me that it cannot process my dump file. It gives
different error messages at different times.

o Assuming that i have circumstances under my control - what are
reasons why a dump file can get corrupted?

o More importantly - what kinds of actions can i take to make sure
that dump files are created whole, healthy and ready to be analyzed?

Thanks for whatever insights you can share…

i There’s a Cross |
r h to bridge |
c the Great Divide… |

Rich Pennenga – Voice/Fax (732) 817-5927
Avaya, Rm 2B-530A, 101 Crawfords Corner Road
Holmdel, NJ 07733 – http://www.avaya.com

> -----Original Message-----
> From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
> Sent: Friday, January 04, 2002 12:02 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: problems using windbg
>
>
> The first means the dump file is corrupt
>
> -----Original Message-----
> From: Primoz Beltram [mailto:xxxxx@hermes.si]
> Sent: Friday, January 04, 2002 3:52 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: problems using windbg
>
>
> For the first question I don’t know, but for the second one
> it could be
> useful if you go and look at
> http://www.microsoft.com/ddk/debugging/ ->
> “NEW: How to get symbols”.
> It works (at least for me).
> Wbr Primoz
>
>
> -----Original Message-----
> From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
> Sent: Friday, January 04, 2002 7:34 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] problems using windbg
>
> hi all,
>
> i downloaded windbg ver. 4.0.0018.0 recently and installed it on my
> system running win2k pro. i wanted to analyse a crash dump generated
> on win2k pro.
> checked build. but every time i open the crash dump file, it
> says that
> “Failure data gathered by the operating system was incomplete. Cannot
> proceed …”. I made sure that the target machine completed
> its dumping
>
> activity and then brought the file for analysis.
> Can some one what the problem might be?
>
> Another question: I am searching for symbol files of win2k free and
> checked build. Also i want symbol files for nt4 sp6 but i was unable
> to get them
> on
> the installation CDs. Where can I get them?
>
> Regards.
>
> —
> You are currently subscribed to windbg as: xxxxx@hermes.si To

> unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to windbg as: xxxxx@microsoft.com To
> unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to windbg as: xxxxx@avaya.com
> To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

—
You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

—
You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

hi all,

i ran the dumpchk utility on my dump file and it said that the file was
good. but still whenever i try to open the file in the debugger, it runs
the !analyse -v command and gives the same error as i had earlier said. any
suggessions are welcome.

Regards.

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

This message means that bugcheck analysis could find absolutely nothing
interesting - like no valid code addresses anywhere on the stack.

The dump file itself is OK, but the data is seriously wrong\bad.
Lots of things can cause this, including a bad DMA operation of bad zero
memory operation that erases larges areas of pool.

If this repros and your driver is on the machine, it’s doing something
really baaaaad, and it relaly needs to be fixed.

I would like to see the full output of !analyze -v along with the output of
“dds esp;dds;dds;dds;dds”

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Hi Andreva,

Thank you for showing interest in the problem.
This is the o/p shown in the debugger for the !analyse -v and dd esp
commands.

----->

Symbol search path is:
symsrv*symsrv.dll*\vikrant\win2ksym;c:\win2000\symbols

Loading Dump File [G:\tryouts\MEMORY.DMP]
Kernel Dump File: Full address space is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded kext extension DLL
Loaded kdextx86 extension DLL

Microsoft (R) Windows Kernel Debugger Version 4.0.0018.0
Copyright (c) Microsoft Corporation. All rights reserved.

Symbol search path is:
symsrv*symsrv.dll*\vikrant\win2ksym;c:\win2000\symbols
Executable search path is:
*** WARNING: symbols timestamp is wrong 0x384d4cfd 0x3975dff1 for
ntoskrnl.exe

KdDebuggerData.Header.OwnerTag is wrong !!!
Windows 2000 Kernel Version 2195 UP Checked x86 compatible
Kernel base = 0x80400000 PsLoadedModuleList = 0x804d5e20
Debug session time: Mon Dec 31 11:30:01 2001
System Uptime: 0 days 0:02:32
KiProcessorBlock[0] could not be read
WaitForEvent failed
Extension called without current PC
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {80000003, 804a5b4f, 2, f443f860}

This problem has a known fix or solution:

The failure data gathered by the operating system was incomplete.
Further analysis of this failure is not possible.

StackTrace failed
kd> dd esp
00000000 ??? ??? ??? ???
00000010 ??? ??? ??? ???
00000020 ??? ??? ??? ???
00000030 ??? ??? ??? ???
00000040 ??? ??? ??? ???
00000050 ??? ??? ??? ???
00000060 ??? ??? ??? ???
00000070 ??? ??? ??? ???

----->

Regards.

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You’re not going to get anywhere with wrong symbols for ntoskrnl

*** WARNING: symbols timestamp is wrong 0x384d4cfd 0x3975dff1 for
ntoskrnl.exe

I bet that once you get the right symbols loaded then this problem of
yours will go away. You should try out the internet symbol server see
http://www.microsoft.com/ddk/debugging for more info.

-----Original Message-----
From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
Sent: Sunday, January 06, 2002 4:59 PM
To: Kernel Debugging Interest List
Subject: [windbg] Re: problems using windbg

Hi Andreva,

Thank you for showing interest in the problem.
This is the o/p shown in the debugger for the !analyse -v and dd esp
commands.

----->

Symbol search path is:
symsrv*symsrv.dll*\vikrant\win2ksym;c:\win2000\symbols

Loading Dump File [G:\tryouts\MEMORY.DMP]
Kernel Dump File: Full address space is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded kext extension DLL
Loaded kdextx86 extension DLL

Microsoft (R) Windows Kernel Debugger Version 4.0.0018.0 Copyright (c)
Microsoft Corporation. All rights reserved.

Symbol search path is:
symsrv*symsrv.dll*\vikrant\win2ksym;c:\win2000\symbols
Executable search path is:
*** WARNING: symbols timestamp is wrong 0x384d4cfd 0x3975dff1 for
ntoskrnl.exe

KdDebuggerData.Header.OwnerTag is wrong !!!
Windows 2000 Kernel Version 2195 UP Checked x86 compatible Kernel base =
0x80400000 PsLoadedModuleList = 0x804d5e20 Debug session time: Mon Dec
31 11:30:01 2001 System Uptime: 0 days 0:02:32
KiProcessorBlock[0] could not be read
WaitForEvent failed
Extension called without current PC
************************************************************************
*******
*

*
* Bugcheck Analysis

*
*

*
************************************************************************
*******

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {80000003, 804a5b4f, 2, f443f860}

This problem has a known fix or solution:

The failure data gathered by the operating system was incomplete.
Further analysis of this failure is not possible.

StackTrace failed
kd> dd esp
00000000 ??? ??? ??? ???
00000010 ??? ??? ??? ???
00000020 ??? ??? ??? ???
00000030 ??? ??? ??? ???
00000040 ??? ??? ??? ???
00000050 ??? ??? ??? ???
00000060 ??? ??? ??? ???
00000070 ??? ??? ??? ???

----->

Regards.

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

hi Nathan,

I got the appropriate symbol files installed and things are working fine.
Thank you for your efforts in looking into the problem.

Regards.

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com