Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

two machines, same DMP file, different results - why?

OSR_Community_UserOSR_Community_User Member Posts: 110,217
I have two W2K machines that i'm using to analyze Dr.Watson-generated .DMP
files. Problem is, one gets symbolic information and the other doesn't.

I have the same on both machines:

** a particular dump file that i have copied to both machines.

** the .EXE and .DLL where the exception occurred

** the same version of Windbg (4.00.0018) installed on both (i just
reinstalled both of them in the past two days)

I don't know what else to look at, but there's **something** different
between the two because i get different behavior!! I'm including the
initial output text of Windbg below - a block of lines for each machine.

Note that i get 'better' output for SYSTEST, and 'worse' output for
LAPTOP.

Please make a suggestion as to what i should change, or what i'm doing
wrong!!! Thanks.

i
r h
c Pennenga, Avaya, Inc.



------------------- machine SYSTEST begin
Symbol search path is: I:\lib\dumps\020215systestdrwatson

Loading Dump File
[I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
User Dump File: Only application data is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded uext extension DLL
Loaded ntsdexts extension DLL

Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
Copyright (c) Microsoft Corporation. All rights reserved.

Windows NT 4 Version 1381 UP Free x86 compatible
System Uptime: not available
Symbol search path is: I:\lib\dumps\020215systestdrwatson
Executable search path is:
WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
WARNING: 7ffd4000 does not appear to be the right TEB
................................
Access violation - code c0000005 (!!! second chance !!!)
eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
edi=000a0000
eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
*** WARNING: Unable to verify checksum for
g3pd!classificationOf+12:
03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
ds:0023:00000006=??
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
KERNEL32.dll -
------------------- end SYSTEST
------------------- machine LAPTOP begin
Symbol search path is: c:\work\dumps\020215systestdrwatson

Loading Dump File
[C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
User Dump File: Only application data is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded uext extension DLL
Loaded ntsdexts extension DLL

Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
Copyright (c) Microsoft Corporation. All rights reserved.

Windows NT 4 Version 1381 UP Free x86 compatible
System Uptime: not available
Symbol search path is: c:\work\dumps\020215systestdrwatson
Executable search path is:
WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
WARNING: 7ffde000 does not appear to be a TEB
PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
Access violation - code c0000005 (!!! second chance !!!)
eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
edi=000a0000
eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
ds:0023:00000006=??
0:046> .reload
PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
------------------- end LAPTOP

---
You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online