Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

RE: two machines, same DMP file, different results -- why ?

OSR_Community_UserOSR_Community_User Member Posts: 110,217
The PEB (Process Environment Block) is part of the process that contains
subsystem-specific information. It is in pageable memory and if not
accessed frequently enough, it will be paged out.

I cannot imagine that this is significant to the problem you are observing.

Are the dumps files local to the machines or on a network share?

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
?
Hope to see you at the next OSR file systems class March 11, 2002 in Boston!


-----Original Message-----
From: Pennenga, Richard J (Rich) [mailto:[email protected]]
Sent: Thursday, February 21, 2002 4:12 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different results - why ?

Note: do you think the "PEB is paged out" warning is significant?

> -----Original Message-----
> From: Tony Mason [mailto:[email protected]]
> Sent: Thursday, February 21, 2002 4:16 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: two machines, same DMP file, different results -
> why ?
>
>
> Did you try using "!sym noisy" to see where each machine is
> loading symbols
> from? That often tells you what is different between them - access
> problems, slightly different path spellings, etc.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
> ?
> Hope to see you at the next OSR file systems class March 11,
> 2002 in Boston!
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Thursday, February 21, 2002 11:12 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] two machines, same DMP file, different
> results - why?
>
> I have two W2K machines that i'm using to analyze
> Dr.Watson-generated .DMP
> files. Problem is, one gets symbolic information and the
> other doesn't.
>
> I have the same on both machines:
>
> ** a particular dump file that i have copied to both machines.
>
> ** the .EXE and .DLL where the exception occurred
>
> ** the same version of Windbg (4.00.0018) installed on both (i just
> reinstalled both of them in the past two days)
>
> I don't know what else to look at, but there's **something**
> different
> between the two because i get different behavior!! I'm including the
> initial output text of Windbg below - a block of lines for
> each machine.
>
> Note that i get 'better' output for SYSTEST, and 'worse' output for
> LAPTOP.
>
> Please make a suggestion as to what i should change, or what
> i'm doing
> wrong!!! Thanks.
>
> i
> r h
> c Pennenga, Avaya, Inc.
>
>
>
> ------------------- machine SYSTEST begin
> Symbol search path is: I:\lib\dumps\020215systestdrwatson
>
> Loading Dump File
> [I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
> User Dump File: Only application data is available
>
> Loaded dbghelp extension DLL
> Loaded ext extension DLL
> Loaded uext extension DLL
> Loaded ntsdexts extension DLL
>
> Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Windows NT 4 Version 1381 UP Free x86 compatible
> System Uptime: not available
> Symbol search path is: I:\lib\dumps\020215systestdrwatson
> Executable search path is:
> WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
> WARNING: 7ffd4000 does not appear to be the right TEB
> ................................
> Access violation - code c0000005 (!!! second chance !!!)
> eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> edi=000a0000
> eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> ei pl nz na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000206
> *** WARNING: Unable to verify checksum for
> g3pd!classificationOf+12:
> 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> ds:0023:00000006=??
> *** ERROR: Symbol file could not be found. Defaulted to
> export symbols for
> KERNEL32.dll -
> ------------------- end SYSTEST
> ------------------- machine LAPTOP begin
> Symbol search path is: c:\work\dumps\020215systestdrwatson
>
> Loading Dump File
> [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
> User Dump File: Only application data is available
>
> Loaded dbghelp extension DLL
> Loaded ext extension DLL
> Loaded uext extension DLL
> Loaded ntsdexts extension DLL
>
> Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Windows NT 4 Version 1381 UP Free x86 compatible
> System Uptime: not available
> Symbol search path is: c:\work\dumps\020215systestdrwatson
> Executable search path is:
> WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
> WARNING: 7ffde000 does not appear to be a TEB
> PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
> Access violation - code c0000005 (!!! second chance !!!)
> eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> edi=000a0000
> eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> ei pl nz na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000206
> 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> ds:0023:00000006=??
> 0:046> .reload
> PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
> ------------------- end LAPTOP
>
> ---
> You are currently subscribed to windbg as: [email protected]
> To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
>
> ---
> You are currently subscribed to windbg as: [email protected]
> To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
>

---
You are currently subscribed to windbg as: [email protected]
To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com

---
You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online