Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

RE: two machines, same DMP file, different results - why ?

OSR_Community_UserOSR_Community_User Member Posts: 110,217
> -----Original Message-----
> From: Tony Mason [mailto:[email protected]]
> Sent: Thursday, February 21, 2002 4:23 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: two machines, same DMP file, different results -
> why ?
>
>
> The PEB (Process Environment Block) is part of the process
> that contains
> subsystem-specific information. It is in pageable memory and if not
> accessed frequently enough, it will be paged out.
>
> I cannot imagine that this is significant to the problem you
> are observing.
>
> Are the dumps files local to the machines or on a network share?
>

No, in both cases they are in a local directory. Below is the output
when i try 'sym noisy' and turn verbose on, and then try to reload; note
that it *resolutely complains* about the PEB being paged out.

Thanks for chipping in so far. Any other thoughts?








Symbol search path is: c:\work\dumps\020215systestdrwatson

Loading Dump File
[C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
User Dump File: Only application data is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded uext extension DLL
Loaded ntsdexts extension DLL

Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
Copyright (c) Microsoft Corporation. All rights reserved.

Windows NT 4 Version 1381 UP Free x86 compatible
System Uptime: not available
Symbol search path is: c:\work\dumps\020215systestdrwatson
Executable search path is:
WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
WARNING: 7ffde000 does not appear to be a TEB
PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
Access violation - code c0000005 (!!! second chance !!!)
eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
edi=000a0000
eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up ei pl nz na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
ds:0023:00000006=??
Verbose mode ON.
0:046> .reload
PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
0:046> !sym noisy
Noisy mode on.
0:046> .reload
PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details



>
> -----Original Message-----
> From: Pennenga, Richard J (Rich) [mailto:[email protected]]
> Sent: Thursday, February 21, 2002 4:12 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: two machines, same DMP file, different
> results - why ?
>
> Note: do you think the "PEB is paged out" warning is significant?
>
> > -----Original Message-----
> > From: Tony Mason [mailto:[email protected]]
> > Sent: Thursday, February 21, 2002 4:16 PM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] RE: two machines, same DMP file,
> different results -
> > why ?
> >
> >
> > Did you try using "!sym noisy" to see where each machine is
> > loading symbols
> > from? That often tells you what is different between them - access
> > problems, slightly different path spellings, etc.
> >
> > Regards,
> >
> > Tony
> >
> > Tony Mason
> > Consulting Partner
> > OSR Open Systems Resources, Inc.
> > http://www.osr.com
> > ?
> > Hope to see you at the next OSR file systems class March 11,
> > 2002 in Boston!
> >
> >
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]]
> > Sent: Thursday, February 21, 2002 11:12 AM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] two machines, same DMP file, different
> > results - why?
> >
> > I have two W2K machines that i'm using to analyze
> > Dr.Watson-generated .DMP
> > files. Problem is, one gets symbolic information and the
> > other doesn't.
> >
> > I have the same on both machines:
> >
> > ** a particular dump file that i have copied to both machines.
> >
> > ** the .EXE and .DLL where the exception occurred
> >
> > ** the same version of Windbg (4.00.0018) installed on both (i just
> > reinstalled both of them in the past two days)
> >
> > I don't know what else to look at, but there's **something**
> > different
> > between the two because i get different behavior!! I'm
> including the
> > initial output text of Windbg below - a block of lines for
> > each machine.
> >
> > Note that i get 'better' output for SYSTEST, and 'worse' output for
> > LAPTOP.
> >
> > Please make a suggestion as to what i should change, or what
> > i'm doing
> > wrong!!! Thanks.
> >
> > i
> > r h
> > c Pennenga, Avaya, Inc.
> >
> >
> >
> > ------------------- machine SYSTEST begin
> > Symbol search path is: I:\lib\dumps\020215systestdrwatson
> >
> > Loading Dump File
> > [I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
> > User Dump File: Only application data is available
> >
> > Loaded dbghelp extension DLL
> > Loaded ext extension DLL
> > Loaded uext extension DLL
> > Loaded ntsdexts extension DLL
> >
> > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> > Copyright (c) Microsoft Corporation. All rights reserved.
> >
> > Windows NT 4 Version 1381 UP Free x86 compatible
> > System Uptime: not available
> > Symbol search path is: I:\lib\dumps\020215systestdrwatson
> > Executable search path is:
> > WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
> > WARNING: 7ffd4000 does not appear to be the right TEB
> > ................................
> > Access violation - code c0000005 (!!! second chance !!!)
> > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> > edi=000a0000
> > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> > ei pl nz na po
> > nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> > efl=00000206
> > *** WARNING: Unable to verify checksum for
> > g3pd!classificationOf+12:
> > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> > ds:0023:00000006=??
> > *** ERROR: Symbol file could not be found. Defaulted to
> > export symbols for
> > KERNEL32.dll -
> > ------------------- end SYSTEST
> > ------------------- machine LAPTOP begin
> > Symbol search path is: c:\work\dumps\020215systestdrwatson
> >
> > Loading Dump File
> > [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
> > User Dump File: Only application data is available
> >
> > Loaded dbghelp extension DLL
> > Loaded ext extension DLL
> > Loaded uext extension DLL
> > Loaded ntsdexts extension DLL
> >
> > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> > Copyright (c) Microsoft Corporation. All rights reserved.
> >
> > Windows NT 4 Version 1381 UP Free x86 compatible
> > System Uptime: not available
> > Symbol search path is: c:\work\dumps\020215systestdrwatson
> > Executable search path is:
> > WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
> > WARNING: 7ffde000 does not appear to be a TEB
> > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
> > Access violation - code c0000005 (!!! second chance !!!)
> > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> > edi=000a0000
> > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> > ei pl nz na po
> > nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> > efl=00000206
> > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> > ds:0023:00000006=??
> > 0:046> .reload
> > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
> > ------------------- end LAPTOP
> >
> > ---
> > You are currently subscribed to windbg as: [email protected]
> > To unsubscribe send a blank email to
> leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
> >
> > ---
> > You are currently subscribed to windbg as: [email protected]
> > To unsubscribe send a blank email to
> leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
> >
>
> ---
> You are currently subscribed to windbg as: [email protected]
> To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
>
> ---
> You are currently subscribed to windbg as: [email protected]
> To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
>

---
You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com

Comments

  • Nathan_NesbitNathan_Nesbit Member Posts: 194
    Turn on sym noisy with -n on the command line so you can see the what is going on when the dump is initially loaded.

    In general I don't trust debugger error messages until you have correct symbols being loaded. Bad symbols means the debugger may not have enough information to give you an accurate error message.

    In this paricular case I see that the dump is from NT4. Some versions of Dr Watson with NT4 had some bugs that resulted in corrupt dumps. Sorry but I don't know versions. If you are running SP6 then I think you are fine.

    In general I recommend using the debugger to create the dump. It is quite easy to setup the debugger to create dumps like Dr Watson does after the debuggers are installed on a machine.

    As far as different results on different machines means that 1 is likely getting good symbols and the other not. All instances of this I've seen is where the debugger was picking up a symbol/image on the machine that wasn't expected to pickup. Noisy symbol loading quickly identifies such cases.


    -----Original Message-----
    From: Pennenga, Richard J (Rich) [mailto:[email protected]]
    Sent: Thursday, February 21, 2002 1:27 PM
    To: Kernel Debugging Interest List
    Subject: [windbg] RE: two machines, same DMP file, different results - why ?




    > -----Original Message-----
    > From: Tony Mason [mailto:[email protected]]
    > Sent: Thursday, February 21, 2002 4:23 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: two machines, same DMP file, different results -
    > why ?
    >
    >
    > The PEB (Process Environment Block) is part of the process
    > that contains
    > subsystem-specific information. It is in pageable memory and if not
    > accessed frequently enough, it will be paged out.
    >
    > I cannot imagine that this is significant to the problem you
    > are observing.
    >
    > Are the dumps files local to the machines or on a network share?
    >

    No, in both cases they are in a local directory. Below is the output when i try 'sym noisy' and turn verbose on, and then try to reload; note that it *resolutely complains* about the PEB being paged out.

    Thanks for chipping in so far. Any other thoughts?








    Symbol search path is: c:\work\dumps\020215systestdrwatson

    Loading Dump File [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
    User Dump File: Only application data is available

    Loaded dbghelp extension DLL
    Loaded ext extension DLL
    Loaded uext extension DLL
    Loaded ntsdexts extension DLL

    Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0 Copyright (c) Microsoft Corporation. All rights reserved.

    Windows NT 4 Version 1381 UP Free x86 compatible
    System Uptime: not available
    Symbol search path is: c:\work\dumps\020215systestdrwatson
    Executable search path is:
    WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
    WARNING: 7ffde000 does not appear to be a TEB
    PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details Access violation - code c0000005 (!!! second chance !!!) eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540 edi=000a0000
    eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up ei pl nz na
    po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
    03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
    ds:0023:00000006=??
    Verbose mode ON.
    0:046> .reload
    PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details 0:046> !sym noisy Noisy mode on. 0:046> .reload PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details



    >
    > -----Original Message-----
    > From: Pennenga, Richard J (Rich) [mailto:[email protected]]
    > Sent: Thursday, February 21, 2002 4:12 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: two machines, same DMP file, different
    > results - why ?
    >
    > Note: do you think the "PEB is paged out" warning is significant?
    >
    > > -----Original Message-----
    > > From: Tony Mason [mailto:[email protected]]
    > > Sent: Thursday, February 21, 2002 4:16 PM
    > > To: Kernel Debugging Interest List
    > > Subject: [windbg] RE: two machines, same DMP file,
    > different results -
    > > why ?
    > >
    > >
    > > Did you try using "!sym noisy" to see where each machine is
    > > loading symbols
    > > from? That often tells you what is different between them - access
    > > problems, slightly different path spellings, etc.
    > >
    > > Regards,
    > >
    > > Tony
    > >
    > > Tony Mason
    > > Consulting Partner
    > > OSR Open Systems Resources, Inc.
    > > http://www.osr.com
    > > ?
    > > Hope to see you at the next OSR file systems class March 11,
    > > 2002 in Boston!
    > >
    > >
    > > -----Original Message-----
    > > From: [email protected] [mailto:[email protected]]
    > > Sent: Thursday, February 21, 2002 11:12 AM
    > > To: Kernel Debugging Interest List
    > > Subject: [windbg] two machines, same DMP file, different
    > > results - why?
    > >
    > > I have two W2K machines that i'm using to analyze
    > > Dr.Watson-generated .DMP
    > > files. Problem is, one gets symbolic information and the
    > > other doesn't.
    > >
    > > I have the same on both machines:
    > >
    > > ** a particular dump file that i have copied to both machines.
    > >
    > > ** the .EXE and .DLL where the exception occurred
    > >
    > > ** the same version of Windbg (4.00.0018) installed on both (i just
    > > reinstalled both of them in the past two days)
    > >
    > > I don't know what else to look at, but there's **something**
    > > different
    > > between the two because i get different behavior!! I'm
    > including the
    > > initial output text of Windbg below - a block of lines for
    > > each machine.
    > >
    > > Note that i get 'better' output for SYSTEST, and 'worse' output for
    > > LAPTOP.
    > >
    > > Please make a suggestion as to what i should change, or what
    > > i'm doing
    > > wrong!!! Thanks.
    > >
    > > i
    > > r h
    > > c Pennenga, Avaya, Inc.
    > >
    > >
    > >
    > > ------------------- machine SYSTEST begin
    > > Symbol search path is: I:\lib\dumps\020215systestdrwatson
    > >
    > > Loading Dump File
    > > [I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
    > > User Dump File: Only application data is available
    > >
    > > Loaded dbghelp extension DLL
    > > Loaded ext extension DLL
    > > Loaded uext extension DLL
    > > Loaded ntsdexts extension DLL
    > >
    > > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
    > > Copyright (c) Microsoft Corporation. All rights reserved.
    > >
    > > Windows NT 4 Version 1381 UP Free x86 compatible
    > > System Uptime: not available
    > > Symbol search path is: I:\lib\dumps\020215systestdrwatson
    > > Executable search path is:
    > > WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
    > > WARNING: 7ffd4000 does not appear to be the right TEB
    > > ................................
    > > Access violation - code c0000005 (!!! second chance !!!)
    > > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
    > > edi=000a0000
    > > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
    > > ei pl nz na po
    > > nc
    > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    > > efl=00000206
    > > *** WARNING: Unable to verify checksum for
    > > g3pd!classificationOf+12:
    > > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
    > > ds:0023:00000006=??
    > > *** ERROR: Symbol file could not be found. Defaulted to
    > > export symbols for
    > > KERNEL32.dll -
    > > ------------------- end SYSTEST
    > > ------------------- machine LAPTOP begin
    > > Symbol search path is: c:\work\dumps\020215systestdrwatson
    > >
    > > Loading Dump File
    > > [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
    > > User Dump File: Only application data is available
    > >
    > > Loaded dbghelp extension DLL
    > > Loaded ext extension DLL
    > > Loaded uext extension DLL
    > > Loaded ntsdexts extension DLL
    > >
    > > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
    > > Copyright (c) Microsoft Corporation. All rights reserved.
    > >
    > > Windows NT 4 Version 1381 UP Free x86 compatible
    > > System Uptime: not available
    > > Symbol search path is: c:\work\dumps\020215systestdrwatson
    > > Executable search path is:
    > > WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
    > > WARNING: 7ffde000 does not appear to be a TEB
    > > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
    > > Access violation - code c0000005 (!!! second chance !!!)
    > > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
    > > edi=000a0000
    > > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
    > > ei pl nz na po
    > > nc
    > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    > > efl=00000206
    > > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
    > > ds:0023:00000006=??
    > > 0:046> .reload
    > > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
    > > ------------------- end LAPTOP
    > >
    > > ---
    > > You are currently subscribed to windbg as: [email protected]
    > > To unsubscribe send a blank email to
    > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    > >
    > > ---
    > > You are currently subscribed to windbg as: [email protected] To
    > > unsubscribe send a blank email to
    > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    > >
    >
    > ---
    > You are currently subscribed to windbg as: [email protected]
    > To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    >
    > ---
    > You are currently subscribed to windbg as: [email protected]
    > To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    >

    ---
    You are currently subscribed to windbg as: [email protected] To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com

    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Adding the -n argument gives me exactly the same initial (and
    subsequent) output. IMHO the debugger in the 'bad' case is getting
    stuck early in the process & gagging.... hope someone can help. Thanks.

    > -----Original Message-----
    > From: Nathan Nesbit [mailto:[email protected]]
    > Sent: Thursday, February 21, 2002 5:03 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: two machines, same DMP file, different results -
    > why ?
    >
    >
    > Turn on sym noisy with -n on the command line so you can see
    > the what is going on when the dump is initially loaded.
    >
    > In general I don't trust debugger error messages until you
    > have correct symbols being loaded. Bad symbols means the
    > debugger may not have enough information to give you an
    > accurate error message.
    >
    > In this paricular case I see that the dump is from NT4. Some
    > versions of Dr Watson with NT4 had some bugs that resulted in
    > corrupt dumps. Sorry but I don't know versions. If you are
    > running SP6 then I think you are fine.
    >
    > In general I recommend using the debugger to create the dump.
    > It is quite easy to setup the debugger to create dumps like
    > Dr Watson does after the debuggers are installed on a machine.
    >
    > As far as different results on different machines means that
    > 1 is likely getting good symbols and the other not. All
    > instances of this I've seen is where the debugger was picking
    > up a symbol/image on the machine that wasn't expected to
    > pickup. Noisy symbol loading quickly identifies such cases.
    >
    >
    > -----Original Message-----
    > From: Pennenga, Richard J (Rich) [mailto:[email protected]]
    > Sent: Thursday, February 21, 2002 1:27 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: two machines, same DMP file, different
    > results - why ?
    >
    >
    >
    >
    > > -----Original Message-----
    > > From: Tony Mason [mailto:[email protected]]
    > > Sent: Thursday, February 21, 2002 4:23 PM
    > > To: Kernel Debugging Interest List
    > > Subject: [windbg] RE: two machines, same DMP file,
    > different results -
    > > why ?
    > >
    > >
    > > The PEB (Process Environment Block) is part of the process
    > > that contains
    > > subsystem-specific information. It is in pageable memory and if not
    > > accessed frequently enough, it will be paged out.
    > >
    > > I cannot imagine that this is significant to the problem you
    > > are observing.
    > >
    > > Are the dumps files local to the machines or on a network share?
    > >
    >
    > No, in both cases they are in a local directory. Below is
    > the output when i try 'sym noisy' and turn verbose on, and
    > then try to reload; note that it *resolutely complains* about
    > the PEB being paged out.
    >
    > Thanks for chipping in so far. Any other thoughts?
    >
    >
    >
    >
    >
    >
    >
    >
    > Symbol search path is: c:\work\dumps\020215systestdrwatson
    >
    > Loading Dump File
    > [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
    > User Dump File: Only application data is available
    >
    > Loaded dbghelp extension DLL
    > Loaded ext extension DLL
    > Loaded uext extension DLL
    > Loaded ntsdexts extension DLL
    >
    > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
    > Copyright (c) Microsoft Corporation. All rights reserved.
    >
    > Windows NT 4 Version 1381 UP Free x86 compatible
    > System Uptime: not available
    > Symbol search path is: c:\work\dumps\020215systestdrwatson
    > Executable search path is:
    > WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
    > WARNING: 7ffde000 does not appear to be a TEB
    > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for
    > details Access violation - code c0000005 (!!! second chance
    > !!!) eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d
    > esi=04203540 edi=000a0000
    > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
    > ei pl nz na
    > po nc
    > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
    > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
    > ds:0023:00000006=??
    > Verbose mode ON.
    > 0:046> .reload
    > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for
    > details 0:046> !sym noisy Noisy mode on. 0:046> .reload PEB
    > is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001" for details
    >
    >
    >
    > >
    > > -----Original Message-----
    > > From: Pennenga, Richard J (Rich) [mailto:[email protected]]
    > > Sent: Thursday, February 21, 2002 4:12 PM
    > > To: Kernel Debugging Interest List
    > > Subject: [windbg] RE: two machines, same DMP file, different
    > > results - why ?
    > >
    > > Note: do you think the "PEB is paged out" warning is significant?
    > >
    > > > -----Original Message-----
    > > > From: Tony Mason [mailto:[email protected]]
    > > > Sent: Thursday, February 21, 2002 4:16 PM
    > > > To: Kernel Debugging Interest List
    > > > Subject: [windbg] RE: two machines, same DMP file,
    > > different results -
    > > > why ?
    > > >
    > > >
    > > > Did you try using "!sym noisy" to see where each machine is
    > > > loading symbols
    > > > from? That often tells you what is different between
    > them - access
    > > > problems, slightly different path spellings, etc.
    > > >
    > > > Regards,
    > > >
    > > > Tony
    > > >
    > > > Tony Mason
    > > > Consulting Partner
    > > > OSR Open Systems Resources, Inc.
    > > > http://www.osr.com
    > > > ?
    > > > Hope to see you at the next OSR file systems class March 11,
    > > > 2002 in Boston!
    > > >
    > > >
    > > > -----Original Message-----
    > > > From: [email protected] [mailto:[email protected]]
    > > > Sent: Thursday, February 21, 2002 11:12 AM
    > > > To: Kernel Debugging Interest List
    > > > Subject: [windbg] two machines, same DMP file, different
    > > > results - why?
    > > >
    > > > I have two W2K machines that i'm using to analyze
    > > > Dr.Watson-generated .DMP
    > > > files. Problem is, one gets symbolic information and the
    > > > other doesn't.
    > > >
    > > > I have the same on both machines:
    > > >
    > > > ** a particular dump file that i have copied to both machines.
    > > >
    > > > ** the .EXE and .DLL where the exception occurred
    > > >
    > > > ** the same version of Windbg (4.00.0018) installed on
    > both (i just
    > > > reinstalled both of them in the past two days)
    > > >
    > > > I don't know what else to look at, but there's **something**
    > > > different
    > > > between the two because i get different behavior!! I'm
    > > including the
    > > > initial output text of Windbg below - a block of lines for
    > > > each machine.
    > > >
    > > > Note that i get 'better' output for SYSTEST, and 'worse'
    > output for
    > > > LAPTOP.
    > > >
    > > > Please make a suggestion as to what i should change, or what
    > > > i'm doing
    > > > wrong!!! Thanks.
    > > >
    > > > i
    > > > r h
    > > > c Pennenga, Avaya, Inc.
    > > >
    > > >
    > > >
    > > > ------------------- machine SYSTEST begin
    > > > Symbol search path is: I:\lib\dumps\020215systestdrwatson
    > > >
    > > > Loading Dump File
    > > > [I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
    > > > User Dump File: Only application data is available
    > > >
    > > > Loaded dbghelp extension DLL
    > > > Loaded ext extension DLL
    > > > Loaded uext extension DLL
    > > > Loaded ntsdexts extension DLL
    > > >
    > > > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
    > > > Copyright (c) Microsoft Corporation. All rights reserved.
    > > >
    > > > Windows NT 4 Version 1381 UP Free x86 compatible
    > > > System Uptime: not available
    > > > Symbol search path is: I:\lib\dumps\020215systestdrwatson
    > > > Executable search path is:
    > > > WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
    > > > WARNING: 7ffd4000 does not appear to be the right TEB
    > > > ................................
    > > > Access violation - code c0000005 (!!! second chance !!!)
    > > > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
    > > > edi=000a0000
    > > > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
    > > > ei pl nz na po
    > > > nc
    > > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    > > > efl=00000206
    > > > *** WARNING: Unable to verify checksum for
    > > > g3pd!classificationOf+12:
    > > > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
    > > > ds:0023:00000006=??
    > > > *** ERROR: Symbol file could not be found. Defaulted to
    > > > export symbols for
    > > > KERNEL32.dll -
    > > > ------------------- end SYSTEST
    > > > ------------------- machine LAPTOP begin
    > > > Symbol search path is: c:\work\dumps\020215systestdrwatson
    > > >
    > > > Loading Dump File
    > > > [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
    > > > User Dump File: Only application data is available
    > > >
    > > > Loaded dbghelp extension DLL
    > > > Loaded ext extension DLL
    > > > Loaded uext extension DLL
    > > > Loaded ntsdexts extension DLL
    > > >
    > > > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
    > > > Copyright (c) Microsoft Corporation. All rights reserved.
    > > >
    > > > Windows NT 4 Version 1381 UP Free x86 compatible
    > > > System Uptime: not available
    > > > Symbol search path is: c:\work\dumps\020215systestdrwatson
    > > > Executable search path is:
    > > > WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
    > > > WARNING: 7ffde000 does not appear to be a TEB
    > > > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001"
    > for details
    > > > Access violation - code c0000005 (!!! second chance !!!)
    > > > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
    > > > edi=000a0000
    > > > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
    > > > ei pl nz na po
    > > > nc
    > > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
    > > > efl=00000206
    > > > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
    > > > ds:0023:00000006=??
    > > > 0:046> .reload
    > > > PEB is paged out (Peb = 7b09dcdf). Type ".hh dbgerr001"
    > for details
    > > > ------------------- end LAPTOP
    > > >
    > > > ---
    > > > You are currently subscribed to windbg as: [email protected]
    > > > To unsubscribe send a blank email to
    > > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    > > >
    > > > ---
    > > > You are currently subscribed to windbg as: [email protected]com To
    > > > unsubscribe send a blank email to
    > > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    > > >
    > >
    > > ---
    > > You are currently subscribed to windbg as: [email protected]
    > > To unsubscribe send a blank email to
    > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    > >
    > > ---
    > > You are currently subscribed to windbg as: [email protected]
    > > To unsubscribe send a blank email to
    > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    > >
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected] To unsubscribe send a blank email to
    > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    >
    > ---
    > You are currently subscribed to windbg as: [email protected]
    > To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    >

    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    In your initial post, you had 2 different symbol paths on the different
    machines:

    SYSTEST: Symbol search path is: I:\lib\dumps\020215systestdrwatson
    LAPTOP: Symbol search path is: c:\work\dumps\020215systestdrwatson

    is "I" a network drive or something that may be inaccessible (or should
    it be I:\work\dumps)? did you try running 'dumpchk.exe' on both systems
    to make sure the dumpfile didn't get messed up in any way when
    transferring between the two?

    sean



    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    You caught me in a mistake - the path "I:\..." *is* a network path.
    Funny thing is, that's the one that works better!!!

    Also - i noticed that with the system that doesn't get symbolic
    information and complains about the PEB - it does not get help
    information when i use ".hh". Add/Remove Software says i have Windbg
    installed twice (arrg).

    I'm going to try to uninstall/reinstall & get a clean setup before i
    bother the community anymore. If that doesn't fix it, i'll try
    'dumpchk' to see if i corrupted the file.

    I'll let you know if any one of these tactics solves the problem.

    Thanks, all.

    i
    r h
    c

    > -----Original Message-----
    > From: Sean Bullington [mailto:[email protected]]
    > Sent: Thursday, February 21, 2002 5:28 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: two machines, same DMP file, different results -
    > why ?
    >
    >
    > In your initial post, you had 2 different symbol paths on the
    > different
    > machines:
    >
    > SYSTEST: Symbol search path is: I:\lib\dumps\020215systestdrwatson
    > LAPTOP: Symbol search path is: c:\work\dumps\020215systestdrwatson
    >
    > is "I" a network drive or something that may be inaccessible
    > (or should
    > it be I:\work\dumps)? did you try running 'dumpchk.exe' on
    > both systems
    > to make sure the dumpfile didn't get messed up in any way when
    > transferring between the two?
    >
    > sean
    >
    >
    >
    > ---
    > You are currently subscribed to windbg as: [email protected]
    > To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    >

    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online