RE: two machines, same DMP file, different results - why ?

WINDBG
1

> -----Original Message-----

From: Tony Mason [mailto:xxxxx@osr.com]
Sent: Thursday, February 21, 2002 4:23 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different results -
why ?

The PEB (Process Environment Block) is part of the process
that contains
subsystem-specific information. It is in pageable memory and if not
accessed frequently enough, it will be paged out.

I cannot imagine that this is significant to the problem you
are observing.

Are the dumps files local to the machines or on a network share?

No, in both cases they are in a local directory. Below is the output
when i try ‘sym noisy’ and turn verbose on, and then try to reload; note
that it *resolutely complains* about the PEB being paged out.

Thanks for chipping in so far. Any other thoughts?

Symbol search path is: c:\work\dumps\020215systestdrwatson

Loading Dump File
[C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
User Dump File: Only application data is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded uext extension DLL
Loaded ntsdexts extension DLL

Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
Copyright (c) Microsoft Corporation. All rights reserved.

Windows NT 4 Version 1381 UP Free x86 compatible
System Uptime: not available
Symbol search path is: c:\work\dumps\020215systestdrwatson
Executable search path is:
WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
WARNING: 7ffde000 does not appear to be a TEB
PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details
Access violation - code c0000005 (!!! second chance !!!)
eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
edi=000a0000
eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up ei pl nz na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
ds:0023:00000006=??
Verbose mode ON.
0:046> .reload
PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details
0:046> !sym noisy
Noisy mode on.
0:046> .reload
PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details

-----Original Message-----
From: Pennenga, Richard J (Rich) [mailto:xxxxx@avaya.com]
Sent: Thursday, February 21, 2002 4:12 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different
results - why ?

Note: do you think the “PEB is paged out” warning is significant?

> -----Original Message-----
> From: Tony Mason [mailto:xxxxx@osr.com]
> Sent: Thursday, February 21, 2002 4:16 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: two machines, same DMP file,
different results -
> why ?
>
>
> Did you try using “!sym noisy” to see where each machine is
> loading symbols
> from? That often tells you what is different between them - access
> problems, slightly different path spellings, etc.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
> ?
> Hope to see you at the next OSR file systems class March 11,
> 2002 in Boston!
>
>
> -----Original Message-----
> From: xxxxx@avaya.com [mailto:xxxxx@avaya.com]
> Sent: Thursday, February 21, 2002 11:12 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] two machines, same DMP file, different
> results - why?
>
> I have two W2K machines that i’m using to analyze
> Dr.Watson-generated .DMP
> files. Problem is, one gets symbolic information and the
> other doesn’t.
>
> I have the same on both machines:
>
> ** a particular dump file that i have copied to both machines.
>
> ** the .EXE and .DLL where the exception occurred
>
> ** the same version of Windbg (4.00.0018) installed on both (i just
> reinstalled both of them in the past two days)
>
> I don’t know what else to look at, but there’s **something**
> different
> between the two because i get different behavior!! I’m
including the
> initial output text of Windbg below - a block of lines for
> each machine.
>
> Note that i get ‘better’ output for SYSTEST, and ‘worse’ output for
> LAPTOP.
>
> Please make a suggestion as to what i should change, or what
> i’m doing
> wrong!!! Thanks.
>
> i
> r h
> c Pennenga, Avaya, Inc.
>
>
>
> ------------------- machine SYSTEST begin
> Symbol search path is: I:\lib\dumps\020215systestdrwatson
>
> Loading Dump File
> [I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
> User Dump File: Only application data is available
>
> Loaded dbghelp extension DLL
> Loaded ext extension DLL
> Loaded uext extension DLL
> Loaded ntsdexts extension DLL
>
> Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Windows NT 4 Version 1381 UP Free x86 compatible
> System Uptime: not available
> Symbol search path is: I:\lib\dumps\020215systestdrwatson
> Executable search path is:
> WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
> WARNING: 7ffd4000 does not appear to be the right TEB
> …
> Access violation - code c0000005 (!!! second chance !!!)
> eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> edi=000a0000
> eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> ei pl nz na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000206
> *** WARNING: Unable to verify checksum for
> g3pd!classificationOf+12:
> 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> ds:0023:00000006=??
> *** ERROR: Symbol file could not be found. Defaulted to
> export symbols for
> KERNEL32.dll -
> ------------------- end SYSTEST
> ------------------- machine LAPTOP begin
> Symbol search path is: c:\work\dumps\020215systestdrwatson
>
> Loading Dump File
> [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
> User Dump File: Only application data is available
>
> Loaded dbghelp extension DLL
> Loaded ext extension DLL
> Loaded uext extension DLL
> Loaded ntsdexts extension DLL
>
> Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Windows NT 4 Version 1381 UP Free x86 compatible
> System Uptime: not available
> Symbol search path is: c:\work\dumps\020215systestdrwatson
> Executable search path is:
> WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
> WARNING: 7ffde000 does not appear to be a TEB
> PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details
> Access violation - code c0000005 (!!! second chance !!!)
> eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> edi=000a0000
> eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> ei pl nz na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000206
> 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> ds:0023:00000006=??
> 0:046> .reload
> PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details
> ------------------- end LAPTOP
>
> —
> You are currently subscribed to windbg as: xxxxx@osr.com
> To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to windbg as: xxxxx@avaya.com
> To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: xxxxx@avaya.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

Turn on sym noisy with -n on the command line so you can see the what is going on when the dump is initially loaded.

In general I don’t trust debugger error messages until you have correct symbols being loaded. Bad symbols means the debugger may not have enough information to give you an accurate error message.

In this paricular case I see that the dump is from NT4. Some versions of Dr Watson with NT4 had some bugs that resulted in corrupt dumps. Sorry but I don’t know versions. If you are running SP6 then I think you are fine.

In general I recommend using the debugger to create the dump. It is quite easy to setup the debugger to create dumps like Dr Watson does after the debuggers are installed on a machine.

As far as different results on different machines means that 1 is likely getting good symbols and the other not. All instances of this I’ve seen is where the debugger was picking up a symbol/image on the machine that wasn’t expected to pickup. Noisy symbol loading quickly identifies such cases.

-----Original Message-----
From: Pennenga, Richard J (Rich) [mailto:xxxxx@avaya.com]
Sent: Thursday, February 21, 2002 1:27 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different results - why ?

-----Original Message-----
From: Tony Mason [mailto:xxxxx@osr.com]
Sent: Thursday, February 21, 2002 4:23 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different results -
why ?

The PEB (Process Environment Block) is part of the process
that contains
subsystem-specific information. It is in pageable memory and if not
accessed frequently enough, it will be paged out.

I cannot imagine that this is significant to the problem you
are observing.

Are the dumps files local to the machines or on a network share?

No, in both cases they are in a local directory. Below is the output when i try ‘sym noisy’ and turn verbose on, and then try to reload; note that it *resolutely complains* about the PEB being paged out.

Thanks for chipping in so far. Any other thoughts?

Symbol search path is: c:\work\dumps\020215systestdrwatson

Loading Dump File [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
User Dump File: Only application data is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded uext extension DLL
Loaded ntsdexts extension DLL

Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0 Copyright (c) Microsoft Corporation. All rights reserved.

Windows NT 4 Version 1381 UP Free x86 compatible
System Uptime: not available
Symbol search path is: c:\work\dumps\020215systestdrwatson
Executable search path is:
WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
WARNING: 7ffde000 does not appear to be a TEB
PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details Access violation - code c0000005 (!!! second chance !!!) eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540 edi=000a0000
eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up ei pl nz na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
ds:0023:00000006=??
Verbose mode ON.
0:046> .reload
PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details 0:046> !sym noisy Noisy mode on. 0:046> .reload PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details

-----Original Message-----
From: Pennenga, Richard J (Rich) [mailto:xxxxx@avaya.com]
Sent: Thursday, February 21, 2002 4:12 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different
results - why ?

Note: do you think the “PEB is paged out” warning is significant?

> -----Original Message-----
> From: Tony Mason [mailto:xxxxx@osr.com]
> Sent: Thursday, February 21, 2002 4:16 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: two machines, same DMP file,
different results -
> why ?
>
>
> Did you try using “!sym noisy” to see where each machine is
> loading symbols
> from? That often tells you what is different between them - access
> problems, slightly different path spellings, etc.
>
> Regards,
>
> Tony
>
> Tony Mason
> Consulting Partner
> OSR Open Systems Resources, Inc.
> http://www.osr.com
> ?
> Hope to see you at the next OSR file systems class March 11,
> 2002 in Boston!
>
>
> -----Original Message-----
> From: xxxxx@avaya.com [mailto:xxxxx@avaya.com]
> Sent: Thursday, February 21, 2002 11:12 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] two machines, same DMP file, different
> results - why?
>
> I have two W2K machines that i’m using to analyze
> Dr.Watson-generated .DMP
> files. Problem is, one gets symbolic information and the
> other doesn’t.
>
> I have the same on both machines:
>
> ** a particular dump file that i have copied to both machines.
>
> ** the .EXE and .DLL where the exception occurred
>
> ** the same version of Windbg (4.00.0018) installed on both (i just
> reinstalled both of them in the past two days)
>
> I don’t know what else to look at, but there’s **something**
> different
> between the two because i get different behavior!! I’m
including the
> initial output text of Windbg below - a block of lines for
> each machine.
>
> Note that i get ‘better’ output for SYSTEST, and ‘worse’ output for
> LAPTOP.
>
> Please make a suggestion as to what i should change, or what
> i’m doing
> wrong!!! Thanks.
>
> i
> r h
> c Pennenga, Avaya, Inc.
>
>
>
> ------------------- machine SYSTEST begin
> Symbol search path is: I:\lib\dumps\020215systestdrwatson
>
> Loading Dump File
> [I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
> User Dump File: Only application data is available
>
> Loaded dbghelp extension DLL
> Loaded ext extension DLL
> Loaded uext extension DLL
> Loaded ntsdexts extension DLL
>
> Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Windows NT 4 Version 1381 UP Free x86 compatible
> System Uptime: not available
> Symbol search path is: I:\lib\dumps\020215systestdrwatson
> Executable search path is:
> WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
> WARNING: 7ffd4000 does not appear to be the right TEB
> …
> Access violation - code c0000005 (!!! second chance !!!)
> eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> edi=000a0000
> eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> ei pl nz na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000206
> *** WARNING: Unable to verify checksum for
> g3pd!classificationOf+12:
> 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> ds:0023:00000006=??
> *** ERROR: Symbol file could not be found. Defaulted to
> export symbols for
> KERNEL32.dll -
> ------------------- end SYSTEST
> ------------------- machine LAPTOP begin
> Symbol search path is: c:\work\dumps\020215systestdrwatson
>
> Loading Dump File
> [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
> User Dump File: Only application data is available
>
> Loaded dbghelp extension DLL
> Loaded ext extension DLL
> Loaded uext extension DLL
> Loaded ntsdexts extension DLL
>
> Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Windows NT 4 Version 1381 UP Free x86 compatible
> System Uptime: not available
> Symbol search path is: c:\work\dumps\020215systestdrwatson
> Executable search path is:
> WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
> WARNING: 7ffde000 does not appear to be a TEB
> PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details
> Access violation - code c0000005 (!!! second chance !!!)
> eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> edi=000a0000
> eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> ei pl nz na po
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000206
> 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> ds:0023:00000006=??
> 0:046> .reload
> PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details
> ------------------- end LAPTOP
>
> —
> You are currently subscribed to windbg as: xxxxx@osr.com
> To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to windbg as: xxxxx@avaya.com To
> unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: xxxxx@avaya.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: xxxxx@microsoft.com To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

Adding the -n argument gives me exactly the same initial (and
subsequent) output. IMHO the debugger in the ‘bad’ case is getting
stuck early in the process & gagging… hope someone can help. Thanks.

-----Original Message-----
From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
Sent: Thursday, February 21, 2002 5:03 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different results -
why ?

Turn on sym noisy with -n on the command line so you can see
the what is going on when the dump is initially loaded.

In general I don’t trust debugger error messages until you
have correct symbols being loaded. Bad symbols means the
debugger may not have enough information to give you an
accurate error message.

In this paricular case I see that the dump is from NT4. Some
versions of Dr Watson with NT4 had some bugs that resulted in
corrupt dumps. Sorry but I don’t know versions. If you are
running SP6 then I think you are fine.

In general I recommend using the debugger to create the dump.
It is quite easy to setup the debugger to create dumps like
Dr Watson does after the debuggers are installed on a machine.

As far as different results on different machines means that
1 is likely getting good symbols and the other not. All
instances of this I’ve seen is where the debugger was picking
up a symbol/image on the machine that wasn’t expected to
pickup. Noisy symbol loading quickly identifies such cases.

-----Original Message-----
From: Pennenga, Richard J (Rich) [mailto:xxxxx@avaya.com]
Sent: Thursday, February 21, 2002 1:27 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different
results - why ?

> -----Original Message-----
> From: Tony Mason [mailto:xxxxx@osr.com]
> Sent: Thursday, February 21, 2002 4:23 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: two machines, same DMP file,
different results -
> why ?
>
>
> The PEB (Process Environment Block) is part of the process
> that contains
> subsystem-specific information. It is in pageable memory and if not
> accessed frequently enough, it will be paged out.
>
> I cannot imagine that this is significant to the problem you
> are observing.
>
> Are the dumps files local to the machines or on a network share?
>

No, in both cases they are in a local directory. Below is
the output when i try ‘sym noisy’ and turn verbose on, and
then try to reload; note that it *resolutely complains* about
the PEB being paged out.

Thanks for chipping in so far. Any other thoughts?

Symbol search path is: c:\work\dumps\020215systestdrwatson

Loading Dump File
[C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
User Dump File: Only application data is available

Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded uext extension DLL
Loaded ntsdexts extension DLL

Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
Copyright (c) Microsoft Corporation. All rights reserved.

Windows NT 4 Version 1381 UP Free x86 compatible
System Uptime: not available
Symbol search path is: c:\work\dumps\020215systestdrwatson
Executable search path is:
WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
WARNING: 7ffde000 does not appear to be a TEB
PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for
details Access violation - code c0000005 (!!! second chance
!!!) eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d
esi=04203540 edi=000a0000
eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
ei pl nz na
po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
ds:0023:00000006=??
Verbose mode ON.
0:046> .reload
PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for
details 0:046> !sym noisy Noisy mode on. 0:046> .reload PEB
is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001” for details

>
> -----Original Message-----
> From: Pennenga, Richard J (Rich) [mailto:xxxxx@avaya.com]
> Sent: Thursday, February 21, 2002 4:12 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: two machines, same DMP file, different
> results - why ?
>
> Note: do you think the “PEB is paged out” warning is significant?
>
> > -----Original Message-----
> > From: Tony Mason [mailto:xxxxx@osr.com]
> > Sent: Thursday, February 21, 2002 4:16 PM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] RE: two machines, same DMP file,
> different results -
> > why ?
> >
> >
> > Did you try using “!sym noisy” to see where each machine is
> > loading symbols
> > from? That often tells you what is different between
them - access
> > problems, slightly different path spellings, etc.
> >
> > Regards,
> >
> > Tony
> >
> > Tony Mason
> > Consulting Partner
> > OSR Open Systems Resources, Inc.
> > http://www.osr.com
> > ?
> > Hope to see you at the next OSR file systems class March 11,
> > 2002 in Boston!
> >
> >
> > -----Original Message-----
> > From: xxxxx@avaya.com [mailto:xxxxx@avaya.com]
> > Sent: Thursday, February 21, 2002 11:12 AM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] two machines, same DMP file, different
> > results - why?
> >
> > I have two W2K machines that i’m using to analyze
> > Dr.Watson-generated .DMP
> > files. Problem is, one gets symbolic information and the
> > other doesn’t.
> >
> > I have the same on both machines:
> >
> > ** a particular dump file that i have copied to both machines.
> >
> > ** the .EXE and .DLL where the exception occurred
> >
> > ** the same version of Windbg (4.00.0018) installed on
both (i just
> > reinstalled both of them in the past two days)
> >
> > I don’t know what else to look at, but there’s **something**
> > different
> > between the two because i get different behavior!! I’m
> including the
> > initial output text of Windbg below - a block of lines for
> > each machine.
> >
> > Note that i get ‘better’ output for SYSTEST, and ‘worse’
output for
> > LAPTOP.
> >
> > Please make a suggestion as to what i should change, or what
> > i’m doing
> > wrong!!! Thanks.
> >
> > i
> > r h
> > c Pennenga, Avaya, Inc.
> >
> >
> >
> > ------------------- machine SYSTEST begin
> > Symbol search path is: I:\lib\dumps\020215systestdrwatson
> >
> > Loading Dump File
> > [I:\lib\dumps\020215systestdrwatson\classificationof_user.dmp]
> > User Dump File: Only application data is available
> >
> > Loaded dbghelp extension DLL
> > Loaded ext extension DLL
> > Loaded uext extension DLL
> > Loaded ntsdexts extension DLL
> >
> > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> > Copyright (c) Microsoft Corporation. All rights reserved.
> >
> > Windows NT 4 Version 1381 UP Free x86 compatible
> > System Uptime: not available
> > Symbol search path is: I:\lib\dumps\020215systestdrwatson
> > Executable search path is:
> > WARNING: Teb 46 pointer is NULL - defaulting to 7ffd4000
> > WARNING: 7ffd4000 does not appear to be the right TEB
> > …
> > Access violation - code c0000005 (!!! second chance !!!)
> > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> > edi=000a0000
> > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> > ei pl nz na po
> > nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> > efl=00000206
> > *** WARNING: Unable to verify checksum for
> > g3pd!classificationOf+12:
> > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> > ds:0023:00000006=??
> > *** ERROR: Symbol file could not be found. Defaulted to
> > export symbols for
> > KERNEL32.dll -
> > ------------------- end SYSTEST
> > ------------------- machine LAPTOP begin
> > Symbol search path is: c:\work\dumps\020215systestdrwatson
> >
> > Loading Dump File
> > [C:\work\dumps\020215systestdrwatson\classificationof_user.dmp]
> > User Dump File: Only application data is available
> >
> > Loaded dbghelp extension DLL
> > Loaded ext extension DLL
> > Loaded uext extension DLL
> > Loaded ntsdexts extension DLL
> >
> > Microsoft (R) Windows User-Mode Debugger Version 4.0.0018.0
> > Copyright (c) Microsoft Corporation. All rights reserved.
> >
> > Windows NT 4 Version 1381 UP Free x86 compatible
> > System Uptime: not available
> > Symbol search path is: c:\work\dumps\020215systestdrwatson
> > Executable search path is:
> > WARNING: Teb 46 pointer is NULL - defaulting to 7ffde000
> > WARNING: 7ffde000 does not appear to be a TEB
> > PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001”
for details
> > Access violation - code c0000005 (!!! second chance !!!)
> > eax=00000006 ebx=04203540 ecx=06c797d8 edx=0000002d esi=04203540
> > edi=000a0000
> > eip=03b9ae22 esp=058af844 ebp=058af890 iopl=0 nv up
> > ei pl nz na po
> > nc
> > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> > efl=00000206
> > 03b9ae22 0fbe08 movsx ecx,byte ptr [eax]
> > ds:0023:00000006=??
> > 0:046> .reload
> > PEB is paged out (Peb = 7b09dcdf). Type “.hh dbgerr001”
for details
> > ------------------- end LAPTOP
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@osr.com
> > To unsubscribe send a blank email to
> leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@avaya.com To
> > unsubscribe send a blank email to
> leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
> >
>
> —
> You are currently subscribed to windbg as: xxxxx@osr.com
> To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to windbg as: xxxxx@avaya.com
> To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

You are currently subscribed to windbg as:
xxxxx@microsoft.com To unsubscribe send a blank email to
leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: xxxxx@avaya.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

4

In your initial post, you had 2 different symbol paths on the different
machines:

SYSTEST: Symbol search path is: I:\lib\dumps\020215systestdrwatson
LAPTOP: Symbol search path is: c:\work\dumps\020215systestdrwatson

is “I” a network drive or something that may be inaccessible (or should
it be I:\work\dumps)? did you try running ‘dumpchk.exe’ on both systems
to make sure the dumpfile didn’t get messed up in any way when
transferring between the two?

sean

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

5

You caught me in a mistake - the path “I:.…” *is* a network path.
Funny thing is, that’s the one that works better!!!

Also - i noticed that with the system that doesn’t get symbolic
information and complains about the PEB - it does not get help
information when i use “.hh”. Add/Remove Software says i have Windbg
installed twice (arrg).

I’m going to try to uninstall/reinstall & get a clean setup before i
bother the community anymore. If that doesn’t fix it, i’ll try
‘dumpchk’ to see if i corrupted the file.

I’ll let you know if any one of these tactics solves the problem.

Thanks, all.

i
r h
c

-----Original Message-----
From: Sean Bullington [mailto:xxxxx@stg.com]
Sent: Thursday, February 21, 2002 5:28 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: two machines, same DMP file, different results -
why ?

In your initial post, you had 2 different symbol paths on the
different
machines:

SYSTEST: Symbol search path is: I:\lib\dumps\020215systestdrwatson
LAPTOP: Symbol search path is: c:\work\dumps\020215systestdrwatson

is “I” a network drive or something that may be inaccessible
(or should
it be I:\work\dumps)? did you try running ‘dumpchk.exe’ on
both systems
to make sure the dumpfile didn’t get messed up in any way when
transferring between the two?

sean

You are currently subscribed to windbg as: xxxxx@avaya.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com