Analysing crash dumps

NTDEV
1

hi all,

i am trying to analyse a crash dump. the dump was generated on a machine
having nt4 server service pack 6. i have a machine having nt4 workstation
service pack 3. i got the symbol files from the nt distribution cd but
later learn that those .dbg files wont help as i was trying to analyse a
dump generated on a machine with service pack 6. I tried to get the symbol
files for sp6 but was unable to find them. Can someone tell we where to
find them?

Also i would like to know how should i analyse a crash dump because the
address shown in the dump is in the ntoskrnl module
(KMODE_EXCEPTIO_NOT_HANDLED). how can i get to the point in my driver that
caused the problem?

Regards.

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

If you have a fast internet connection you should check out the latest
windbg and the public symbol server at microsoft, as I believe it now
supports the NT4 symbols. Regarding the method for walking back up an
exception stack, this is documented in the windbg documentation. Use
.exr/.cxr/.kb. Better yet, make sure you have the
latest/greatest/super-duper-windbg and run !analyze -v on your crashdump.
Its all in the 'bag, man.

-----Original Message-----
From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
Sent: Wednesday, January 02, 2002 11:15 PM
To: NT Developers Interest List
Subject: [ntdev] Analysing crash dumps

hi all,

i am trying to analyse a crash dump. the dump was generated
on a machine
having nt4 server service pack 6. i have a machine having nt4
workstation
service pack 3. i got the symbol files from the nt
distribution cd but
later learn that those .dbg files wont help as i was trying
to analyse a
dump generated on a machine with service pack 6. I tried to
get the symbol
files for sp6 but was unable to find them. Can someone tell
we where to
find them?

Also i would like to know how should i analyse a crash dump
because the
address shown in the dump is in the ntoskrnl module
(KMODE_EXCEPTIO_NOT_HANDLED). how can i get to the point in
my driver that
caused the problem?

Regards.

You are currently subscribed to ntdev as:
xxxxx@stratus.com To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

> i am trying to analyse a crash dump. the dump was generated on a machine

having nt4 server service pack 6. i have a machine having nt4 workstation
service pack 3. i got the symbol files from the nt distribution cd but
later learn that those .dbg files wont help as i was trying to analyse a
dump generated on a machine with service pack 6. I tried to get the symbol
files for sp6 but was unable to find them. Can someone tell we where to
find them?

I don’t remember. Probably, try to search MS website. I feel like
I once downloaded sp6 symbols from there…

Also i would like to know how should i analyse a crash dump because the
address shown in the dump is in the ntoskrnl module
(KMODE_EXCEPTIO_NOT_HANDLED). how can i get to the point in my driver that
caused the problem?

That is why you will use the debugger. In most cases, it will show
the call stack. If your error is as simple as, for example, calling
ObDereferenceObject with NULL, your driver’s function that called it
will be on the stack. If you caused damage somewhere earlier, it may
not be so easy. Make sure you use the latest MS debugger from their
website. It has a convenient “!analyzebugcheck -v” command that
you should enter once you opened the dump.

Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

4

Hi mark,

You mention in your email about a public symbol server at Microsoft what
it’s URL ?

Robert Fernando
Anite Telecoms Ltd
110 Fleet Road
Fleet
Hampshire GU51 4BL
United Kingdom
Tel: +44 (0) 1252 775200
Fax: +44 (0) 1252 775 321
Email: xxxxx@anitetelecoms.com

Anite Telecoms Limited Registered in England No. 1721900 Registered
Office: 100 Longwater Avenue, GreenPark, Reading, Berkshire RG2 6GP,
United Kingdom

-----Original Message-----
From: Roddy, Mark [mailto:xxxxx@stratus.com]
Sent: 03 January 2002 13:57
To: NT Developers Interest List
Subject: [ntdev] RE: Analysing crash dumps

If you have a fast internet connection you should check out the latest
windbg and the public symbol server at microsoft, as I believe it now
supports the NT4 symbols. Regarding the method for walking back up an
exception stack, this is documented in the windbg documentation. Use
.exr/.cxr/.kb. Better yet, make sure you have the
latest/greatest/super-duper-windbg and run !analyze -v on your crashdump.
Its all in the 'bag, man.

-----Original Message-----
From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
Sent: Wednesday, January 02, 2002 11:15 PM
To: NT Developers Interest List
Subject: [ntdev] Analysing crash dumps

hi all,

i am trying to analyse a crash dump. the dump was generated
on a machine
having nt4 server service pack 6. i have a machine having nt4
workstation
service pack 3. i got the symbol files from the nt
distribution cd but
later learn that those .dbg files wont help as i was trying
to analyse a
dump generated on a machine with service pack 6. I tried to
get the symbol
files for sp6 but was unable to find them. Can someone tell
we where to
find them?

Also i would like to know how should i analyse a crash dump
because the
address shown in the dump is in the ntoskrnl module
(KMODE_EXCEPTIO_NOT_HANDLED). how can i get to the point in
my driver that
caused the problem?

Regards.

You are currently subscribed to ntdev as:
xxxxx@stratus.com To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@anitetelecoms.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

5

Instructions are here http://www.microsoft.com/ddk/debugging/symbols.asp.

-----Original Message-----
From: Fernando, Robert [mailto:xxxxx@anitetelecoms.com]
Sent: Thursday, January 03, 2002 9:34 AM
To: NT Developers Interest List
Subject: [ntdev] RE: Analysing crash dumps

Hi mark,

You mention in your email about a public symbol server at
Microsoft what it’s URL ?

Robert Fernando
Anite Telecoms Ltd
110 Fleet Road
Fleet
Hampshire GU51 4BL
United Kingdom
Tel: +44 (0) 1252 775200
Fax: +44 (0) 1252 775 321
Email: xxxxx@anitetelecoms.com

Anite Telecoms Limited Registered in England No. 1721900 Registered
Office: 100 Longwater Avenue, GreenPark, Reading, Berkshire
RG2 6GP, United Kingdom

-----Original Message-----
From: Roddy, Mark [mailto:xxxxx@stratus.com]
Sent: 03 January 2002 13:57
To: NT Developers Interest List
Subject: [ntdev] RE: Analysing crash dumps

If you have a fast internet connection you should check out
the latest windbg and the public symbol server at microsoft,
as I believe it now supports the NT4 symbols. Regarding the
method for walking back up an exception stack, this is
documented in the windbg documentation. Use .exr/.cxr/.kb.
Better yet, make sure you have the
latest/greatest/super-duper-windbg and run !analyze -v on
your crashdump. Its all in the 'bag, man.

> -----Original Message-----
> From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
> Sent: Wednesday, January 02, 2002 11:15 PM
> To: NT Developers Interest List
> Subject: [ntdev] Analysing crash dumps
>
>
> hi all,
>
> i am trying to analyse a crash dump. the dump was generated
> on a machine
> having nt4 server service pack 6. i have a machine having nt4
> workstation
> service pack 3. i got the symbol files from the nt
> distribution cd but
> later learn that those .dbg files wont help as i was trying
> to analyse a
> dump generated on a machine with service pack 6. I tried to
> get the symbol
> files for sp6 but was unable to find them. Can someone tell
> we where to
> find them?
>
> Also i would like to know how should i analyse a crash dump
> because the
> address shown in the dump is in the ntoskrnl module
> (KMODE_EXCEPTIO_NOT_HANDLED). how can i get to the point in
> my driver that
> caused the problem?
>
> Regards.
>
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@stratus.com To unsubscribe send a blank email to
> leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

You are currently subscribed to ntdev as:
xxxxx@anitetelecoms.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

6

Look at the WinDbg documentation.

Gary G. Little
Broadband Storage, Inc.
xxxxx@broadstor.com
xxxxx@inland.net
(949) 7372731

-----Original Message-----
From: Fernando, Robert [mailto:xxxxx@anitetelecoms.com]
Sent: Thursday, January 03, 2002 6:34 AM
To: NT Developers Interest List
Subject: [ntdev] RE: Analysing crash dumps

Hi mark,

You mention in your email about a public symbol server at Microsoft what
it’s URL ?

Robert Fernando
Anite Telecoms Ltd
110 Fleet Road
Fleet
Hampshire GU51 4BL
United Kingdom
Tel: +44 (0) 1252 775200
Fax: +44 (0) 1252 775 321
Email: xxxxx@anitetelecoms.com

Anite Telecoms Limited Registered in England No. 1721900 Registered
Office: 100 Longwater Avenue, GreenPark, Reading, Berkshire RG2 6GP,
United Kingdom

-----Original Message-----
From: Roddy, Mark [mailto:xxxxx@stratus.com]
Sent: 03 January 2002 13:57
To: NT Developers Interest List
Subject: [ntdev] RE: Analysing crash dumps

If you have a fast internet connection you should check out the latest
windbg and the public symbol server at microsoft, as I believe it now
supports the NT4 symbols. Regarding the method for walking back up an
exception stack, this is documented in the windbg documentation. Use
.exr/.cxr/.kb. Better yet, make sure you have the
latest/greatest/super-duper-windbg and run !analyze -v on your crashdump.
Its all in the 'bag, man.

-----Original Message-----
From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
Sent: Wednesday, January 02, 2002 11:15 PM
To: NT Developers Interest List
Subject: [ntdev] Analysing crash dumps

hi all,

i am trying to analyse a crash dump. the dump was generated
on a machine
having nt4 server service pack 6. i have a machine having nt4
workstation
service pack 3. i got the symbol files from the nt
distribution cd but
later learn that those .dbg files wont help as i was trying
to analyse a
dump generated on a machine with service pack 6. I tried to
get the symbol
files for sp6 but was unable to find them. Can someone tell
we where to
find them?

Also i would like to know how should i analyse a crash dump
because the
address shown in the dump is in the ntoskrnl module
(KMODE_EXCEPTIO_NOT_HANDLED). how can i get to the point in
my driver that
caused the problem?

Regards.

You are currently subscribed to ntdev as:
xxxxx@stratus.com To unsubscribe send a blank email to
leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@anitetelecoms.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@broadstor.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

7

http://support.microsoft.com/default.aspx?scid=kb;EN-GB;q311503

On Thu, 3 Jan 2002, Fernando, Robert wrote:

Hi mark,

You mention in your email about a public symbol server at Microsoft what
it’s URL ?

Robert Fernando
Anite Telecoms Ltd
110 Fleet Road
Fleet
Hampshire GU51 4BL
United Kingdom
Tel: +44 (0) 1252 775200
Fax: +44 (0) 1252 775 321
Email: xxxxx@anitetelecoms.com

Anite Telecoms Limited Registered in England No. 1721900 Registered
Office: 100 Longwater Avenue, GreenPark, Reading, Berkshire RG2 6GP,
United Kingdom

-----Original Message-----
From: Roddy, Mark [mailto:xxxxx@stratus.com]
Sent: 03 January 2002 13:57
To: NT Developers Interest List
Subject: [ntdev] RE: Analysing crash dumps

If you have a fast internet connection you should check out the latest
windbg and the public symbol server at microsoft, as I believe it now
supports the NT4 symbols. Regarding the method for walking back up an
exception stack, this is documented in the windbg documentation. Use
.exr/.cxr/.kb. Better yet, make sure you have the
latest/greatest/super-duper-windbg and run !analyze -v on your crashdump.
Its all in the 'bag, man.

> -----Original Message-----
> From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
> Sent: Wednesday, January 02, 2002 11:15 PM
> To: NT Developers Interest List
> Subject: [ntdev] Analysing crash dumps
>
>
> hi all,
>
> i am trying to analyse a crash dump. the dump was generated
> on a machine
> having nt4 server service pack 6. i have a machine having nt4
> workstation
> service pack 3. i got the symbol files from the nt
> distribution cd but
> later learn that those .dbg files wont help as i was trying
> to analyse a
> dump generated on a machine with service pack 6. I tried to
> get the symbol
> files for sp6 but was unable to find them. Can someone tell
> we where to
> find them?
>
> Also i would like to know how should i analyse a crash dump
> because the
> address shown in the dump is in the ntoskrnl module
> (KMODE_EXCEPTIO_NOT_HANDLED). how can i get to the point in
> my driver that
> caused the problem?
>
> Regards.
>
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@stratus.com To unsubscribe send a blank email to
> leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

You are currently subscribed to ntdev as: xxxxx@anitetelecoms.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntdev as: xxxxx@inkvine.fluff.org
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


Peter xxxxx@inkvine.fluff.org
http://www.inkvine.fluff.org/~peter/

logic kicks ass:
(1) Horses have an even number of legs.
(2) They have two legs in back and fore legs in front.
(3) This makes a total of six legs, which certainly is an odd number of
legs for a horse.
(4) But the only number that is both odd and even is infinity.
(5) Therefore, horses must have an infinite number of legs.

You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com