debugging crash dump

NTFSD
1

Hi.
I have been working on driver development (file system filter drivers) for some time. And I have seen a few BSOD. Anytime this happens I have had some problems getting the line in the source code that produced the crash. That has been a lot of work, I have been reproducing the crash and inserting break points, guessing what line in what module is the one I am looking for.
I have heard a lot about kernel debugging techniques. Some people use WinDbg, so I started to play with it a little. I tried “open crash dump” and I get a lot of text output.
What I want to know is if I can use WinDbg to go exactly to the buggy line. And (this a off-topic) I would also like to know if I can use it for user mode application crashes.
Thanks in advance.
Actually, this is an old bug, but I want to be prepared for a future crash.

Here is the text output given by WinDbg:

Thread Create: Process=0, Thread=0
DMKD: Unable to get address of debugger data list
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols loaded)
Could not get address of KiProcessorBlock
Module Unload: C:\WINDOWS\system32\NTOSKRNL.EXE
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols loaded)
Module Load: C:\WINDOWS\system32\HAL.DLL (no symbols loaded)
Module Load: C:\WINDOWS\system32\KDCOM.DLL (symbol loading deferred)
Module Load: C:\WINDOWS\system32\BOOTVID.DLL (symbol loading deferred)
Module Load: ACPI.SYS (symbol loading deferred)
Module Load: WMILIB.SYS (symbol loading deferred)
Module Load: PCI.SYS (symbol loading deferred)
Module Load: ISAPNP.SYS (symbol loading deferred)
Module Load: INTELIDE.SYS (symbol loading deferred)
Module Load: PCIIDEX.SYS (symbol loading deferred)
Module Load: MOUNTMGR.SYS (symbol loading deferred)
Module Load: FTDISK.SYS (symbol loading deferred)
Module Load: DMLOAD.SYS (symbol loading deferred)
Module Load: DMIO.SYS (symbol loading deferred)
Module Load: PARTMGR.SYS (symbol loading deferred)
Module Load: VOLSNAP.SYS (symbol loading deferred)
Module Load: ATAPI.SYS (symbol loading deferred)
Module Load: DISK.SYS (symbol loading deferred)
Module Load: CLASSPNP.SYS (symbol loading deferred)
Module Load: SR.SYS (symbol loading deferred)
Module Load: FILEFIL.SYS (symbol loading deferred)
Module Load: FASTFAT.SYS (symbol loading deferred)
Module Load: KSECDD.SYS (symbol loading deferred)
Module Load: NDIS.SYS (symbol loading deferred)
Module Load: MUP.SYS (symbol loading deferred)
Module Load: AGP440.SYS (symbol loading deferred)
Module Load: SIS300P.SYS (symbol loading deferred)
Module Load: VIDEOPRT.SYS (symbol loading deferred)
Module Load: RTL8139.SYS (symbol loading deferred)
Module Load: CDROM.SYS (symbol loading deferred)
Module Load: REDBOOK.SYS (symbol loading deferred)
Module Load: KS.SYS (symbol loading deferred)
Module Load: USBUHCI.SYS (symbol loading deferred)
Module Load: USBPORT.SYS (symbol loading deferred)
Module Load: AC97INTC.SYS (symbol loading deferred)
Module Load: PORTCLS.SYS (symbol loading deferred)
Module Load: DRMK.SYS (symbol loading deferred)
Module Load: FDC.SYS (symbol loading deferred)
Module Load: SERIAL.SYS (symbol loading deferred)
Module Load: SERENUM.SYS (symbol loading deferred)
Module Load: PARPORT.SYS (symbol loading deferred)
Module Load: I8042PRT.SYS (symbol loading deferred)
Module Load: MOUCLASS.SYS (symbol loading deferred)
Module Load: KBDCLASS.SYS (symbol loading deferred)
Module Load: GAMEENUM.SYS (symbol loading deferred)
Module Load: MSMPU401.SYS (symbol loading deferred)
Module Load: AUDSTUB.SYS (symbol loading deferred)
Module Load: RASL2TP.SYS (symbol loading deferred)
Module Load: NDISTAPI.SYS (symbol loading deferred)
Module Load: NDISWAN.SYS (symbol loading deferred)
Module Load: RASPPPOE.SYS (symbol loading deferred)
Module Load: RASPPTP.SYS (symbol loading deferred)
Module Load: TDI.SYS (symbol loading deferred)
Module Load: PSCHED.SYS (symbol loading deferred)
Module Load: MSGPC.SYS (symbol loading deferred)
Module Load: PTILINK.SYS (symbol loading deferred)
Module Load: RASPTI.SYS (symbol loading deferred)
Module Load: RDPDR.SYS (symbol loading deferred)
Module Load: TERMDD.SYS (symbol loading deferred)
Module Load: SWENUM.SYS (symbol loading deferred)
Module Load: UPDATE.SYS (symbol loading deferred)
Module Load: NDPROXY.SYS (symbol loading deferred)
Module Load: USBHUB.SYS (symbol loading deferred)
Module Load: USBD.SYS (symbol loading deferred)
Module Load: FLPYDISK.SYS (symbol loading deferred)
Module Load: FS_REC.SYS (symbol loading deferred)
Module Load: NULL.SYS (symbol loading deferred)
Module Load: BEEP.SYS (symbol loading deferred)
Module Load: VGA.SYS (symbol loading deferred)
Module Load: MNMDD.SYS (symbol loading deferred)
Module Load: RDPCDD.SYS (symbol loading deferred)
Module Load: FWDRV.SYS (symbol loading deferred)
Module Load: MSFS.SYS (symbol loading deferred)
Module Load: NPFS.SYS (symbol loading deferred)
Module Load: RASACD.SYS (symbol loading deferred)
Module Load: IPSEC.SYS (symbol loading deferred)
Module Load: TCPIP.SYS (symbol loading deferred)
Module Load: NETBT.SYS (symbol loading deferred)
Module Load: NETBIOS.SYS (symbol loading deferred)
Module Load: RDBSS.SYS (symbol loading deferred)
Module Load: PQNTDRV.SYS (symbol loading deferred)
Module Load: MRXSMB.SYS (symbol loading deferred)
Module Load: FIPS.SYS (symbol loading deferred)
Module Load: WANARP.SYS (symbol loading deferred)
Module Load: CDFS.SYS (symbol loading deferred)
Module Load: DUMP_ATAPI.SYS (symbol loading deferred)
Module Load: DUMP_WMILIB.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WIN32K.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WATCHDOG.SYS (symbol loading deferred)
Module Load: DXG.SYS (symbol loading deferred)
Module Load: DXGTHK.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\SIS300V.DLL (symbol loading deferred)
Module Load: AFD.SYS (symbol loading deferred)
Module Load: NDISUIO.SYS (symbol loading deferred)
Module Load: SYSAUDIO.SYS (symbol loading deferred)
Module Load: WDMAUD.SYS (symbol loading deferred)
Module Load: MRXDAV.SYS (symbol loading deferred)
Module Load: PARVDM.SYS (symbol loading deferred)
Module Load: SRV.SYS (symbol loading deferred)
Module Load: USERDUMP.SYS (symbol loading deferred)
Module Load: KMIXER.SYS (symbol loading deferred)
Module Load: DBGV.SYS (symbol loading deferred)
Module Load: SAVMEM.SYS (symbol loading deferred)
Could not get address of KiProcessorBlock
Finished re-loading kernel modules
Kernel Debugger connection established for C:\WINDOWS\MEMORY.DMP
Kernel Version 2600 Free loaded @ ffffffff804d0000
Bugcheck 0000008e : c0000005 f9ff6ce2 f3bb3b48 00000000
Stopped at an unexpected exception: code=80000003 addr=ffffffff804fc1bb
Hard coded breakpoint hit

2

What version of WinDBG are you using?

Yes, you can use WinDBG for user mode application crashes.

Regards,

Tony

Tony Mason

Consulting Partner

OSR Open Systems Resources, Inc.

http://www.osr.com http:

Hope to see you at the next OSR file systems class in Boston, MA,
February 23, 2003!

________________________________

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ratmil Torres
Sent: Wednesday, February 04, 2004 9:53 AM
To: ntfsd redirect
Subject: [ntfsd] debugging crash dump

Hi.

I have been working on driver development (file system filter drivers)
for some time. And I have seen a few BSOD. Anytime this happens I have
had some problems getting the line in the source code that produced the
crash. That has been a lot of work, I have been reproducing the crash
and inserting break points, guessing what line in what module is the one
I am looking for.

I have heard a lot about kernel debugging techniques. Some people use
WinDbg, so I started to play with it a little. I tried “open crash dump”
and I get a lot of text output.

What I want to know is if I can use WinDbg to go exactly to the buggy
line. And (this a off-topic) I would also like to know if I can use it
for user mode application crashes.

Thanks in advance.

Actually, this is an old bug, but I want to be prepared for a future
crash.

Here is the text output given by WinDbg:

Thread Create: Process=0, Thread=0
DMKD: Unable to get address of debugger data list
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols loaded)
Could not get address of KiProcessorBlock
Module Unload: C:\WINDOWS\system32\NTOSKRNL.EXE
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols loaded)
Module Load: C:\WINDOWS\system32\HAL.DLL (no symbols loaded)
Module Load: C:\WINDOWS\system32\KDCOM.DLL (symbol loading deferred)
Module Load: C:\WINDOWS\system32\BOOTVID.DLL (symbol loading deferred)
Module Load: ACPI.SYS (symbol loading deferred)
Module Load: WMILIB.SYS (symbol loading deferred)
Module Load: PCI.SYS (symbol loading deferred)
Module Load: ISAPNP.SYS (symbol loading deferred)
Module Load: INTELIDE.SYS (symbol loading deferred)
Module Load: PCIIDEX.SYS (symbol loading deferred)
Module Load: MOUNTMGR.SYS (symbol loading deferred)
Module Load: FTDISK.SYS (symbol loading deferred)
Module Load: DMLOAD.SYS (symbol loading deferred)
Module Load: DMIO.SYS (symbol loading deferred)
Module Load: PARTMGR.SYS (symbol loading deferred)
Module Load: VOLSNAP.SYS (symbol loading deferred)
Module Load: ATAPI.SYS (symbol loading deferred)
Module Load: DISK.SYS (symbol loading deferred)
Module Load: CLASSPNP.SYS (symbol loading deferred)
Module Load: SR.SYS (symbol loading deferred)
Module Load: FILEFIL.SYS (symbol loading deferred)
Module Load: FASTFAT.SYS (symbol loading deferred)
Module Load: KSECDD.SYS (symbol loading deferred)
Module Load: NDIS.SYS (symbol loading deferred)
Module Load: MUP.SYS (symbol loading deferred)
Module Load: AGP440.SYS (symbol loading deferred)
Module Load: SIS300P.SYS (symbol loading deferred)
Module Load: VIDEOPRT.SYS (symbol loading deferred)
Module Load: RTL8139.SYS (symbol loading deferred)
Module Load: CDROM.SYS (symbol loading deferred)
Module Load: REDBOOK.SYS (symbol loading deferred)
Module Load: KS.SYS (symbol loading deferred)
Module Load: USBUHCI.SYS (symbol loading deferred)
Module Load: USBPORT.SYS (symbol loading deferred)
Module Load: AC97INTC.SYS (symbol loading deferred)
Module Load: PORTCLS.SYS (symbol loading deferred)
Module Load: DRMK.SYS (symbol loading deferred)
Module Load: FDC.SYS (symbol loading deferred)
Module Load: SERIAL.SYS (symbol loading deferred)
Module Load: SERENUM.SYS (symbol loading deferred)
Module Load: PARPORT.SYS (symbol loading deferred)
Module Load: I8042PRT.SYS (symbol loading deferred)
Module Load: MOUCLASS.SYS (symbol loading deferred)
Module Load: KBDCLASS.SYS (symbol loading deferred)
Module Load: GAMEENUM.SYS (symbol loading deferred)
Module Load: MSMPU401.SYS (symbol loading deferred)
Module Load: AUDSTUB.SYS (symbol loading deferred)
Module Load: RASL2TP.SYS (symbol loading deferred)
Module Load: NDISTAPI.SYS (symbol loading deferred)
Module Load: NDISWAN.SYS (symbol loading deferred)
Module Load: RASPPPOE.SYS (symbol loading deferred)
Module Load: RASPPTP.SYS (symbol loading deferred)
Module Load: TDI.SYS (symbol loading deferred)
Module Load: PSCHED.SYS (symbol loading deferred)
Module Load: MSGPC.SYS (symbol loading deferred)
Module Load: PTILINK.SYS (symbol loading deferred)
Module Load: RASPTI.SYS (symbol loading deferred)
Module Load: RDPDR.SYS (symbol loading deferred)
Module Load: TERMDD.SYS (symbol loading deferred)
Module Load: SWENUM.SYS (symbol loading deferred)
Module Load: UPDATE.SYS (symbol loading deferred)
Module Load: NDPROXY.SYS (symbol loading deferred)
Module Load: USBHUB.SYS (symbol loading deferred)
Module Load: USBD.SYS (symbol loading deferred)
Module Load: FLPYDISK.SYS (symbol loading deferred)
Module Load: FS_REC.SYS (symbol loading deferred)
Module Load: NULL.SYS (symbol loading deferred)
Module Load: BEEP.SYS (symbol loading deferred)
Module Load: VGA.SYS (symbol loading deferred)
Module Load: MNMDD.SYS (symbol loading deferred)
Module Load: RDPCDD.SYS (symbol loading deferred)
Module Load: FWDRV.SYS (symbol loading deferred)
Module Load: MSFS.SYS (symbol loading deferred)
Module Load: NPFS.SYS (symbol loading deferred)
Module Load: RASACD.SYS (symbol loading deferred)
Module Load: IPSEC.SYS (symbol loading deferred)
Module Load: TCPIP.SYS (symbol loading deferred)
Module Load: NETBT.SYS (symbol loading deferred)
Module Load: NETBIOS.SYS (symbol loading deferred)
Module Load: RDBSS.SYS (symbol loading deferred)
Module Load: PQNTDRV.SYS (symbol loading deferred)
Module Load: MRXSMB.SYS (symbol loading deferred)
Module Load: FIPS.SYS (symbol loading deferred)
Module Load: WANARP.SYS (symbol loading deferred)
Module Load: CDFS.SYS (symbol loading deferred)
Module Load: DUMP_ATAPI.SYS (symbol loading deferred)
Module Load: DUMP_WMILIB.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WIN32K.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WATCHDOG.SYS (symbol loading deferred)
Module Load: DXG.SYS (symbol loading deferred)
Module Load: DXGTHK.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\SIS300V.DLL (symbol loading deferred)
Module Load: AFD.SYS (symbol loading deferred)
Module Load: NDISUIO.SYS (symbol loading deferred)
Module Load: SYSAUDIO.SYS (symbol loading deferred)
Module Load: WDMAUD.SYS (symbol loading deferred)
Module Load: MRXDAV.SYS (symbol loading deferred)
Module Load: PARVDM.SYS (symbol loading deferred)
Module Load: SRV.SYS (symbol loading deferred)
Module Load: USERDUMP.SYS (symbol loading deferred)
Module Load: KMIXER.SYS (symbol loading deferred)
Module Load: DBGV.SYS (symbol loading deferred)
Module Load: SAVMEM.SYS (symbol loading deferred)
Could not get address of KiProcessorBlock
Finished re-loading kernel modules
Kernel Debugger connection established for C:\WINDOWS\MEMORY.DMP
Kernel Version 2600 Free loaded @ ffffffff804d0000
Bugcheck 0000008e : c0000005 f9ff6ce2 f3bb3b48 00000000
Stopped at an unexpected exception: code=80000003 addr=ffffffff804fc1bb
Hard coded breakpoint hit


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

3

I am using the one that comes with IFS Kit 2000 (or DDK 2000).
Where can I get documentation? Besides WinDbg help.

Thanks.

----- Original Message -----
From: Tony Mason
To: Windows File Systems Devs Interest List
Sent: Wednesday, February 04, 2004 10:21 AM
Subject: RE: [ntfsd] debugging crash dump

What version of WinDBG are you using?

Yes, you can use WinDBG for user mode application crashes.

Regards,

Tony

Tony Mason

Consulting Partner

OSR Open Systems Resources, Inc.

http://www.osr.com

Hope to see you at the next OSR file systems class in Boston, MA, February 23, 2003!

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ratmil Torres
Sent: Wednesday, February 04, 2004 9:53 AM
To: ntfsd redirect
Subject: [ntfsd] debugging crash dump

Hi.

I have been working on driver development (file system filter drivers) for some time. And I have seen a few BSOD. Anytime this happens I have had some problems getting the line in the source code that produced the crash. That has been a lot of work, I have been reproducing the crash and inserting break points, guessing what line in what module is the one I am looking for.

I have heard a lot about kernel debugging techniques. Some people use WinDbg, so I started to play with it a little. I tried “open crash dump” and I get a lot of text output.

What I want to know is if I can use WinDbg to go exactly to the buggy line. And (this a off-topic) I would also like to know if I can use it for user mode application crashes.

Thanks in advance.

Actually, this is an old bug, but I want to be prepared for a future crash.

Here is the text output given by WinDbg:

Thread Create: Process=0, Thread=0
DMKD: Unable to get address of debugger data list
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols loaded)
Could not get address of KiProcessorBlock
Module Unload: C:\WINDOWS\system32\NTOSKRNL.EXE
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols loaded)
Module Load: C:\WINDOWS\system32\HAL.DLL (no symbols loaded)
Module Load: C:\WINDOWS\system32\KDCOM.DLL (symbol loading deferred)
Module Load: C:\WINDOWS\system32\BOOTVID.DLL (symbol loading deferred)
Module Load: ACPI.SYS (symbol loading deferred)
Module Load: WMILIB.SYS (symbol loading deferred)
Module Load: PCI.SYS (symbol loading deferred)
Module Load: ISAPNP.SYS (symbol loading deferred)
Module Load: INTELIDE.SYS (symbol loading deferred)
Module Load: PCIIDEX.SYS (symbol loading deferred)
Module Load: MOUNTMGR.SYS (symbol loading deferred)
Module Load: FTDISK.SYS (symbol loading deferred)
Module Load: DMLOAD.SYS (symbol loading deferred)
Module Load: DMIO.SYS (symbol loading deferred)
Module Load: PARTMGR.SYS (symbol loading deferred)
Module Load: VOLSNAP.SYS (symbol loading deferred)
Module Load: ATAPI.SYS (symbol loading deferred)
Module Load: DISK.SYS (symbol loading deferred)
Module Load: CLASSPNP.SYS (symbol loading deferred)
Module Load: SR.SYS (symbol loading deferred)
Module Load: FILEFIL.SYS (symbol loading deferred)
Module Load: FASTFAT.SYS (symbol loading deferred)
Module Load: KSECDD.SYS (symbol loading deferred)
Module Load: NDIS.SYS (symbol loading deferred)
Module Load: MUP.SYS (symbol loading deferred)
Module Load: AGP440.SYS (symbol loading deferred)
Module Load: SIS300P.SYS (symbol loading deferred)
Module Load: VIDEOPRT.SYS (symbol loading deferred)
Module Load: RTL8139.SYS (symbol loading deferred)
Module Load: CDROM.SYS (symbol loading deferred)
Module Load: REDBOOK.SYS (symbol loading deferred)
Module Load: KS.SYS (symbol loading deferred)
Module Load: USBUHCI.SYS (symbol loading deferred)
Module Load: USBPORT.SYS (symbol loading deferred)
Module Load: AC97INTC.SYS (symbol loading deferred)
Module Load: PORTCLS.SYS (symbol loading deferred)
Module Load: DRMK.SYS (symbol loading deferred)
Module Load: FDC.SYS (symbol loading deferred)
Module Load: SERIAL.SYS (symbol loading deferred)
Module Load: SERENUM.SYS (symbol loading deferred)
Module Load: PARPORT.SYS (symbol loading deferred)
Module Load: I8042PRT.SYS (symbol loading deferred)
Module Load: MOUCLASS.SYS (symbol loading deferred)
Module Load: KBDCLASS.SYS (symbol loading deferred)
Module Load: GAMEENUM.SYS (symbol loading deferred)
Module Load: MSMPU401.SYS (symbol loading deferred)
Module Load: AUDSTUB.SYS (symbol loading deferred)
Module Load: RASL2TP.SYS (symbol loading deferred)
Module Load: NDISTAPI.SYS (symbol loading deferred)
Module Load: NDISWAN.SYS (symbol loading deferred)
Module Load: RASPPPOE.SYS (symbol loading deferred)
Module Load: RASPPTP.SYS (symbol loading deferred)
Module Load: TDI.SYS (symbol loading deferred)
Module Load: PSCHED.SYS (symbol loading deferred)
Module Load: MSGPC.SYS (symbol loading deferred)
Module Load: PTILINK.SYS (symbol loading deferred)
Module Load: RASPTI.SYS (symbol loading deferred)
Module Load: RDPDR.SYS (symbol loading deferred)
Module Load: TERMDD.SYS (symbol loading deferred)
Module Load: SWENUM.SYS (symbol loading deferred)
Module Load: UPDATE.SYS (symbol loading deferred)
Module Load: NDPROXY.SYS (symbol loading deferred)
Module Load: USBHUB.SYS (symbol loading deferred)
Module Load: USBD.SYS (symbol loading deferred)
Module Load: FLPYDISK.SYS (symbol loading deferred)
Module Load: FS_REC.SYS (symbol loading deferred)
Module Load: NULL.SYS (symbol loading deferred)
Module Load: BEEP.SYS (symbol loading deferred)
Module Load: VGA.SYS (symbol loading deferred)
Module Load: MNMDD.SYS (symbol loading deferred)
Module Load: RDPCDD.SYS (symbol loading deferred)
Module Load: FWDRV.SYS (symbol loading deferred)
Module Load: MSFS.SYS (symbol loading deferred)
Module Load: NPFS.SYS (symbol loading deferred)
Module Load: RASACD.SYS (symbol loading deferred)
Module Load: IPSEC.SYS (symbol loading deferred)
Module Load: TCPIP.SYS (symbol loading deferred)
Module Load: NETBT.SYS (symbol loading deferred)
Module Load: NETBIOS.SYS (symbol loading deferred)
Module Load: RDBSS.SYS (symbol loading deferred)
Module Load: PQNTDRV.SYS (symbol loading deferred)
Module Load: MRXSMB.SYS (symbol loading deferred)
Module Load: FIPS.SYS (symbol loading deferred)
Module Load: WANARP.SYS (symbol loading deferred)
Module Load: CDFS.SYS (symbol loading deferred)
Module Load: DUMP_ATAPI.SYS (symbol loading deferred)
Module Load: DUMP_WMILIB.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WIN32K.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WATCHDOG.SYS (symbol loading deferred)
Module Load: DXG.SYS (symbol loading deferred)
Module Load: DXGTHK.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\SIS300V.DLL (symbol loading deferred)
Module Load: AFD.SYS (symbol loading deferred)
Module Load: NDISUIO.SYS (symbol loading deferred)
Module Load: SYSAUDIO.SYS (symbol loading deferred)
Module Load: WDMAUD.SYS (symbol loading deferred)
Module Load: MRXDAV.SYS (symbol loading deferred)
Module Load: PARVDM.SYS (symbol loading deferred)
Module Load: SRV.SYS (symbol loading deferred)
Module Load: USERDUMP.SYS (symbol loading deferred)
Module Load: KMIXER.SYS (symbol loading deferred)
Module Load: DBGV.SYS (symbol loading deferred)
Module Load: SAVMEM.SYS (symbol loading deferred)
Could not get address of KiProcessorBlock
Finished re-loading kernel modules
Kernel Debugger connection established for C:\WINDOWS\MEMORY.DMP
Kernel Version 2600 Free loaded @ ffffffff804d0000
Bugcheck 0000008e : c0000005 f9ff6ce2 f3bb3b48 00000000
Stopped at an unexpected exception: code=80000003 addr=ffffffff804fc1bb
Hard coded breakpoint hit

Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@seg.inf.cu
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

Where’s the windbg-specific mailing list?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Wednesday, February 04, 2004 10:22 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] debugging crash dump

What version of WinDBG are you using?

Yes, you can use WinDBG for user mode application crashes.

Regards,

Tony

Tony Mason

Consulting Partner

OSR Open Systems Resources, Inc.

http://www.osr.com http:

Hope to see you at the next OSR file systems class in Boston,
MA, February 23, 2003!

________________________________

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ratmil Torres
Sent: Wednesday, February 04, 2004 9:53 AM
To: ntfsd redirect
Subject: [ntfsd] debugging crash dump

Hi.

I have been working on driver development (file system filter
drivers) for some time. And I have seen a few BSOD. Anytime this happens
I have had some problems getting the line in the source code that
produced the crash. That has been a lot of work, I have been reproducing
the crash and inserting break points, guessing what line in what module
is the one I am looking for.

I have heard a lot about kernel debugging techniques. Some
people use WinDbg, so I started to play with it a little. I tried “open
crash dump” and I get a lot of text output.

What I want to know is if I can use WinDbg to go exactly to the
buggy line. And (this a off-topic) I would also like to know if I can
use it for user mode application crashes.

Thanks in advance.

Actually, this is an old bug, but I want to be prepared for a
future crash.

Here is the text output given by WinDbg:

Thread Create: Process=0, Thread=0
DMKD: Unable to get address of debugger data list
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols
loaded)
Could not get address of KiProcessorBlock
Module Unload: C:\WINDOWS\system32\NTOSKRNL.EXE
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols
loaded)
Module Load: C:\WINDOWS\system32\HAL.DLL (no symbols loaded)
Module Load: C:\WINDOWS\system32\KDCOM.DLL (symbol loading
deferred)
Module Load: C:\WINDOWS\system32\BOOTVID.DLL (symbol loading
deferred)
Module Load: ACPI.SYS (symbol loading deferred)
Module Load: WMILIB.SYS (symbol loading deferred)
Module Load: PCI.SYS (symbol loading deferred)
Module Load: ISAPNP.SYS (symbol loading deferred)
Module Load: INTELIDE.SYS (symbol loading deferred)
Module Load: PCIIDEX.SYS (symbol loading deferred)
Module Load: MOUNTMGR.SYS (symbol loading deferred)
Module Load: FTDISK.SYS (symbol loading deferred)
Module Load: DMLOAD.SYS (symbol loading deferred)
Module Load: DMIO.SYS (symbol loading deferred)
Module Load: PARTMGR.SYS (symbol loading deferred)
Module Load: VOLSNAP.SYS (symbol loading deferred)
Module Load: ATAPI.SYS (symbol loading deferred)
Module Load: DISK.SYS (symbol loading deferred)
Module Load: CLASSPNP.SYS (symbol loading deferred)
Module Load: SR.SYS (symbol loading deferred)
Module Load: FILEFIL.SYS (symbol loading deferred)
Module Load: FASTFAT.SYS (symbol loading deferred)
Module Load: KSECDD.SYS (symbol loading deferred)
Module Load: NDIS.SYS (symbol loading deferred)
Module Load: MUP.SYS (symbol loading deferred)
Module Load: AGP440.SYS (symbol loading deferred)
Module Load: SIS300P.SYS (symbol loading deferred)
Module Load: VIDEOPRT.SYS (symbol loading deferred)
Module Load: RTL8139.SYS (symbol loading deferred)
Module Load: CDROM.SYS (symbol loading deferred)
Module Load: REDBOOK.SYS (symbol loading deferred)
Module Load: KS.SYS (symbol loading deferred)
Module Load: USBUHCI.SYS (symbol loading deferred)
Module Load: USBPORT.SYS (symbol loading deferred)
Module Load: AC97INTC.SYS (symbol loading deferred)
Module Load: PORTCLS.SYS (symbol loading deferred)
Module Load: DRMK.SYS (symbol loading deferred)
Module Load: FDC.SYS (symbol loading deferred)
Module Load: SERIAL.SYS (symbol loading deferred)
Module Load: SERENUM.SYS (symbol loading deferred)
Module Load: PARPORT.SYS (symbol loading deferred)
Module Load: I8042PRT.SYS (symbol loading deferred)
Module Load: MOUCLASS.SYS (symbol loading deferred)
Module Load: KBDCLASS.SYS (symbol loading deferred)
Module Load: GAMEENUM.SYS (symbol loading deferred)
Module Load: MSMPU401.SYS (symbol loading deferred)
Module Load: AUDSTUB.SYS (symbol loading deferred)
Module Load: RASL2TP.SYS (symbol loading deferred)
Module Load: NDISTAPI.SYS (symbol loading deferred)
Module Load: NDISWAN.SYS (symbol loading deferred)
Module Load: RASPPPOE.SYS (symbol loading deferred)
Module Load: RASPPTP.SYS (symbol loading deferred)
Module Load: TDI.SYS (symbol loading deferred)
Module Load: PSCHED.SYS (symbol loading deferred)
Module Load: MSGPC.SYS (symbol loading deferred)
Module Load: PTILINK.SYS (symbol loading deferred)
Module Load: RASPTI.SYS (symbol loading deferred)
Module Load: RDPDR.SYS (symbol loading deferred)
Module Load: TERMDD.SYS (symbol loading deferred)
Module Load: SWENUM.SYS (symbol loading deferred)
Module Load: UPDATE.SYS (symbol loading deferred)
Module Load: NDPROXY.SYS (symbol loading deferred)
Module Load: USBHUB.SYS (symbol loading deferred)
Module Load: USBD.SYS (symbol loading deferred)
Module Load: FLPYDISK.SYS (symbol loading deferred)
Module Load: FS_REC.SYS (symbol loading deferred)
Module Load: NULL.SYS (symbol loading deferred)
Module Load: BEEP.SYS (symbol loading deferred)
Module Load: VGA.SYS (symbol loading deferred)
Module Load: MNMDD.SYS (symbol loading deferred)
Module Load: RDPCDD.SYS (symbol loading deferred)
Module Load: FWDRV.SYS (symbol loading deferred)
Module Load: MSFS.SYS (symbol loading deferred)
Module Load: NPFS.SYS (symbol loading deferred)
Module Load: RASACD.SYS (symbol loading deferred)
Module Load: IPSEC.SYS (symbol loading deferred)
Module Load: TCPIP.SYS (symbol loading deferred)
Module Load: NETBT.SYS (symbol loading deferred)
Module Load: NETBIOS.SYS (symbol loading deferred)
Module Load: RDBSS.SYS (symbol loading deferred)
Module Load: PQNTDRV.SYS (symbol loading deferred)
Module Load: MRXSMB.SYS (symbol loading deferred)
Module Load: FIPS.SYS (symbol loading deferred)
Module Load: WANARP.SYS (symbol loading deferred)
Module Load: CDFS.SYS (symbol loading deferred)
Module Load: DUMP_ATAPI.SYS (symbol loading deferred)
Module Load: DUMP_WMILIB.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WIN32K.SYS (symbol loading
deferred)
Module Load: C:\WINDOWS\system32\WATCHDOG.SYS (symbol loading
deferred)
Module Load: DXG.SYS (symbol loading deferred)
Module Load: DXGTHK.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\SIS300V.DLL (symbol loading
deferred)
Module Load: AFD.SYS (symbol loading deferred)
Module Load: NDISUIO.SYS (symbol loading deferred)
Module Load: SYSAUDIO.SYS (symbol loading deferred)
Module Load: WDMAUD.SYS (symbol loading deferred)
Module Load: MRXDAV.SYS (symbol loading deferred)
Module Load: PARVDM.SYS (symbol loading deferred)
Module Load: SRV.SYS (symbol loading deferred)
Module Load: USERDUMP.SYS (symbol loading deferred)
Module Load: KMIXER.SYS (symbol loading deferred)
Module Load: DBGV.SYS (symbol loading deferred)
Module Load: SAVMEM.SYS (symbol loading deferred)
Could not get address of KiProcessorBlock
Finished re-loading kernel modules
Kernel Debugger connection established for C:\WINDOWS\MEMORY.DMP
Kernel Version 2600 Free loaded @ ffffffff804d0000
Bugcheck 0000008e : c0000005 f9ff6ce2 f3bb3b48 00000000
Stopped at an unexpected exception: code=80000003
addr=ffffffff804fc1bb
Hard coded breakpoint hit


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to
xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@basistech.com
To unsubscribe send a blank email to
xxxxx@lists.osr.com</http:>

5

That’s what I suspected. That debugger is HORRIBLY old and HORRIBLY
broken. Since that time there have been five major versions. Do
yourself a favor and get the current version - you can download it from
the Microsoft web site (http://www.microsoft.com/whdc/ddk/debugging). I
don’t know what your connection speed is, but even if it takes you a
couple of HOURS to download this version, it will be worth your while.
The debugger is better, the documentation is better, symbol management
is better, and you’ll be able to debug much faster and much better with
it.

Regards,

Tony

Tony Mason

Consulting Partner

OSR Open Systems Resources, Inc.

http://www.osr.com http:

Hope to see you at the next OSR file systems class in Boston, MA,
February 23, 2003!



From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ratmil Torres
Sent: Wednesday, February 04, 2004 10:32 AM
To: ntfsd redirect
Subject: Re: [ntfsd] debugging crash dump

I am using the one that comes with IFS Kit 2000 (or DDK 2000).

Where can I get documentation? Besides WinDbg help.

Thanks.

----- Original Message -----

From: Tony Mason mailto:xxxxx

To: Windows File Systems Devs Interest List
mailto:xxxxx

Sent: Wednesday, February 04, 2004 10:21 AM

Subject: RE: [ntfsd] debugging crash dump

What version of WinDBG are you using?

Yes, you can use WinDBG for user mode application crashes.

Regards,

Tony

Tony Mason

Consulting Partner

OSR Open Systems Resources, Inc.

http://www.osr.com http:

Hope to see you at the next OSR file systems class in Boston,
MA, February 23, 2003!



From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ratmil Torres
Sent: Wednesday, February 04, 2004 9:53 AM
To: ntfsd redirect
Subject: [ntfsd] debugging crash dump

Hi.

I have been working on driver development (file system filter
drivers) for some time. And I have seen a few BSOD. Anytime this happens
I have had some problems getting the line in the source code that
produced the crash. That has been a lot of work, I have been reproducing
the crash and inserting break points, guessing what line in what module
is the one I am looking for.

I have heard a lot about kernel debugging techniques. Some
people use WinDbg, so I started to play with it a little. I tried “open
crash dump” and I get a lot of text output.

What I want to know is if I can use WinDbg to go exactly to the
buggy line. And (this a off-topic) I would also like to know if I can
use it for user mode application crashes.

Thanks in advance.

Actually, this is an old bug, but I want to be prepared for a
future crash.

Here is the text output given by WinDbg:

Thread Create: Process=0, Thread=0
DMKD: Unable to get address of debugger data list
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols
loaded)
Could not get address of KiProcessorBlock
Module Unload: C:\WINDOWS\system32\NTOSKRNL.EXE
Module Load: C:\WINDOWS\system32\NTOSKRNL.EXE (no symbols
loaded)
Module Load: C:\WINDOWS\system32\HAL.DLL (no symbols loaded)
Module Load: C:\WINDOWS\system32\KDCOM.DLL (symbol loading
deferred)
Module Load: C:\WINDOWS\system32\BOOTVID.DLL (symbol loading
deferred)
Module Load: ACPI.SYS (symbol loading deferred)
Module Load: WMILIB.SYS (symbol loading deferred)
Module Load: PCI.SYS (symbol loading deferred)
Module Load: ISAPNP.SYS (symbol loading deferred)
Module Load: INTELIDE.SYS (symbol loading deferred)
Module Load: PCIIDEX.SYS (symbol loading deferred)
Module Load: MOUNTMGR.SYS (symbol loading deferred)
Module Load: FTDISK.SYS (symbol loading deferred)
Module Load: DMLOAD.SYS (symbol loading deferred)
Module Load: DMIO.SYS (symbol loading deferred)
Module Load: PARTMGR.SYS (symbol loading deferred)
Module Load: VOLSNAP.SYS (symbol loading deferred)
Module Load: ATAPI.SYS (symbol loading deferred)
Module Load: DISK.SYS (symbol loading deferred)
Module Load: CLASSPNP.SYS (symbol loading deferred)
Module Load: SR.SYS (symbol loading deferred)
Module Load: FILEFIL.SYS (symbol loading deferred)
Module Load: FASTFAT.SYS (symbol loading deferred)
Module Load: KSECDD.SYS (symbol loading deferred)
Module Load: NDIS.SYS (symbol loading deferred)
Module Load: MUP.SYS (symbol loading deferred)
Module Load: AGP440.SYS (symbol loading deferred)
Module Load: SIS300P.SYS (symbol loading deferred)
Module Load: VIDEOPRT.SYS (symbol loading deferred)
Module Load: RTL8139.SYS (symbol loading deferred)
Module Load: CDROM.SYS (symbol loading deferred)
Module Load: REDBOOK.SYS (symbol loading deferred)
Module Load: KS.SYS (symbol loading deferred)
Module Load: USBUHCI.SYS (symbol loading deferred)
Module Load: USBPORT.SYS (symbol loading deferred)
Module Load: AC97INTC.SYS (symbol loading deferred)
Module Load: PORTCLS.SYS (symbol loading deferred)
Module Load: DRMK.SYS (symbol loading deferred)
Module Load: FDC.SYS (symbol loading deferred)
Module Load: SERIAL.SYS (symbol loading deferred)
Module Load: SERENUM.SYS (symbol loading deferred)
Module Load: PARPORT.SYS (symbol loading deferred)
Module Load: I8042PRT.SYS (symbol loading deferred)
Module Load: MOUCLASS.SYS (symbol loading deferred)
Module Load: KBDCLASS.SYS (symbol loading deferred)
Module Load: GAMEENUM.SYS (symbol loading deferred)
Module Load: MSMPU401.SYS (symbol loading deferred)
Module Load: AUDSTUB.SYS (symbol loading deferred)
Module Load: RASL2TP.SYS (symbol loading deferred)
Module Load: NDISTAPI.SYS (symbol loading deferred)
Module Load: NDISWAN.SYS (symbol loading deferred)
Module Load: RASPPPOE.SYS (symbol loading deferred)
Module Load: RASPPTP.SYS (symbol loading deferred)
Module Load: TDI.SYS (symbol loading deferred)
Module Load: PSCHED.SYS (symbol loading deferred)
Module Load: MSGPC.SYS (symbol loading deferred)
Module Load: PTILINK.SYS (symbol loading deferred)
Module Load: RASPTI.SYS (symbol loading deferred)
Module Load: RDPDR.SYS (symbol loading deferred)
Module Load: TERMDD.SYS (symbol loading deferred)
Module Load: SWENUM.SYS (symbol loading deferred)
Module Load: UPDATE.SYS (symbol loading deferred)
Module Load: NDPROXY.SYS (symbol loading deferred)
Module Load: USBHUB.SYS (symbol loading deferred)
Module Load: USBD.SYS (symbol loading deferred)
Module Load: FLPYDISK.SYS (symbol loading deferred)
Module Load: FS_REC.SYS (symbol loading deferred)
Module Load: NULL.SYS (symbol loading deferred)
Module Load: BEEP.SYS (symbol loading deferred)
Module Load: VGA.SYS (symbol loading deferred)
Module Load: MNMDD.SYS (symbol loading deferred)
Module Load: RDPCDD.SYS (symbol loading deferred)
Module Load: FWDRV.SYS (symbol loading deferred)
Module Load: MSFS.SYS (symbol loading deferred)
Module Load: NPFS.SYS (symbol loading deferred)
Module Load: RASACD.SYS (symbol loading deferred)
Module Load: IPSEC.SYS (symbol loading deferred)
Module Load: TCPIP.SYS (symbol loading deferred)
Module Load: NETBT.SYS (symbol loading deferred)
Module Load: NETBIOS.SYS (symbol loading deferred)
Module Load: RDBSS.SYS (symbol loading deferred)
Module Load: PQNTDRV.SYS (symbol loading deferred)
Module Load: MRXSMB.SYS (symbol loading deferred)
Module Load: FIPS.SYS (symbol loading deferred)
Module Load: WANARP.SYS (symbol loading deferred)
Module Load: CDFS.SYS (symbol loading deferred)
Module Load: DUMP_ATAPI.SYS (symbol loading deferred)
Module Load: DUMP_WMILIB.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\WIN32K.SYS (symbol loading
deferred)
Module Load: C:\WINDOWS\system32\WATCHDOG.SYS (symbol loading
deferred)
Module Load: DXG.SYS (symbol loading deferred)
Module Load: DXGTHK.SYS (symbol loading deferred)
Module Load: C:\WINDOWS\system32\SIS300V.DLL (symbol loading
deferred)
Module Load: AFD.SYS (symbol loading deferred)
Module Load: NDISUIO.SYS (symbol loading deferred)
Module Load: SYSAUDIO.SYS (symbol loading deferred)
Module Load: WDMAUD.SYS (symbol loading deferred)
Module Load: MRXDAV.SYS (symbol loading deferred)
Module Load: PARVDM.SYS (symbol loading deferred)
Module Load: SRV.SYS (symbol loading deferred)
Module Load: USERDUMP.SYS (symbol loading deferred)
Module Load: KMIXER.SYS (symbol loading deferred)
Module Load: DBGV.SYS (symbol loading deferred)
Module Load: SAVMEM.SYS (symbol loading deferred)
Could not get address of KiProcessorBlock
Finished re-loading kernel modules
Kernel Debugger connection established for C:\WINDOWS\MEMORY.DMP
Kernel Version 2600 Free loaded @ ffffffff804d0000
Bugcheck 0000008e : c0000005 f9ff6ce2 f3bb3b48 00000000
Stopped at an unexpected exception: code=80000003
addr=ffffffff804fc1bb
Hard coded breakpoint hit


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to
xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@seg.inf.cu
To unsubscribe send a blank email to
xxxxx@lists.osr.com


Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:></mailto:xxxxx></mailto:xxxxx></http:>

6

>don’t know what your connection speed is, but even if it takes you a couple of
HOURS to

download this version, it will be worth your while.

Exactly! Even with a weak dialup connection, this is a Thing To Do.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com