Hello,
we have small utility which allows to user to automatically upload
memory.dmp files to our ftp server. Unfortunatelly we are receiving many
dumps caused by some another driver (we of course want only memory dumps
caused by our kernel driver). Is there any way how to analyze memory.dmp
file in our software ?
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!
Are you sure your driver is not corrupting other drivers. If not please
check the memory handling of the driver.
Problem could be when your driver corrupting the memory area of other
driver, it may cause memory dump on that particular .sys.
Cyril
----- Original Message -----
From: “Stanislav Kolar”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 5:03 PM
Subject: [windbg] memory.dmp
Hello,
we have small utility which allows to user to automatically upload
memory.dmp files to our ftp server. Unfortunatelly we are receiving many
dumps caused by some another driver (we of course want only memory dumps
caused by our kernel driver). Is there any way how to analyze memory.dmp
file in our software ?
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasar?n!
—
You are currently subscribed to windbg as: xxxxx@wipro.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thank you for your response.
What I exactly need is to get list of loaded drivers, the address where
instruction caused crash is and the stack trace. I will check if the address
of the faulting instruction belongs to our driver and if is our driver
somewhere on the stack…
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!
----- Original Message -----
From: “Cyril”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 1:44 PM
Subject: [windbg] Re: memory.dmp
Are you sure your driver is not corrupting other drivers. If not please
check the memory handling of the driver.
Problem could be when your driver corrupting the memory area of other
driver, it may cause memory dump on that particular .sys.
Cyril
----- Original Message -----
From: “Stanislav Kolar”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 5:03 PM
Subject: [windbg] memory.dmp
Hello,
we have small utility which allows to user to automatically upload
memory.dmp files to our ftp server. Unfortunatelly we are receiving many
dumps caused by some another driver (we of course want only memory dumps
caused by our kernel driver). Is there any way how to analyze memory.dmp
file in our software ?
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!
—
You are currently subscribed to windbg as: xxxxx@wipro.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@kerio.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Standislav,
Even a driver is not at the bugcheck stack, that doesn’t prove the driver
was not at fault.
If you’re only interested in getting the stack report automatically, you can
write a little script containing the following command:
kd -c “!analyze -v;q” -z c:\winnt\memory.dmp>out.txt
Change the name of the dump file and the output file as you need. Make sure
the _NT_SYMBOL_PATH is properly set and kd.exe is in the search path before
executing kd.
Good luck,
Calvin
Calvin Guan, Software Developer xxxxx@nospam.ati.com
SW2D-Radeon NT Core Drivers
ATI Technologies Inc.
1 Commerce Valley Drive East
Markham, Ontario, Canada L3T 7X6
Tel: (905) 882-2600 Ext. 8654
Find a driver: http://www.ati.com/support/driver.html
-----Original Message-----
From: Stanislav Kolar [mailto:xxxxx@kerio.com]
Sent: Tuesday, October 21, 2003 7:59 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: memory.dmp
Thank you for your response.
What I exactly need is to get list of loaded drivers, the address where
instruction caused crash is and the stack trace. I will check if the address
of the faulting instruction belongs to our driver and if is our driver
somewhere on the stack…
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasar?n!
----- Original Message -----
From: “Cyril”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 1:44 PM
Subject: [windbg] Re: memory.dmp
Are you sure your driver is not corrupting other drivers. If not please
check the memory handling of the driver.
Problem could be when your driver corrupting the memory area of other
driver, it may cause memory dump on that particular .sys.
Cyril
----- Original Message -----
From: “Stanislav Kolar”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 5:03 PM
Subject: [windbg] memory.dmp
Hello,
we have small utility which allows to user to automatically upload
memory.dmp files to our ftp server. Unfortunatelly we are receiving many
dumps caused by some another driver (we of course want only memory dumps
caused by our kernel driver). Is there any way how to analyze memory.dmp
file in our software ?
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasar?n!
—
You are currently subscribed to windbg as: xxxxx@wipro.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@kerio.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@ati.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thank you for you response…
We need to analyze the memory dump automatically on the customer’s computer
to show him our dialog that our driver has been crashed and ask him if he
wants to upload the memory.dmp file to our server. We of course cannot
assume that he has debugging tools installed…
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!
----- Original Message -----
From: “Calvin Guan”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 3:04 PM
Subject: [windbg] Re: memory.dmp
Standislav,
Even a driver is not at the bugcheck stack, that doesn’t prove the driver
was not at fault.
If you’re only interested in getting the stack report automatically, you can
write a little script containing the following command:
kd -c “!analyze -v;q” -z c:\winnt\memory.dmp>out.txt
Change the name of the dump file and the output file as you need. Make sure
the _NT_SYMBOL_PATH is properly set and kd.exe is in the search path before
executing kd.
Good luck,
Calvin
Calvin Guan, Software Developer xxxxx@nospam.ati.com
SW2D-Radeon NT Core Drivers
ATI Technologies Inc.
1 Commerce Valley Drive East
Markham, Ontario, Canada L3T 7X6
Tel: (905) 882-2600 Ext. 8654
Find a driver: http://www.ati.com/support/driver.html
-----Original Message-----
From: Stanislav Kolar [mailto:xxxxx@kerio.com]
Sent: Tuesday, October 21, 2003 7:59 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: memory.dmp
Thank you for your response.
What I exactly need is to get list of loaded drivers, the address where
instruction caused crash is and the stack trace. I will check if the address
of the faulting instruction belongs to our driver and if is our driver
somewhere on the stack…
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!
----- Original Message -----
From: “Cyril”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 1:44 PM
Subject: [windbg] Re: memory.dmp
Are you sure your driver is not corrupting other drivers. If not please
check the memory handling of the driver.
Problem could be when your driver corrupting the memory area of other
driver, it may cause memory dump on that particular .sys.
Cyril
----- Original Message -----
From: “Stanislav Kolar”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 5:03 PM
Subject: [windbg] memory.dmp
Hello,
we have small utility which allows to user to automatically upload
memory.dmp files to our ftp server. Unfortunatelly we are receiving many
dumps caused by some another driver (we of course want only memory dumps
caused by our kernel driver). Is there any way how to analyze memory.dmp
file in our software ?
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!
—
You are currently subscribed to windbg as: xxxxx@wipro.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@kerio.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@ati.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@kerio.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
> We need to analyze the memory dump automatically on the
customer’s computer
to show him our dialog that our driver has been crashed and ask him if he
wants to upload the memory.dmp file to our server. We of course cannot
assume that he has debugging tools installed…
My suggestion is to always upload, and then run the analysis automated on
your side. Just let the user know that you upload data, and have a checkbox
that lets him turn that off (privacy concern).
Cheers,
/ h+
Thank you for your suggestion, but:
a) we don’t want to bother user about uploading useless dumps (dumps are
quite big and not all users have high-speed connection)
b) we don’t want to raise presumption that our software is so buggy 
btw currently we are using the same approach you describe…
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!
----- Original Message -----
From: “WinDbg”
To: “Kernel Debugging Interest List”
Sent: Tuesday, October 21, 2003 6:00 PM
Subject: [windbg] Re: memory.dmp
>
> > We need to analyze the memory dump automatically on the
> > customer’s computer
> > to show him our dialog that our driver has been crashed and ask him if
he
> > wants to upload the memory.dmp file to our server. We of course cannot
> > assume that he has debugging tools installed…
>
> My suggestion is to always upload, and then run the analysis automated on
> your side. Just let the user know that you upload data, and have a
checkbox
> that lets him turn that off (privacy concern).
>
> Cheers,
>
> / h+
>
>
> —
> You are currently subscribed to windbg as: xxxxx@kerio.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
The dump size issue is a real one, but I think you’re being a bit
misguided about your customer service.
Users would generally be very happy with your company if they uploaded a
dump to you and you responded (even automatically) with information
about which driver is actually at fault… Especially if it wasn’t yours…
On the other hand, Microsoft is already doing this, and you can get
access to the mini-dumps through their OCA process. If you aren’t, do.
That way, MS pays all the bandwidth costs :-)…
If you need to put some info in there, we were told at WinHEC that
there’s a way for drivers to insert information into the mini-dumps…
but not a lot of detail was provided about that, so I can’t say how
effective this might be…
Stanislav Kolar wrote:
Thank you for your suggestion, but:
a) we don’t want to bother user about uploading useless dumps (dumps are
quite big and not all users have high-speed connection)
b) we don’t want to raise presumption that our software is so buggybtw currently we are using the same approach you describe…
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasarán!----- Original Message -----
From: “WinDbg”
> To: “Kernel Debugging Interest List”
> Sent: Tuesday, October 21, 2003 6:00 PM
> Subject: [windbg] Re: memory.dmp
>
>
>
>>>We need to analyze the memory dump automatically on the
>>>customer’s computer
>>>to show him our dialog that our driver has been crashed and ask him if
>
> he
>
>>>wants to upload the memory.dmp file to our server. We of course cannot
>>>assume that he has debugging tools installed…
>>
>>My suggestion is to always upload, and then run the analysis automated on
>>your side. Just let the user know that you upload data, and have a
>
> checkbox
>
>>that lets him turn that off (privacy concern).
>>
>>Cheers,
>>
>>/ h+
>>
>>
>>—
>>You are currently subscribed to windbg as: xxxxx@kerio.com
>>To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>
>
>
>
–
…/ray..
You do have a couple of options on dump size.
You could configure the machine to make a kernel dump, instead of the full dump. The difference is that the kernel dump only saves memory in kernel space. This gives a significant size reduction to the dump, but still gives you fulll debugging for most KM crashes.
Also regardless of dump type you should compress the dump before sending it. In my experience dump files tend to compress pretty well.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Thursday, October 23, 2003 9:56 AM
To: Kernel Debugging Interest List
Subject: [windbg] Re: memory.dmp
The dump size issue is a real one, but I think you’re being a bit misguided about your customer service.
Users would generally be very happy with your company if they uploaded a dump to you and you responded (even automatically) with information about which driver is actually at fault… Especially if it wasn’t yours…
On the other hand, Microsoft is already doing this, and you can get access to the mini-dumps through their OCA process. If you aren’t, do.
That way, MS pays all the bandwidth costs :-)…
If you need to put some info in there, we were told at WinHEC that there’s a way for drivers to insert information into the mini-dumps…
but not a lot of detail was provided about that, so I can’t say how effective this might be…
Stanislav Kolar wrote:
Thank you for your suggestion, but:
a) we don’t want to bother user about uploading useless dumps (dumps
are quite big and not all users have high-speed connection)
b) we don’t want to raise presumption that our software is so buggy
btw currently we are using the same approach you describe…
Stanislav Kolar
senior developer
…
Kerio Technologies
Sedlackova 16, 301 11 Plzen
tel. 37 733 8901, fax 37 733 8921
www.kerio.cz www.winroute.cz
…
No Pasar?n!----- Original Message -----
From: “WinDbg”
> To: “Kernel Debugging Interest List”
> Sent: Tuesday, October 21, 2003 6:00 PM
> Subject: [windbg] Re: memory.dmp
>
>
>
>>>We need to analyze the memory dump automatically on the customer’s
>>>computer to show him our dialog that our driver has been crashed and
>>>ask him if
>
> he
>
>>>wants to upload the memory.dmp file to our server. We of course
>>>cannot assume that he has debugging tools installed…
>>
>>My suggestion is to always upload, and then run the analysis automated
>>on your side. Just let the user know that you upload data, and have a
>
> checkbox
>
>>that lets him turn that off (privacy concern).
>>
>>Cheers,
>>
>>/ h+
>>
>>
>>—
>>You are currently subscribed to windbg as: xxxxx@kerio.com To
>>unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>
>
>
>
>
–
…/ray..
—
You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com