I received a ‘mini’ dump from a tester today (a brief windbg session is
below), it is basically ‘unusable’ to me. Other than going back and
getting a full dump, does anyone have any tricks I can use to get some
useful info out of a mini-dump?
Thanks
Symbol search path is: SRV*downstream
store*http://msdl.microsoft.com/download/symbols;srv\*c:\cache\*http://msd
l.microsoft.com/download/symbols;V:\build_436\BuildNotes
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_rtm.040803-2158
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055ab20
Debug session time: Mon Nov 29 07:27:00 2004
System Uptime: 4 days 22:09:28.834
Loading Kernel Symbols
…
…
Loading unloaded module list
…
Loading User Symbols
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******
Use !analyze -v to get detailed debugging information.
BugCheck 100000D1, {0, ff, 0, 63006c}
Probably caused by : Unknown_Image
Followup: MachineOwner
kd> !analyze -v
************************************************************************
*******
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
*******
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address
at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 0063006c, address which referenced memory
Debugging Details:
READ_ADDRESS: 00000000
CURRENT_IRQL: ff
FAULTING_IP:
+63006c
0063006c 0300 add eax,[eax]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from f44c7de0 to 0063006c
STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong.
80042000 f44c7de0 b9fc0010 00001000 760c4d89 0x63006c
838d0000 00000000 00000000 00000000 00000000 0xf44c7de0
FOLLOWUP_IP:
+63006c
0063006c 0300 add eax,[eax]
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: kb
BUCKET_ID: BAD_STACK