Hello,
my driver is crashing my machine (IRQL_NOT_LESS_OR_EQUAL). Unfortunately Windows (Vista x64 SP0) does not “create” a crash dump.
There is the blue screen, the memory is dumped to the disk (or at least the bluescreen says so), but after reboot there is no dump file.
My dump registry keys (HKLM\SYSTEM\CurrentControlSet\Control\CrashControl):
AutoReboot DWORD 1
CrashDumpEnabled DWORD 2
DumpFile EXPAND_SZ C:\Minidump\MEMORY.DMP (C:\Minidump exists!!!)
DumpFilters MULTI_SZ dumpfve.sys
IgnorePagefileSize DWORD 1
LogEvent DWORD 0
MinidumpDir EXPAND_SZ C:\Minidump
Overwrite DWORD 1
What’s wrong with my machine?
Could it be the fact that the DumpFile attribute is an EXPAND_SZ type(and your path doesn’t contain anything to expand)? Maybe try changing it to %SystemRoot%\MEMORY.DMP.
Date: Sun, 2 Mar 2008 19:12:16 -0500> From: xxxxx@vansoftcorp.com> To: xxxxx@lists.osr.com> Subject: [ntdev] Vista not saving crash dump?> > Hello,> my driver is crashing my machine (IRQL_NOT_LESS_OR_EQUAL). Unfortunately Windows (Vista x64 SP0) does not “create” a crash dump.> There is the blue screen, the memory is dumped to the disk (or at least the bluescreen says so), but after reboot there is no dump file.> > My dump registry keys (HKLM\SYSTEM\CurrentControlSet\Control\CrashControl):> > AutoReboot DWORD 1> CrashDumpEnabled DWORD 2> DumpFile EXPAND_SZ C:\Minidump\MEMORY.DMP (C:\Minidump exists!!!)> DumpFilters MULTI_SZ dumpfve.sys> IgnorePagefileSize DWORD 1> LogEvent DWORD 0> MinidumpDir EXPAND_SZ C:\Minidump> Overwrite DWORD 1> > What’s wrong with my machine?> > > —> NTDEV is sponsored by OSR> > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars\> > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Helping your favorite cause is as easy as instant messaging.?You IM, we give.
http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
Diagnosing dump failures is really difficult. First rule out your driver by
removing it and crashing the system (like from windbg). (By the way
minidumps are near useless, I’d select a kernel dump instead.) If after
getting your driver out of the way you still have no dump then the prime
suspect is the hba miniport driver, which driver you most likely do not have
source or symbols for. If you do happen to have source and/or symbols you
can actually set breakpoints in the ‘dump driver’ and step through the thing
to see if you can figure out why it is skronk. (The driver is named
dump_xxxx where xxxx is the hba’s normal driver name.)
If on the other hand with your driver out dumps start working - well then
you know that you have caused the problem. At that point you might want to
provide some detail here about what your driver is actually doing an how it
might interact with the boot disk device.
On Sun, Mar 2, 2008 at 7:12 PM, wrote:
> Hello,
> my driver is crashing my machine (IRQL_NOT_LESS_OR_EQUAL). Unfortunately
> Windows (Vista x64 SP0) does not “create” a crash dump.
> There is the blue screen, the memory is dumped to the disk (or at least
> the bluescreen says so), but after reboot there is no dump file.
>
> My dump registry keys
> (HKLM\SYSTEM\CurrentControlSet\Control\CrashControl):
>
> AutoReboot DWORD 1
> CrashDumpEnabled DWORD 2
> DumpFile EXPAND_SZ C:\Minidump\MEMORY.DMP (C:\Minidump exists!!!)
> DumpFilters MULTI_SZ dumpfve.sys
> IgnorePagefileSize DWORD 1
> LogEvent DWORD 0
> MinidumpDir EXPAND_SZ C:\Minidump
> Overwrite DWORD 1
>
> What’s wrong with my machine?
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Mark Roddy
My driver is in no way interacting with the disk. In fact, if I run a minimalistic sample driver that BugChecks (NotMyFault of sysinternals for example), no crash dump is created as well.
Yes, sometimes crash dump file will not be created by Windows. And in this case, you can use windbg to catch the “crash” and use “kb” to see the call stack.
Then either you have a configuration error (but you would have had to do
something unusual to have one) or you have a crappy hba miniport that
doesn’t do dumps correctly. Like I said, debugging crash dumps is not easy
and not fun, and without the source and symbols for the miniport, double
that.
On Sun, Mar 2, 2008 at 7:46 PM, wrote:
> My driver is in no way interacting with the disk. In fact, if I run a
> minimalistic sample driver that BugChecks (NotMyFault of sysinternals for
> example), no crash dump is created as well.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Mark Roddy
I wasted a lot of time searching the MSDN for crashdumps in Vista and so and
hoped that this question would pop up. Has anyone here actually managed to
have Vista write crash dump files, the way XP does ?
/Daniel
wrote in message news:xxxxx@ntdev…
> Hello,
> my driver is crashing my machine (IRQL_NOT_LESS_OR_EQUAL). Unfortunately
> Windows (Vista x64 SP0) does not “create” a crash dump.
> There is the blue screen, the memory is dumped to the disk (or at least
> the bluescreen says so), but after reboot there is no dump file.
>
> My dump registry keys
> (HKLM\SYSTEM\CurrentControlSet\Control\CrashControl):
>
> AutoReboot DWORD 1
> CrashDumpEnabled DWORD 2
> DumpFile EXPAND_SZ C:\Minidump\MEMORY.DMP (C:\Minidump exists!!!)
> DumpFilters MULTI_SZ dumpfve.sys
> IgnorePagefileSize DWORD 1
> LogEvent DWORD 0
> MinidumpDir EXPAND_SZ C:\Minidump
> Overwrite DWORD 1
>
> What’s wrong with my machine?
>
>
yes. crashdumps work in vista approximately the same as they do in earlier
releases.
On Sun, Mar 2, 2008 at 11:51 PM, wrote:
> I wasted a lot of time searching the MSDN for crashdumps in Vista and so
> and
> hoped that this question would pop up. Has anyone here actually managed to
> have Vista write crash dump files, the way XP does ?
>
> /Daniel
>
>
> wrote in message news:xxxxx@ntdev…
> > Hello,
> > my driver is crashing my machine (IRQL_NOT_LESS_OR_EQUAL). Unfortunately
> > Windows (Vista x64 SP0) does not “create” a crash dump.
> > There is the blue screen, the memory is dumped to the disk (or at least
> > the bluescreen says so), but after reboot there is no dump file.
> >
> > My dump registry keys
> > (HKLM\SYSTEM\CurrentControlSet\Control\CrashControl):
> >
> > AutoReboot DWORD 1
> > CrashDumpEnabled DWORD 2
> > DumpFile EXPAND_SZ C:\Minidump\MEMORY.DMP (C:\Minidump exists!!!)
> > DumpFilters MULTI_SZ dumpfve.sys
> > IgnorePagefileSize DWORD 1
> > LogEvent DWORD 0
> > MinidumpDir EXPAND_SZ C:\Minidump
> > Overwrite DWORD 1
> >
> > What’s wrong with my machine?
> >
> >
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Mark Roddy
Ronald Riddle wrote:
Could it be the fact that the DumpFile attribute is an EXPAND_SZ
type(and your path doesn’t contain anything to expand)? Maybe try
changing it to %SystemRoot%\MEMORY.DMP.
Come on. Surely you do not believe that a REG_EXPAND_SZ registry entry
MUST have something to expand, do you? Go look through
CurrentControlSet\Services. The ImagePath key is REG_EXPAND_SZ, but
only a fraction of the entries actually use an expandable string.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Hi,
if I understand this right
http://news.softpedia.com/news/Make-Kernel-Memory-Dumps-Play-Well-in-Windows-Vista-Ahead-of-SP1-68622.shtml
then Vista in some cases turns the requirement to create a full dump into
creating a minidump ?
Regards
Else
|---------±-------------------------------->
| | “Mark Roddy” |
| | |
| | Sent by: |
| | bounce-316243-16691@li|
| | sts.osr.com |
| | |
| | |
| | 03/03/2008 03:22 AM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-----------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: Re: [ntdev] Vista not saving crash dump? |
>-----------------------------------------------------------------------------------------------------------|
Then either you have a configuration error (but you would have had to do
something unusual to have one) or you have a crappy hba miniport that
doesn’t do dumps correctly. Like I said, debugging crash dumps is not easy
and not fun, and without the source and symbols for the miniport, double
that.
On Sun, Mar 2, 2008 at 7:46 PM, wrote:
My driver is in no way interacting with the disk. In fact, if I run a
minimalistic sample driver that BugChecks (NotMyFault of sysinternals for
example), no crash dump is created as well.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
–
Mark Roddy — NTDEV is sponsored by OSR For our schedule of WDF, WDM,
debugging and other seminars visit: http://www.osr.com/seminars To
unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Else Kluger wrote:
Hi,
if I understand this right
http://news.softpedia.com/news/Make-Kernel-Memory-Dumps-Play-Well-in-Windows-Vista-Ahead-of-SP1-68622.shtml
then Vista in some cases turns the requirement to create a full dump into
creating a minidump ?
I think you’re reading WAY too much into that. This is an extremely
esoteric point. If the swap file is not large enough to hold all of
kernel memory, then the system cannot take a full kernel dump. It will
dump as much as it can. At the next boot, when it turns the swap file
into a dump, if it isn’t all present, it will create a minidump. The
registry entry they’re talking about requests that it go ahead and
create a full kernel dump file, even though some of the dump file will
be garbage because the pages weren’t present in the swap file.
As long as your swap file is large enough to hold all of kernel memory,
which virtually everyone has, then this issue does not arise.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.