minidump analysis with windbg
-
Sunday, August 19, 2012 10:19 AM
Hi,
I have tried to analyze minidump with the windbg tool, but the result shows inconclusive. I have pasted the results of windbg below here
C:\Program Files\Windows Kits\8.0\Debuggers\x86>kd.exe -y srv*c:\symbols*http://
msdl.microsoft.com/download/symbols -i d:\I386 -z d:\Mini072612-01.dmp
Microsoft (R) Windows Debugger Version 6.2.9200.16384 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [d:\Mini072612-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: d:\I386
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to load image nt, Win32 error 0n2
Unable to add module at 00000000
Debugger can not determine kernel base address
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (8 procs) Free x86 c
ompatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ee8
Debug session time: Thu Jul 26 20:26:37.617 2012 (UTC + 5:45)
System Uptime: 26 days 8:58:36.278
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to load image nt, Win32 error 0n2
Unable to add module at 00000000
Debugger can not determine kernel base address
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
***** Debugger could not find nt in module list, module list might be corrupt, e
rror 0x80070057.
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
All Replies
-
Sunday, August 19, 2012 4:02 PM
Hello,
Seems symbols are not loaded properly or source symbol path might have configured wrongly.So I suggest you cross check this steps to analyse a dmp file: http://blogs.technet.com/b/askcore/archive/2008/11/01/how-to-debug-kernel-mode-blue-screen-crashes-for-beginners.aspx#3476888
Win Debugging tools: for dump file analysis download windebuger SW and analyze the *.dmp file to know the cause of server shutdown.Links for the software: https://skydrive.live.com/#cid=63D5AB5243DB43E7&id=63D5AB5243DB43E7%21120 or http://www.windbg.org/
Thank you and write here again if you need any other help?
Regards, Ravikumar P
- Proposed As Answer by Santosh BhandarkarMicrosoft Community Contributor, Moderator Monday, August 20, 2012 5:29 AM
-
Monday, August 20, 2012 2:44 AMModerator
Hello,
If none of the above suggestions help, please open a ticket with Microsoft support. You can contact Microsoft Customer Support Service (CSS) for assistance so that this problem can be resolved efficiently. http://support.microsoft.com/contactus/
If you are outside the US please visit http://www.microsoft.com/worldwide/ for regional support phone numbers.
Thanks
Zhang- Proposed As Answer by Santosh BhandarkarMicrosoft Community Contributor, Moderator Monday, August 20, 2012 5:29 AM
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Monday, August 27, 2012 6:00 AM
-
Monday, August 20, 2012 10:17 AM
Hi,
I have tried debugging from the above method but still got the below result. please suggest
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\i80549\Desktop\Mini072612-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to load image nt, Win32 error 0n2
Unable to add module at 00000000
Debugger can not determine kernel base address
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (8 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ee8
Debug session time: Thu Jul 26 10:41:37.617 2012 (UTC - 4:00)
System Uptime: 26 days 8:58:36.278
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to load image nt, Win32 error 0n2
Unable to add module at 00000000
Debugger can not determine kernel base address
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 00000000 to baabc2b3
STACK_TEXT:
b34c0ffc 00000000 00000000 00000000 00000000 0xbaabc2b3
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: CORRUPT_MODULELIST
Followup: MachineOwner
---------
0: kd> lmvm Unknown_Module
start end module name
.png)
