Having had James take up an offer to find out what is causing his BSODs, her has now asked me how I found out which driver appears to be having the problem.
While there is no substite for lots of debug work, a very simple process is to run the crash dumps through our debugging tool (full dumps are best, followed by kernel dumps and then finally mini-dumps).
The first thing is to find the dump files - it will either be c:\windows\memory.dmp or mini-dumps under c:\windows\minidump. Find the file you want and copy it somewhere so you can examine it.
Then get the debugging tools - http://www.microsoft.com/whdc/devtools/debugging/default.mspx and download the x86 (32-bit) version.
Once the tools are extracted, open a cmd window and go to c:\Program Files\Debugging Tools for Windows and type kd -z c:\mydumpfile.dmp -v -y SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols. Wait for it to load and do an analyze. The debugger will open and if it has not done it already, type !analyze -v and see what drivers get listed as possible errors. Press Q to exit :-)
An example output might be like this:
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
TRAP_CAUSE_UNKNOWN (12)
Arguments:
Arg1: 00000001, Unexpected interrupt.
Arg2: 00000000, Unknown floating point exception.
Arg3: 00000000, The enabled and asserted status bits (see processor definition).
Arg4: 00000000
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Debugger CompCtrlDb Connection::Open failed 80004005
Connecting as Provider=SQLOLEDB.1;server=CCDSQL03;OLE DB Services=-4;database=Un
ifiedCompCentral;UID=compcentralro;PWD=compcentralro
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Loading symbols for bad2d000 ALCXWDM.SYS -> ALCXWDM.SYS
*** WARNING: Unable to verify timestamp for ALCXWDM.SYS
*** ERROR: Module load completed but symbols could not be loaded for ALCXWDM.SYS
Debugger Dbgportaldb Connection::Open failed 80004005
Connecting as Provider=SQLOLEDB.1;Server=dqtksql04.partners.extranet.microsoft.c
om;OLE DB Services=-4;Database=AtlasLite;UID=Debugger;PWD=OCADebug!1
Database Dbgportaldb not connected
ADO ERROR 80004005,11: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does no
t exist or access denied.
MODULE_NAME: ALCXWDM
FAULTING_MODULE: 80800000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 419b3079
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0x12
LAST_CONTROL_TRANSFER: from 00405b3c to 80884d9e
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
b82d2d64 00405b3c badb0d00 479f0064 00000000 nt+0x84d9e
b82d2d68 badb0d00 479f0064 00000000 00000000 0x405b3c
b82d2d6c 479f0064 00000000 00000000 00000000 ALCXWDM+0x83d00
b82d2d70 00000000 00000000 00000000 00000000 0x479f0064
FOLLOWUP_IP:
ALCXWDM+83d00
badb0d00 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: ALCXWDM+83d00
IMAGE_NAME: ALCXWDM.SYS
STACK_COMMAND: kb
FOLLOWUP_NAME: Machine_Owner;http://dbg/symbols
BUCKET_ID: WRONG_SYMBOLS
Followup: Machine_Owner;http://dbg/symbols
---------
kd>
ttfn
David
Posted
Fri, Jun 9 2006 12:59 PM
by
David Overton