Analyze MEMORY.dmp



This information has been copied from Max's Blog...
If your server logged " The previous system shutdown at hh:mm:ss AM on dd/mm/aaaa was unexpected. " and it generated a dump file( es. Memory.dump ) but you don't know tha cause of blue screen.... you can use WinDbg to get more details..
Install and launch Windbg then:
  1. Load the dump file
  2. Type .symfix
  3. Type .reload
  4. Type !Analyze
  5. Read the Bugchek Analysis Report
If symbols can't be loaded try
.sympath SRV*c:\Windows\symbols*http://msdl.microsoft.com/download/symbols
 .reload /f
Tags:

About author

Vittorio Pavesi

3comments

  1. Anonymous
    6:50 AM

    A useful post. However a few things to add. I was running windbg on a WinXP workstation. I was debugging a 2gb memory dump off a 2k server that kept randomly crashing. The first thing I had to do was download the symbol files for win2k onto my local workstation. Then set the symbol path to look at the directory where i had these symbol files unpacked.

    Secondly the !analyze command should be run with a -v. ie !analyze -v

    Thirdly once the dmp file has been debugged the "Image_name:" field will tell you the file causing the OS to crash. In my case "BROHL98A.dll"

    To find out what was calling this dll I downloaded and ran some microsoft reporting tools. Specifically MPSRPT_NETWORK.exe download from http://microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

    This told me a bother print driver was calling this dll. I upgraded the drivers. Problem gone.

    Cheers

    Dan L

  2. Anonymous
    4:39 PM

    The vast majority of my BSODs come from faulty printer drivers and I've had all sorts of printers but it still tends to happen. Can't remember the last time I had a absolutely stable printer driver. To top it off I Just had a BSOD related issue myself this new years eve, and (what a coincidence) uninstalling the printer made it stop.

    It pisses me off that tech-support "experts" out there are so quick to claim that: "Chances are it's a RAM issue, bitch! Start swapping those RAM bricks 1 by 1 and test them all the way through!!!" Obviously they don't give a shit about the tedious & risky procedures you have to go through just to most likely find out it's not the case at all.

    Is it really that hard for you printer-makers (if you're by any chance reading this one day) to create a printer driver that actually works without the need to BSOD on the slightest bullshit!? Or must I find a way to disable BSODs? Something that I sadly have yet to find.

Post a Comment