Debugging 101

On June 22, 2006, in Uncategorized, by

(drinking the Mountain dew for those following the blog.. doing a load of laundry.. )


Okay so I’m in the process of uploading a big dump file but I’ve already got the mini dump files up on the server if you want to try this out.. it’s what we did on day two of training (which we really should have done on day one but .uh.. we NEVER are on schedule with that many in the room)


(P.S. as I blog this that big memory dump file is still uploading so you might want to wait until I post back here and say it’s up there)


So here’s the page and the info…


Windows Debugging


So ya wanna figure out what is causing that BSOD?


Read this post….


And then download these zipped up memory dump files


from here (these are minidump files)


and here (this is a big memory dump)


…and can you tell me what caused those BSOD’s (especially that last big memory dump?)


 

 

3 Responses to Debugging 101

  1. Susan,

    Since your crash dumps show 2-3 different error codes – a different one each time, my 1st suspicion would be hardware – have you run the MS memory diagnostic tool on the system (let me know if you need a link).
    Otherwise, check for recent driver updates.

    If you need a 1hr course in debugging, have a look at http://uksbsguy.com/blogs/doverton/archive/2006/06/21/627.aspx. However we have not had a single instance of your large crash appear through our crash database – I checked, and the crash appears to be in a very well used and known piece of code, the classpnp.sys driver, which hales to NT4 for classic PNP support.

    Failing that, time to call PSS. If you were to do nothing but run kd -v -y SRV*d:\websymbols*http://msdl.microsoft.com/download/symbols -z memfile.dmp, you will see the different crash locations. Lots of different locations normally points to h/w or a rogue driver corrupting memory. Mark in his teched pres talks about how to turn on verifier to find this –

    HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management
    LargePageMinimum REG_DWORD 0xFFFFFFFF
    EnforceWriteProtection REG_DWORD 1
    Reboot to take effect

  2. Bongo says:

    As a note of caution to others: you want to be careful sharing dumps.

    They can contain sensitive personally-identifiable information, passwords, encryption keys, and so on… anything in memory at the time.

  3. bradley says:

    And this dump is from a test box.. ergo why I posted it up here.