Advertisement

04.17.2008 at 09:26AM PDT, ID: 23331551
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.8

Help Interpret Kernel Dump File

Asked by Nmagsaysay in Kernel And Operating System Specific Programming, Microsoft Operating Systems, Microsoft Server

Tags:

Please help me identify what caulses my server to BSOD....  I have used WinDbg/!analyze although i dont know how to read it..

thank you,...

Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
 
 
Loading Dump File [C:\Documents and Settings\dhenderson\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
 
Symbol search path is: set _NT_SYMBOL_PATH=srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2003 Kernel Version 3790 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: Server, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp1_rtm.050324-1447
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed Apr 16 20:04:11.662 2008 (GMT-4)
System Uptime: 0 days 15:19:35.359
Loading Kernel Symbols
..............................................................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
Loading unloaded module list
..
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
Use !analyze -v to get detailed debugging information.
 
BugCheck A, {7351f1ec, 2, 1, 808666dd}
 
Page daa5e not present in the dump file. Type ".hh dbgerr004" for details
Page 113cd5 not present in the dump file. Type ".hh dbgerr004" for details
 
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
 
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
Probably caused by : memory_corruption ( nt!MiRemovePageByColor+9f )
 
Followup: MachineOwner
---------
 
0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************
 
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 7351f1ec, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 808666dd, address which referenced memory
 
Debugging Details:
------------------
 
Page daa5e not present in the dump file. Type ".hh dbgerr004" for details
Page 113cd5 not present in the dump file. Type ".hh dbgerr004" for details
 
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
 
PEB is paged out (Peb.Ldr = 7ffd500c).  Type ".hh dbgerr001" for details
 
WRITE_ADDRESS:  7351f1ec 
 
CURRENT_IRQL:  2
 
FAULTING_IP: 
nt!MiRemovePageByColor+9f
808666dd 89540f08        mov     dword ptr [edi+ecx+8],edx
 
DEFAULT_BUCKET_ID:  DRIVER_FAULT
 
BUGCHECK_STR:  0xA
 
PROCESS_NAME:  helpsvc.exe
 
TRAP_FRAME:  b9161c0c -- (.trap 0xffffffffb9161c0c)
ErrCode = 00000002
eax=8089ab34 ebx=00000003 ecx=81600000 edx=ff7f7f7f esi=8276c474 edi=f1f1f1e4
eip=808666dd esp=b9161c80 ebp=b9161ca0 iopl=0         ov up ei ng nz na pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010a87
nt!MiRemovePageByColor+0x9f:
808666dd 89540f08        mov     dword ptr [edi+ecx+8],edx ds:0023:7351f1ec=????????
Resetting default scope
 
LAST_CONTROL_TRANSFER:  from 808666dd to 8088bdd3
 
STACK_TEXT:  
b9161c0c 808666dd badb0d00 ff7f7f7f 00000008 nt!KiTrap0E+0x2a7
b9161ca0 80866ac6 00000001 00000001 0000001b nt!MiRemovePageByColor+0x9f
b9161cbc 8084dcda c00093f0 c0600048 00000000 nt!MiRemoveZeroPage+0x8a
b9161cd8 8085e90f 0127e000 c00093f0 89661978 nt!MiResolveDemandZeroFault+0x104
b9161d4c 8088bc08 00000001 0127e000 00000001 nt!MmAccessFault+0xd67
b9161d4c 0100a48d 00000001 0127e000 00000001 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
005afcfc 00000000 00000000 00000000 00000000 0x100a48d
 
 
STACK_COMMAND:  kb
 
FOLLOWUP_IP: 
nt!MiRemovePageByColor+9f
808666dd 89540f08        mov     dword ptr [edi+ecx+8],edx
 
SYMBOL_STACK_INDEX:  1
 
SYMBOL_NAME:  nt!MiRemovePageByColor+9f
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: nt
 
DEBUG_FLR_IMAGE_TIMESTAMP:  42435b14
 
IMAGE_NAME:  memory_corruption
 
FAILURE_BUCKET_ID:  0xA_W_nt!MiRemovePageByColor+9f
 
BUCKET_ID:  0xA_W_nt!MiRemovePageByColor+9f
 
Followup: MachineOwner
---------
 
0: kd> .trap 0xffffffffb9161c0c
ErrCode = 00000002
eax=8089ab34 ebx=00000003 ecx=81600000 edx=ff7f7f7f esi=8276c474 edi=f1f1f1e4
eip=808666dd esp=b9161c80 ebp=b9161ca0 iopl=0         ov up ei ng nz na pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010a87
nt!MiRemovePageByColor+0x9f:
808666dd 89540f08        mov     dword ptr [edi+ecx+8],edx ds:0023:7351f1ec=????????
0: kd> lmvm nt
start    end        module name
80800000 80a53000   nt         (pdb symbols)          set _NT_SYMBOL_PATH=srv\ntkrpamp.pdb\FEC480982D1145E696432CBBD9BC2C831\ntkrpamp.pdb
    Loaded symbol image file: ntkrpamp.exe
    Image path: ntkrpamp.exe
    Image name: ntkrpamp.exe
    Timestamp:        Thu Mar 24 20:28:04 2005 (42435B14)
    CheckSum:         0023D043
    ImageSize:        00253000
    File version:     5.2.3790.1830
    Product version:  5.2.3790.1830
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntkrpamp.exe
    OriginalFilename: ntkrpamp.exe
    ProductVersion:   5.2.3790.1830
    FileVersion:      5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
    FileDescription:  NT Kernel & System
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
[+][-]04.17.2008 at 12:26PM PDT, ID: 21380486

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.17.2008 at 01:03PM PDT, ID: 21380776

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.17.2008 at 02:57PM PDT, ID: 21381774

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.17.2008 at 04:28PM PDT, ID: 21382291

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.17.2008 at 04:32PM PDT, ID: 21382305

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.17.2008 at 04:36PM PDT, ID: 21382313

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.17.2008 at 04:55PM PDT, ID: 21382365

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.17.2008 at 06:36PM PDT, ID: 21382713

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Kernel And Operating System Specific Programming, Microsoft Operating Systems, Microsoft Server
Tags: Kernel Dump File
Sign Up Now!
Solution Provided By: xentelworker
Participating Experts: 2
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628