PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : dump auslesen?


msilver
2004-05-12, 19:54:30
hi
wie kann ich einen savedump von windows auslesen um genauere infos zu erfahren?

Ereignistyp: Informationen
Ereignisquelle: Save Dump
Ereigniskategorie: Keine
Ereigniskennung: 1001
Datum: 12.05.2004
Zeit: 19:01:04
Benutzer: Nicht zutreffend
Computer: BARTON
Beschreibung:
Der Computer ist nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x00000023 (0x000e00e0, 0xf7c61b30, 0xf7c61830, 0x804fa31b). Ein volles Abbild wurde gespeichert in: C:\WINDOWS\Minidump\Mini051204-01.dmp

http://v095595.dd2610.kasserver.com/Mini051204-01.dmp

mfg
msilver

Lokadamus
2004-05-12, 20:00:23
mmm...

Würde erstmal nur nach dem Fehlercode 0x00000023 (http://support.microsoft.com/default.aspx?scid=kb;EN-US;290182) gehen ...

Sephiroth
2004-05-12, 20:09:12
Original geschrieben von msilver
hi
wie kann ich einen savedump von windows auslesen um genauere infos zu erfahren?
http://v095595.dd2610.kasserver.com/Mini051204-01.dmp

mfg
msilver
aber so richtig schlauer bin ich daraus auch nicht geworden ... da ist der Link zur KB bzgl. des Fehlers irgendwie hilfreicher :freak:


Microsoft (R) Windows Debugger Version 6.3.0011.2
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [<PFAD DEN IHR NICHT WISSEN BRAUCHT>\Mini051204-01-von msilver.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: K:\Debugging Tools for Windows\symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Wed May 12 18:58:45 2004
System Uptime: 1 days 1:46:30.983
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
................................................................................ ..........................................
Loading unloaded module list
.....................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 23, {e00e0, f7c61b30, f7c61830, 804fa31b}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Unable to load image Fastfat.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for Fastfat.sys
*** ERROR: Module load completed but symbols could not be loaded for Fastfat.sys
Probably caused by : Unknown_Image

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

FAT_FILE_SYSTEM (23)
If you see FatExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 000e00e0
Arg2: f7c61b30
Arg3: f7c61830
Arg4: 804fa31b

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


EXCEPTION_RECORD: f7c61b30 -- (.exr fffffffff7c61b30)
ExceptionAddress: 804fa31b (nt+0x0002631b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 3f3f407f
Attempt to read from address 3f3f407f

CONTEXT: f7c61830 -- (.cxr fffffffff7c61830)
eax=3f3f3f3f ebx=0000013f ecx=00000000 edx=e2a28db8 esi=e27429c8 edi=8054f2a0
eip=804fa31b esp=f7c61bf8 ebp=f7c61c14 iopl=0 ov up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a83
nt+0x2631b:
804fa31b 8b8840010000 mov ecx,[eax+0x140] ds:0023:3f3f407f=????????
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x23

LAST_CONTROL_TRANSFER: from 8053d107 to 804fa31b

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f7c61c14 8053d107 3f3f3f3f 00000000 000009f8 nt+0x2631b
f7c61c54 f76affe2 e27429d0 3f3f3f3f e3541c28 nt+0x69107
f7c61d00 f76afa44 86131b08 e3541c28 e30c56c0 Fastfat+0xdfe2
f7c61d5c f76af960 00000000 8057fb87 8638d1f8 Fastfat+0xda44
f7c61dac 8057c73a 8638d7e8 00000000 00000000 Fastfat+0xd960
f7c61ddc 805124c1 804ed556 00000000 00000000 nt+0xa873a
00000000 00000000 00000000 00000000 00000000 nt+0x3e4c1


MODULE_NAME: Unknown_Module

IMAGE_NAME: Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: .cxr fffffffff7c61830 ; kb

FOLLOWUP_NAME: MachineOwner

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

kd> .cxr fffffffff7c61830 ; kb
eax=3f3f3f3f ebx=0000013f ecx=00000000 edx=e2a28db8 esi=e27429c8 edi=8054f2a0
eip=804fa31b esp=f7c61bf8 ebp=f7c61c14 iopl=0 ov up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010a83
nt+0x2631b:
804fa31b 8b8840010000 mov ecx,[eax+0x140] ds:0023:3f3f407f=????????
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
f7c61c14 8053d107 3f3f3f3f 00000000 000009f8 nt+0x2631b
f7c61c54 f76affe2 e27429d0 3f3f3f3f e3541c28 nt+0x69107
f7c61d00 f76afa44 86131b08 e3541c28 e30c56c0 Fastfat+0xdfe2
f7c61d5c f76af960 00000000 8057fb87 8638d1f8 Fastfat+0xda44
f7c61dac 8057c73a 8638d7e8 00000000 00000000 Fastfat+0xd960
f7c61ddc 805124c1 804ed556 00000000 00000000 nt+0xa873a
00000000 00000000 00000000 00000000 00000000 nt+0x3e4c1

msilver
2004-05-12, 20:21:48
ich danke euch beiden. filesystemerorr. naja, wenn es öfter kommt muss ich schauen woran es liegt.

mfg
msilver

msilver
2007-06-23, 07:12:57
könnte mir bitte jemand mal wieder einen dump auslesen? danke schön

http://www.elitekoepfe.de/Mini062307-01.dmp

EDIT. habs hinbekommen