Windows Enterprise Desktop » crash dumps http://itknowledgeexchange.techtarget.com/vista-enterprise-desktop Mon, 20 May 2013 17:05:55 +0000 en-US hourly 1 Digging into Crash Dumps? Try Dumpchk first http://itknowledgeexchange.techtarget.com/vista-enterprise-desktop/digging-into-crash-dumps-try-dumpchk-first/ http://itknowledgeexchange.techtarget.com/vista-enterprise-desktop/digging-into-crash-dumps-try-dumpchk-first/#comments Sun, 14 Dec 2008 21:37:47 +0000 Ed Tittel http://itknowledgeexchange.techtarget.com/vista-enterprise-desktop/digging-into-crash-dumps-try-dumpchk-first/ There’s no question that the Windows Debugger (windbg.exe) is a nonpareil tool when it comes to troubleshooting source code or digging into Vista crashdumps. But with the program’s requirement for current debug symbols, complex syntax (the downside of amazing functionality is detailed and demanding syntax), and vast power comes a certain amount of effort required to get things set up and working properly. If all you want is a quick peek at certain key fields in a full-blown crash dump (C:\Windows\Memory.dmp by default) or a minidump file (C:\Windows\Minidump\Minimmddyy-0x, where mmddyy maps into 120808 for December 8, 2008, and the x represents which minidump acquired that day you’re after, so that my December 8, 2008 mindump file is named Mini120808-01.dmp) the lightweight dumpchk.exe utility may be more to your liking.

Given the following filename example, here’s a pared-down snapshot of the command line input for dumpchk and its response:

c:\Temp>dumpchk c:\Windows\Minidump\Mini120808-01.dmp -e
Loading dump file c:\Windows\Minidump\Mini120808-01.dmp
----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion        0000000f
MinorVersion        00001771
KdSecondaryVersion  00000000
DirectoryTableBase  dc05e3e0
PfnDataBase         8236b850
PsLoadedModuleList  8234bc70
PsActiveProcessHead 82341990
MachineImageType    0000014c
NumberProcessors    00000004
BugCheckCode        00000101
BugCheckParameter1  00000031
BugCheckParameter2  00000000
BugCheckParameter3  803d1120
BugCheckParameter4  00000001

The key information appears in the BugCheckCode entry (this maps to the Windows Stop error code that shows up on a bluescreen), and the four parameters that follow. A quick Google search on the Stop Error code presented as a Hexadecimal number of the form 0×00000101 is usually all it takes to find guidance on causes and potential fixes for such errors. In this case, I had to accept a light slap on the wrist for excessive over-clocking on my QX9650 processor and turn the clock rate back down in my PC’s BIOS (a reduction from 3.5 to 3.2 GHz did the trick nicely).

Sure Windbg.exe will do the same tricks, and a whole lot more, but why not use the quick’n'dirty dumpchk.exe if it will do the trick. If you download the Windows XP SP 2 Support Tools (Windows validation is required) you can grab and use dumpchk.exe on Windows Vista without difficulty.

]]> http://itknowledgeexchange.techtarget.com/vista-enterprise-desktop/digging-into-crash-dumps-try-dumpchk-first/feed/ 0