Any MiniDump analysis experts here?

[Ian]

I'd be interested to know if there are any users here that are able to analyse MiniDump files to help with crash analysis? I'd like to try and get an article on the site that would explain how users can diagnose BSODs and other crashes, however I'm no expert when it comes to dump files.

I know TorrentG had some experience in this, but I've not seen him around for a while. Are there any other users on here that know much about this, so that I could seek some advice to write an article?

 

[linuxdudex12]

No im not, but I would like to know what kind of books I should read to learn more about reading mini dumps.

 

[Nibiru2012]

Those have always been "Greek" to me.

I need to read up on how to analyze them though.

 

[Thrax]

Minidump analysis is actually rather easy once it gets broken down for you. I learned how to do it via this article: http://forums.majorgeeks.com/showthread.php?t=35246

 

[Ian]

Minidump analysis is actually rather easy once it gets broken down for you. I learned how to do it via this article: http://forums.majorgeeks.com/showthread.php?t=35246

Thanks! I'll have a read of this and start learning more about it, then once I've got to grips with it I'll get an article on here.

 

[clifford_cooley]

I've made this thread a sticky in hopes of finding more help with Minidump Analysis.

 

[davehc]

It is something to which you must be dedicated. I did install all the software and, like thrax, used a help page to work through it. I have used it from time to time but would noy consider myself knowledgeable enough to give advice in a tutorial.
Truth ios, I was dissappointed with the results. Basically it always came down to updating all the dreivers, although one small advantage was that sometimes you could pinpoint a particular driver. Sometimes known software comes into the problem,,l often Norton and AVG products.

In the end, when in time and able, my better advice to users has become a question of ignoring the Windows backup and directing them to an image program right from the start. It usually works out (about 20 minutes max) faster than dump hunting, as you can see from some of the Threads on the site.(worst case running currently 3 weeks!)
I realise that, all things being equal, if the user reloads all that he has piut on since the image, the problem may occur again, but I would consider this an easier fault finding option.

 

[TorrentG]

Here is the resource needed to truly get started:

http://www.sevenforums.com/crash-lockup-debug-how/26584-configuring-debugging-tools.html

Once a crash dump is opened and it doesn't clearly show the issue like most times, type lmtn in the bottom then press enter. All pre-July 2009 drivers should be updated.

Sptd.sys always needs to be removed no matter what. Uninstaller/installer = DuplexSecure - Downloads

LogMeIn always needs to be removed no matter what.

Old wireless adapter drivers are particularly notorious as are Razer drivers.

If you type lmvm drivername here (for example: lmvm ASACPI) then press enter, it will show the driver's details.

All Realtek HD Audio drivers get updated from here: RtkHDAudio

This updates the 8111 Realtek lan driver, which is most prevalent: RTL8111

Here are the a/v removal tools: AV Uninstallers - Windows 7 Forums

Whenever there's an old ASACPI driver from 2005, it must be updated to the latest ATK0110 driver installer in my attachments.

0x7f errors involving NETIO.sys are always caused by ZoneAlarm. You can also see vsdatant.sys present.

---------

With a little bit of practice and above info, anyone can be an expert over time.

---------

When all drivers finally appear well and there are still failures in Microsoft kernel or other drivers, there is a memory defect or incorrect RAM setting in the bios (or overclocking.)

 

[TorrentG]

No im not, but I would like to know what kind of books I should read to learn more about reading mini dumps.

I realize I'm responding to an old post, but thought it helpful anyhow to anyone interested.

If you really would like to learn bsod analysis very quickly, follow my previous post, then go and open crash dumps from any of the threads and notice my responses.

Try to see what I've said compared to what the dumps show and perhaps make a mental note to remember scenarios. Like, what did I say when there were mostly 0x116 tdr stops?

This is how to handle 0x124 stops, once all drivers are satisfied as well:
http://www.sevenforums.com/crash-lockup-debug-how/35349-stop-0x124-what-means-what-try.html

It'd be great to see any existing or new members trying to help with analysis and post their findings. That would be an even better way to learn and become involved.

----------

Read a book entitiled "Windows Internals" by Microsoft system expert Mark Russinovich, if you want to become even more advanced.

http://technet.microsoft.com/en-us/sysinternals/bb963901.aspx

------------

Another great resource is Addison Wesley's "Advanced Windows Debugging".

 

[clifford_cooley]

It'd be great to see any existing or new members trying to help with analysis and post their findings. That would be an even better way to learn and become involved.

I have seriously been thinking about trying since the day you started folding.

I mentioned such efforts long before but wasn't as serious. I have everything setup now, including the symbols. Tried out the lmvm command and then noticed, there is a link to automatically give the command. Think I am going to follow alone with you on the next few minidumps and see if I can arrive at the same conclusions.

 

[TorrentG]

Awesome!

lmvm command only comes into play really when you want to see where the driver is located on the system, so you can have the member delete or rename it and direct him/her as to where it is.

lmtn command is always needed to see all the drivers to see what's going on.

lmsmtn command is the same as lmtn, only that it will now display the drivers in alphabetical order.

Good stuff.

 

[Fire cat]

Well, I think I'm also going to get started on BSODs. I'm seein a A LOT of them lately, and I've always wondered how TorrentG did it.

I've got 2 weeks holidays from this evening on, so I'll install the tools, find an old BSOD and see if I can find th same results.

 

[Elmer BeFuddled]

I downloaded the Debug tools, and the symbols pertaining to my 64 bit Seven set up (a start, better than an empty symcache folder) a couple of weeks back and then, as TG suggested, I follow with interest.

So I follow a few and then I start to get to grips with the out-dated drivers.

Aha! Methinks, one day in a Eureka! moment, its your out of date thingymebob.sys that's causing the problem. (Smug) Now lets see what TG's answer is.

So, TG pulls the "Its your Avalonitux Deferender Anti virus that's causing the problem".

WTF???? I didn't see any mentions of Anti virus. Where did that come from?

Oh well, back to the drawing board.

 

[Elmer BeFuddled]

Whenever I load up a minidump file to WinDeBug, I seem to be looking at "Debuggee not connected" in the adress bar for ages. Is this normal or am I missing a setting somewhere?

 

[TorrentG]

Whenever I load up a minidump file to WinDeBug, I seem to be looking at "Debuggee not connected" in the adress bar for ages. Is this normal or am I missing a setting somewhere?

Yeah, it happens very often.

Simply type this in the bottom then press enter:

!analyze -v

Also, make sure that the WinDbg has permissions to access the internet if you have a 3rd party firewall.

Anyhow, did you set the correct symbol path in the software?

 

[Elmer BeFuddled]

Yeah, it happens very often.
Simply type this in the bottom then press enter: !analyze -v

Aah! I've been waiting for it to do its thaing!

Also, make sure that the WinDbg has permissions to access the internet if you have a 3rd party firewall.

I use the Windows F/W, I thought that might have been an issue, so I added WinDbg to the F/W's "Allow list".

Anyhow, did you set the correct symbol path in the software?

Yeah, I've got my symcache folder inside my Dbug folder at C:\. I also downloaded the Win7 symbols pack and loaded all the symbols that matched my drivers plus a few from reading some of the older Bsod threads. I though a small start was better than nothing!
When I run lmtn and look in my symcache folder you can see the list expanding so I'm getting them OK.

 

[TorrentG]

Nice, my SymCache folder is 879 MB at the moment...so many versions of drivers from XP, Vista, 7. heh heh

 

[Elmer BeFuddled]

One more thing TG...

Hey TG! On one of the threads recently you posted a couple of links for drivers.

One was to a web site that gave a comprehensive list of drivers.
The other was a list (I think) of where you should go to get your drivers.

Could you post them again please? I can't remember which site or thread it was on!!

B.T.W. You also told someone how to manually install drivers (Device Manager> [FONT=&quot]Device > [/FONT][FONT=&quot]Update Driver Software > [/FONT][FONT=&quot]Browse> [/FONT][FONT=&quot]My Computer > [/FONT][FONT=&quot]Let me pick > [/FONT][FONT=&quot]Have disk > [/FONT][FONT=&quot]Browse...).[/FONT][FONT=&quot] Thanks for that, I usually spend ages installing drivers as I forget the routine. It's now a "sticky"![/FONT]

 

[TorrentG]

Not sure what you mean really. I post links to drivers probably 20-30 times a day.

The previous page of this thread has something like what you're saying.

You're welcome, about the manual install.