New
#1
Explorer Crashing Issue - Help need to analyse .dmp file
We have alot of issues with windows 7 computers at our business. Todate we are unsure what is causing the issue as there is no way to replicate it and it seems to be happening randomly.
Most of the time explorer doesnt crash as there is no error log in event viewer in relation to explorer or any other error i can see. Most issues are with desktop views not updating or responding correctly, also pc not shutting down as the explorer process is hanging at 50%.
Ending explorer and restarting the process fixes the issue even though there is not crash log.
I have added registry logging as per Collecting User-Mode Dumps so if explorer properly crashes(you get the not responding/restart process window and a event in event viewer) it will log the crash into a user .dmp file.
These dump files are very large, about 300mb in size. I have tried to open them in Windbg but i dont really get enough info i think I need some help to open these correct and get some information on what can be causing the explorer crashes and issue.
Is there anyone out there who has had experience opening and analysing these types of files as im having alot of trouble and getting know where.
See below the info when i go to open the crash dump via windbg. (this is all i get i would expect to get more info seeing the .dmp files are so large)
_____________________________________________________________________
Microsoft (R) Windows Debugger Version 6.2.8400.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\5109\Desktop\explorer.exe.2960.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: D:\Symbols
Executable search path is: C:\Users\5109\Desktop
Windows 7 Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Mon Jun 18 17:08:06.000 2012 (UTC + 1:00)
System Uptime: 0 days 13:21:54.028
Process Uptime: 0 days 7:41:25.000
................................................................
................................................................
................................................................
.......
Loading unloaded module list
................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(b90.17bc): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=01d5f3ec ecx=00000400 edx=00000000 esi=00000002 edi=00000000
eip=777d70b4 esp=01d5f39c ebp=01d5f438 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
777d70b4 c3 ret