Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How Do I read a Mini Crash .Dmp file?


13 Apr 2013   #1

Windows 7 Home Premum 64bit Service Pack 1
 
 
How Do I read a Mini Crash .Dmp file?

Hi All,

I've been getting some random BSODs and I am wondering how to read the mini dump (.dmp) file or if someone can read it for me and tell me what it means.

The last two times my system crashed, I was using VOIP applications which makes me wonder if the crashes are a driver issue. The BSODs are happening very rarely... like maybe every 3 months (and I use my PC daily)... but I still have to wonder what is causing the problem.

Here's what Windows Event Viewer says:

The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xffffffffc0000005, 0xfffff88007941f8a, 0xfffff88002939898, 0xfffff880029390f0). A dump was saved in: C:\Windows\Minidump\041313-44117-01.dmp. Report Id: 041313-44117-01.

Anyway... I went to Microsoft's Debugging Tools page but I am not sure what to custom install after I download the winsdk_web.exe file as there are debugging tools listed under the sections "Redistributable Packages" and "Common Utilities". Which one of these contains WinDbg which will allow me to read the .dmp file??

Download Microsoft Windows SDK 7.1 from Official Microsoft Download Center

If anyone can provide me with any assistance on this it would be greatly appreciated, thanks.

Cricket

My System SpecsSystem Spec
.

14 Apr 2013   #2

Windows 7 Home Premium x64
 
 

My System SpecsSystem Spec
14 Apr 2013   #3

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

You can follow this tutorial: BSOD Analysis - Getting Started

Quote:
Scroll down to this part:
Quote:
Install Debugging Tools for Windows as Part of the Windows SDK

If you don’t need the WDK but you do need the Windows SDK, you can install Debugging Tools for Windows as part of the Windows SDK. In the installation wizard, be sure to select Debugging Tools.
  • Install Debugging Tools for Windows as part of the SDK
Which gives this link:
Download the sdksetup.exe
Quote:
Quick Details

Version: Windows SDK for Windows 8
Windows ACK Version: 2.2
Date published: November 15, 2012
File name: sdksetup.exe
Installation file should take you to a page like this (See attachment):

Attachment 249747

Deselect everything except the debugging tools for windows.

Make sure you have net framework 4.5 installed.
My System SpecsSystem Spec
.


14 Apr 2013   #4

Windows 7 Home Premum 64bit Service Pack 1
 
 

Hi Koolkat,

Thanks for your reply. I downloaded and installed Net Framework 4.5 and the Windows Debugging tools. Anyway I used WinDbg to open the file but I am not sure if it's telling me anything.

Here's what it says....

Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\CJ\Desktop\041313-44117-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff800`02a1f000 PsLoadedModuleList = 0xfffff800`02c62670
Debug session time: Sat Apr 13 21:56:54.631 2013 (UTC - 4:00)
System Uptime: 0 days 12:37:33.410
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.........
*** WARNING: Unable to verify timestamp for lvrs64.sys
*** ERROR: Module load completed but symbols could not be loaded for lvrs64.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88007941f8a, fffff88002939898, fffff880029390f0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : lvrs64.sys ( lvrs64+2f8a )
Followup: MachineOwner
---------
My System SpecsSystem Spec
14 Apr 2013   #5

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

You need to set the symbol path also:
Quote   Quote: Originally Posted by Jonathan_King View Post
When done, open a copy of Windbg, go to File > Symbol file path, and copy/paste:
Code:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
My System SpecsSystem Spec
14 Apr 2013   #6

Windows 7 Home Premum 64bit Service Pack 1
 
 

Hi Koolkat,

Ok... Thanks for your reply. I went and downloaded the symbols... and here's what it's showing now (see below).


I am not sure if it loaded all the symbols or not because it indicates that "symbols could not be loaded for lvrs64.sys".

Anyway... let me know what I need to do next.

Cricket


=================================================

Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\CJ\Desktop\041313-44117-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`02a1f000 PsLoadedModuleList = 0xfffff800`02c62670
Debug session time: Sat Apr 13 21:56:54.631 2013 (UTC - 4:00)
System Uptime: 0 days 12:37:33.410
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.........
*** WARNING: Unable to verify timestamp for lvrs64.sys
*** ERROR: Module load completed but symbols could not be loaded for lvrs64.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88007941f8a, fffff88002939898, fffff880029390f0}
Probably caused by : lvrs64.sys ( lvrs64+2f8a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88007941f8a, The address that the exception occurred at
Arg3: fffff88002939898, Exception Record Address
Arg4: fffff880029390f0, Context Record Address
Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
lvrs64+2f8a
fffff880`07941f8a 45396924 cmp dword ptr [r9+24h],r13d
EXCEPTION_RECORD: fffff88002939898 -- (.exr 0xfffff88002939898)
ExceptionAddress: fffff88007941f8a (lvrs64+0x0000000000002f8a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000004f942c4
Attempt to read from address 0000000004f942c4
CONTEXT: fffff880029390f0 -- (.cxr 0xfffff880029390f0)
rax=0000000000000000 rbx=fffffa80069aa750 rcx=0000000000000001
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88007941f8a rsp=fffff88002939ad0 rbp=0000000004f942a0
r8=0000000000000000 r9=0000000004f942a0 r10=0000000000000002
r11=0000000004f942a0 r12=fffffa8008380780 r13=0000000000000000
r14=0000000004f942a0 r15=0000000004f942a0
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
lvrs64+0x2f8a:
fffff880`07941f8a 45396924 cmp dword ptr [r9+24h],r13d ds:002b:00000000`04f942c4=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000004f942c4
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ccc100
GetUlongFromAddress: unable to read from fffff80002ccc1c0
0000000004f942c4 Nonpaged pool
FOLLOWUP_IP:
lvrs64+2f8a
fffff880`07941f8a 45396924 cmp dword ptr [r9+24h],r13d
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88007941f8a
STACK_TEXT:
fffff880`02939ad0 00000000`00000000 : fffffa80`0a4ef088 00000000`00000000 00000000`00000000 fffffa80`0a4ef0d0 : lvrs64+0x2f8a

SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: lvrs64+2f8a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: lvrs64
IMAGE_NAME: lvrs64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f166964
STACK_COMMAND: .cxr 0xfffff880029390f0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_lvrs64+2f8a
BUCKET_ID: X64_0x7E_lvrs64+2f8a
Followup: MachineOwner
---------
My System SpecsSystem Spec
14 Apr 2013   #7

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

That's fine. Right now it looks like the cause of your BSOD is a Logitech Camera driver Driver Reference Table - lvrs64.sys

Download the latest version available. Driver reinstallation:

Method:
My System SpecsSystem Spec
14 Apr 2013   #8

Windows 7 Home Premum 64bit Service Pack 1
 
 

Hi Koolkat,

Thanks for your reply. That doesn't surprise me that it is a Logitech Driver... as the BSODs I have gotten seem to happen in the middle of a voice chat with someone.

The weird thing is they are not happening all the time... just every now and then.

Every once in a blue moon, I get a blue screen

Cricket
My System SpecsSystem Spec
14 Apr 2013   #9

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium 64Bit
 
 

You can disable and unplug that device.
Try another one in its place.
My System SpecsSystem Spec
14 Apr 2013   #10

Windows 7 Home Premum 64bit Service Pack 1
 
 

Well I have had this webcam for several months so I can't really return it. I will go on the Logitech forums and report the issue.

Thanks very much for your help.

Cricket
My System SpecsSystem Spec
Reply

 How Do I read a Mini Crash .Dmp file?




Thread Tools



Similar help and support threads for2: How Do I read a Mini Crash .Dmp file?
Thread Forum
Can't disable mini-toolbar that can cause Word 2010 to crash Microsoft Office
Is Media Software Required to Read Mini-CDs? Hardware & Devices
BSOD happening randomly (mini dmp file included) BSOD Help and Support
Crash Reports - Read Tutorials
Help required creating batch file to read .csv file General Discussion
Does Anyone know how to read a crash report BSOD Help and Support
problem reading mini dump file BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:12 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33