dmp file analysis

[amni]

Hello,
I have a Java application that crashes when i click on printscreen, this happens on certain set of PCs only. It doesnt gives me BSOD, just the application crashes.

Can someone help me analyse .dmp file that is generated from windows
"User Mode Process Dumper'". It is 25MB file, I will upload after your confirmation.

thanks.

 

[zigzag3143]

Hello,
I have a Java application that crashes when i click on printscreen, this happens on certain set of PCs only. It doesnt gives me BSOD, just the application crashes.

Can someone help me analyse .dmp file that is generated from windows
"User Mode Process Dumper'". It is 25MB file, I will upload after your confirmation.

thanks.

Please upload it. Given its size (zipped?) you may have to upload it to a file sharing service like rapidshare. If so just include the link in the reply.

Ken

 

[amni]

HI Ken,
Thanks for looking at my post. dump file is uploaded here https://rapidshare.com/files/1150137096/javaw4344.rar

thanks.

 

[zigzag3143]

HI Ken,
Thanks for looking at my post. dump file is uploaded here https://rapidshare.com/files/1150137096/javaw4344.rar

thanks.

It is a memory exception (c000000005) caused by jvm.dll

Access violation - code c0000005 (first/second chance not available)

BAD_INSTRUCTION_PTR_c0000005_jvm.dll!Unknown

APPLICATION_FAULT_BAD_INSTRUCTION_PTR_INVALID_POINTER_READ_BAD_IP_jvm+a635

WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOn...0_0/bbbbbbb4/c0000005/00cdbec8.htm?Retriage=1

Followup: MachineOwner
---------


Unfortunately I cant get more specific because I dont have the symbols for XP SP-3 locally and the server seems to be offline.

I dont think it is the memory itself. I believe it is either a corrupt file or bad driver, Just in case please run these two tests.


Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder or another ISO burning program.

Boot from the CD, and leave it running for at least 5 or 6 passes.

Just remember, any time Memtest reports errors, it can be either bad RAM or a bad motherboard slot.

Test the sticks individually, and if you find a good one, test it in all slots.



Driver verifier

I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista/Win7 Startup Repair feature).

In Windows 7 you can make a Startup Repair disk by going to Start....All Programs...Maintenance...Create a System Repair Disc - with Windows Vista you'll have to use your installation disk or the "Repair your computer" option at the top of the Safe Mode menu .

Then, here's the procedure:
- Go to Start and type in "verifier" (without the quotes) and press Enter
- Select "Create custom settings (for code developers)" and click "Next"
- Select "Select individual settings from a full list" and click "Next"
- Select everything EXCEPT FOR "Low Resource Simulation" and click "Next"
- Select "Select driver names from a list" and click "Next"
Then select all drivers NOT provided by Microsoft and click "Next"
- Select "Finish" on the next page.

Reboot the system and wait for it to crash to the Blue Screen. Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out. If it doesn't crash for you, then let it run for at least 36 hours of continuous operation (an estimate on my part).

If you can't get into Windows because it crashes too soon, try it in Safe Mode.
If you can't get into Safe Mode, try using System Restore from your installation DVD to set the system back to the previous restore point that you created.

 

[amni]

HI Ken,
I have started the memtest process. But do you think bad RAM can affect only on certain key presses? Because in our case this issue is happening on certain computers only when we press "print screen".

In regards to your second suggestion "driver verifier", I am sorry but i didnt understand what it will do. I will follow these steps but what will happen at the end, a file will be created or ?

I have downloaded symbols for XP3 but i dont have JVM symbols of this specific version. Is there any way we can can get details without JVM .pdb files?

thanks.

 

[zigzag3143]

HI Ken,
I have started the memtest process. But do you think bad RAM can affect only on certain key presses? Because in our case this issue is happening on certain computers only when we press "print screen".

In regards to your second suggestion "driver verifier", I am sorry but i didnt understand what it will do. I will follow these steps but what will happen at the end, a file will be created or ?

I have downloaded symbols for XP3 but i dont have JVM symbols of this specific version. Is there any way we can can get details without JVM .pdb files?

thanks.

I doubt it is the ram just want you to cover all the bases. Driver verifier hopefully will capture the specific driver that is causing the crash. No we are going to have to find the jvm symbol files.


Is there any way you can use a workaround instead of the print screen? IE a third party utility, or the snipping tool, etc?

 

[amni]

Hi Ken,
After running driver verifier, where does it capture the details of crash?

 

[zigzag3143]

Hi Ken,
After running driver verifier, where does it capture the details of crash?

It is contained in the DMP file created when the computer BSOD. You need to run it until it does crash

 

[amni]

Hello Ken,
Sorry for the late reply, it took a while to get permissions from IT get these logs.

I have run the driver verifier and attached file is generated after this
https://rapidshare.com/files/1465333999/javaw164.rar

Can you please help me out and find which driver is causing this.

Memtest ran successfully without any errors

 

[niemiro]

Hello!

Which program is this? This looks as though you need to contact the developers. I shall give them the disassembly:

00CDBE7E C3 ret
00CDBE7F 8B 54 24 14 mov edx,dword ptr [esp+14h]
00CDBE83 8B CA mov ecx,edx
00CDBE85 90 nop
00CDBE86 90 nop
00CDBE87 E8 14 04 00 00 call 00CDC2A0
00CDBE8C 8B 54 24 14 mov edx,dword ptr [esp+14h]
00CDBE90 89 04 24 mov dword ptr [esp],eax
00CDBE93 8B 4C 24 10 mov ecx,dword ptr [esp+10h]
00CDBE97 E8 24 08 00 00 call 00CDC6C0
00CDBE9C 8D 44 24 18 lea eax,[esp+18h]
00CDBEA0 8B 78 04 mov edi,dword ptr [eax+4]
00CDBEA3 8B 37 mov esi,dword ptr [edi]
00CDBEA5 83 E6 07 and esi,7
00CDBEA8 83 FE 05 cmp esi,5
00CDBEAB 0F 84 14 00 00 00 je 00CDBEC5
00CDBEB1 8B 30 mov esi,dword ptr [eax]
00CDBEB3 85 F6 test esi,esi
00CDBEB5 0F 84 0A 00 00 00 je 00CDBEC5
00CDBEBB F0 0F B1 37 lock cmpxchg dword ptr [edi],esi
00CDBEBF 0F 85 C4 00 00 00 jne 00CDBF89
00CDBEC5 8B E5 mov esp,ebp
00CDBEC7 5D pop ebp
00CDBEC8 85 05 00 01 9F 00 test dword ptr ds:[9F0100h],eax // Crash - notice the ptr - notice the pop operations on the stack a line above - notice the locks - 9F0100h:10420480, eax:78444200
00CDBECE C3 ret

My best guess is that they are popping more off the stack than there is data on the stack, and the conditional jumps, je and jne, and what is on that stack may go someway to explaining this.

I have jumped into the deep end here...I haven't used assembly for ages, and so this might be wrong!

Richard

 

[amni]

Thanks Richard for sparing time to look at this post.

Whats happening is, there is a Java Applet which is running since 3 years, now when we use it on certain set of PCs it crashes when user presses PrintScreen .

I think it has something to do with the drivers on these machines rather than this applet. Because same applet is working since few years and even now it works fine on most of the machines.

IN these dump files do you see any driver doing anything bad? I have a doubt on "Font / display" drivers, but my knowledge with analysing dump files is not that good .

 

[amni]

Any body, please!