How Do I read a Mini Crash .Dmp file?

[spywriter007]

Hi All,

I've been getting some random BSODs and I am wondering how to read the mini dump (.dmp) file or if someone can read it for me and tell me what it means.

The last two times my system crashed, I was using VOIP applications which makes me wonder if the crashes are a driver issue. The BSODs are happening very rarely... like maybe every 3 months (and I use my PC daily)... but I still have to wonder what is causing the problem.

Here's what Windows Event Viewer says:

The computer has rebooted from a bugcheck. The bugcheck was: 0x1000007e (0xffffffffc0000005, 0xfffff88007941f8a, 0xfffff88002939898, 0xfffff880029390f0). A dump was saved in: C:\Windows\Minidump\041313-44117-01.dmp. Report Id: 041313-44117-01.

Anyway... I went to Microsoft's Debugging Tools page but I am not sure what to custom install after I download the winsdk_web.exe file as there are debugging tools listed under the sections "Redistributable Packages" and "Common Utilities". Which one of these contains WinDbg which will allow me to read the .dmp file??

Download Microsoft Windows SDK 7.1 from Official Microsoft Download Center

If anyone can provide me with any assistance on this it would be greatly appreciated, thanks.

Cricket

 

[roboticarm]

Does this page help? How to read the small memory dump files that Windows creates for debugging

Also have a look here: http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html

 

[koolkat77]

You can follow this tutorial: http://www.sevenforums.com/crash-lo...d-analysis-getting-started-5.html#post2251058

Scroll down to this part:

Install Debugging Tools for Windows as Part of the Windows SDK

If you don’t need the WDK but you do need the Windows SDK, you can install Debugging Tools for Windows as part of the Windows SDK. In the installation wizard, be sure to select Debugging Tools.

• Install Debugging Tools for Windows as part of the SDK

Which gives this link:

• Windows Software Development Kit (SDK) for Windows 8

Download the sdksetup.exe

Quick Details

Version: Windows SDK for Windows 8
Windows ACK Version: 2.2
Date published: November 15, 2012
File name: sdksetup.exe

Installation file should take you to a page like this (See attachment):

View attachment 249747

Deselect everything except the debugging tools for windows.

Make sure you have net framework 4.5 installed.

 

[spywriter007]

Hi Koolkat,

Thanks for your reply. I downloaded and installed Net Framework 4.5 and the Windows Debugging tools. Anyway I used WinDbg to open the file but I am not sure if it's telling me anything.

Here's what it says....

Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\CJ\Desktop\041313-44117-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff800`02a1f000 PsLoadedModuleList = 0xfffff800`02c62670
Debug session time: Sat Apr 13 21:56:54.631 2013 (UTC - 4:00)
System Uptime: 0 days 12:37:33.410
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.........
*** WARNING: Unable to verify timestamp for lvrs64.sys
*** ERROR: Module load completed but symbols could not be loaded for lvrs64.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88007941f8a, fffff88002939898, fffff880029390f0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : lvrs64.sys ( lvrs64+2f8a )
Followup: MachineOwner
---------

 

[koolkat77]

You need to set the symbol path also:

When done, open a copy of Windbg, go to File > Symbol file path, and copy/paste:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

 

[spywriter007]

Hi Koolkat,

Ok... Thanks for your reply. I went and downloaded the symbols... and here's what it's showing now (see below).


I am not sure if it loaded all the symbols or not because it indicates that "symbols could not be loaded for lvrs64.sys".

Anyway... let me know what I need to do next.

Cricket


=================================================

Microsoft (R) Windows Debugger Version 6.2.9200.20512 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Users\CJ\Desktop\041313-44117-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18113.amd64fre.win7sp1_gdr.130318-1533
Machine Name:
Kernel base = 0xfffff800`02a1f000 PsLoadedModuleList = 0xfffff800`02c62670
Debug session time: Sat Apr 13 21:56:54.631 2013 (UTC - 4:00)
System Uptime: 0 days 12:37:33.410
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
.........
*** WARNING: Unable to verify timestamp for lvrs64.sys
*** ERROR: Module load completed but symbols could not be loaded for lvrs64.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff88007941f8a, fffff88002939898, fffff880029390f0}
Probably caused by : lvrs64.sys ( lvrs64+2f8a )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88007941f8a, The address that the exception occurred at
Arg3: fffff88002939898, Exception Record Address
Arg4: fffff880029390f0, Context Record Address
Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
lvrs64+2f8a
fffff880`07941f8a 45396924 cmp dword ptr [r9+24h],r13d
EXCEPTION_RECORD: fffff88002939898 -- (.exr 0xfffff88002939898)
ExceptionAddress: fffff88007941f8a (lvrs64+0x0000000000002f8a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000004f942c4
Attempt to read from address 0000000004f942c4
CONTEXT: fffff880029390f0 -- (.cxr 0xfffff880029390f0)
rax=0000000000000000 rbx=fffffa80069aa750 rcx=0000000000000001
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88007941f8a rsp=fffff88002939ad0 rbp=0000000004f942a0
r8=0000000000000000 r9=0000000004f942a0 r10=0000000000000002
r11=0000000004f942a0 r12=fffffa8008380780 r13=0000000000000000
r14=0000000004f942a0 r15=0000000004f942a0
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
lvrs64+0x2f8a:
fffff880`07941f8a 45396924 cmp dword ptr [r9+24h],r13d ds:002b:00000000`04f942c4=????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000004f942c4
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ccc100
GetUlongFromAddress: unable to read from fffff80002ccc1c0
0000000004f942c4 Nonpaged pool
FOLLOWUP_IP:
lvrs64+2f8a
fffff880`07941f8a 45396924 cmp dword ptr [r9+24h],r13d
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88007941f8a
STACK_TEXT:
fffff880`02939ad0 00000000`00000000 : fffffa80`0a4ef088 00000000`00000000 00000000`00000000 fffffa80`0a4ef0d0 : lvrs64+0x2f8a

SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: lvrs64+2f8a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: lvrs64
IMAGE_NAME: lvrs64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f166964
STACK_COMMAND: .cxr 0xfffff880029390f0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_lvrs64+2f8a
BUCKET_ID: X64_0x7E_lvrs64+2f8a
Followup: MachineOwner
---------

 

[koolkat77]

That's fine. Right now it looks like the cause of your BSOD is a Logitech Camera driver Driver Reference Table - lvrs64.sys

Download the latest version available. Driver reinstallation:

Method:

• Click on the Start rb: ► Control Panel ► Programs ► Uninstall a program ► Uninstall everything related to the software.
• Delete remnants of its drivers/older drivers using Driver Fusion/Sweeper
• Tutorial: Sometimes drivers remain, not completely uninstalled. Follow this tutorial for complete removal of drivers of the particular program> http://www.sevenforums.com/tutorials/83814-drivers-clean-left-over-files-after-uninstalling.html

 

[spywriter007]

Hi Koolkat,

Thanks for your reply. That doesn't surprise me that it is a Logitech Driver... as the BSODs I have gotten seem to happen in the middle of a voice chat with someone.

The weird thing is they are not happening all the time... just every now and then.

Every once in a blue moon, I get a blue screen

Cricket

 

[koolkat77]

You can disable and unplug that device.
Try another one in its place.

 

[spywriter007]

Well I have had this webcam for several months so I can't really return it. I will go on the Logitech forums and report the issue.

Thanks very much for your help.

Cricket

 

[koolkat77]

You're welcome, will wait to hear from you.

Next when you get a BSOD please post all the files following http://www.sevenforums.com/bsod-help-support/96879-blue-screen-death-bsod-posting-instructions.html for a better analysis