Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need Help Analyzing MiniDump

Status
Not open for further replies.

gmail2

Programmer
Jun 15, 2005
987
IE
Hi All

I've got a machine that's randomly giving BSOD. I've run a hard drive test and the drive is healty. I've analyzed the minidump file from the last crash, but I don't know how to get any useful information out of it. Can anybody help at all?
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\windows\symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Apr 2 09:38:09.437 2009 (GMT+1)
System Uptime: 0 days 1:20:49.975
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
..........................................................................................................................
Loading User Symbols
Loading unloaded module list
....................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 2, 1, 805095f2}

Probably caused by : ntoskrnl.exe ( nt!PiMarkDeviceStackStartPending+33 )

Followup: MachineOwner
---------

----- 32 bit Kernel Mini Dump Analysis

DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
KdSecondaryVersion 00000000
DirectoryTableBase 1f673000
PfnDataBase 81053000
PsLoadedModuleList 805624a0
PsActiveProcessHead 80568558
MachineImageType 0000014c
NumberProcessors 00000002
BugCheckCode 1000000a
BugCheckParameter1 00000000
BugCheckParameter2 00000002
BugCheckParameter3 00000001
BugCheckParameter4 805095f2
PaeEnabled 00000000
KdDebuggerDataBlock 805522e0
SecondaryDataState 00000000
ProductType 00000001
SuiteMask 00000110
MiniDumpFields 00000dff

TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 000024c8
ThreadOffset 00002728
CallStackOffset 00002980
SizeOfCallStack 000003b8
DriverListOffset 00002fc8
DriverCount 0000007b
StringPoolOffset 00005450
StringPoolSize 000010e8
BrokenDriverOffset 00000000
TriageOptions 00000041
TopOfStack a9fc6c48
DebuggerDataOffset 00002d38
DebuggerDataSize 00000290
DataBlocksOffset 00006538
DataBlocksCount 00000002
80509000 - 80509fff at offset 00006558
854b2000 - 854b2fff at offset 00007558
Max offset 8558, daa8 from end of file


Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805624a0
Debug session time: Thu Apr 2 09:38:09.437 2009 (GMT+1)
System Uptime: 0 days 1:20:49.975
start end module name
804d7000 806fd000 nt Thu Aug 14 10:58:09 2008 (48A401B1)
806fd000 8071dd00 hal Wed Aug 04 06:59:09 2004 (41107B2D)
a95a9000 a95d3180 kmixer Wed Jun 14 09:47:45 2006 (448FCD31)
a95d4000 a9617000 TmXPFlt Wed Nov 26 09:42:34 2008 (492D1A0A)
a9617000 a9739320 VSApiNt Wed Nov 26 09:39:41 2008 (492D195D)
a9ee7000 a9efb400 wdmaud Wed Jun 14 10:00:44 2006 (448FD03C)
a9f24000 a9f46080 RDPWD Fri Jun 10 00:52:39 2005 (42A8D647)
aa1c7000 aa207280 HTTP Fri Mar 17 00:33:09 2006 (441A03C5)
aa4b0000 aa501580 srv Thu Dec 11 11:57:18 2008 (4941001E)
aa5a2000 aa5c5000 Fastfat Wed Aug 04 07:14:15 2004 (41107EB7)
aa5c5000 aa66e600 hardlock Thu Nov 09 11:48:42 2006 (4553159A)
aa6bf000 aa6ead80 mrxdav Tue Dec 18 09:51:33 2007 (47679825)
aa70b000 aa719d80 sysaudio Wed Aug 04 07:15:54 2004 (41107F1A)
aa913000 aa916280 ndisuio Wed Aug 04 07:03:10 2004 (41107C1E)
aaba9000 aabb4a00 Haspnt Fri Nov 02 14:31:06 2001 (3BE2AE2A)
aac11000 aac28480 dump_atapi Wed Aug 04 06:59:41 2004 (41107B4D)
aac29000 aac78e00 akshasp Thu Nov 16 15:54:58 2006 (455C89D2)
aaca1000 aacba880 AKSCLASS Fri Jun 10 10:33:43 2005 (42A95E77)
aacbb000 aacd3700 aksusb Thu Nov 16 15:21:51 2006 (455C820F)
aacd4000 aad42c00 mrxsmb Fri Oct 24 12:10:39 2008 (4901AD2F)
aad43000 aad6da00 rdbss Fri May 05 10:47:55 2006 (445B1F4B)
aad6e000 aad8fc80 afd Thu Aug 14 10:51:42 2008 (48A4002E)
aad90000 aadb0f00 ipnat Wed Sep 29 23:28:36 2004 (415B3714)
aadb1000 aadd8c00 netbt Wed Aug 04 07:14:36 2004 (41107ECC)
aadd9000 aae30f80 tcpip Fri Jun 20 11:45:10 2008 (485B8A36)
aae31000 aae43400 ipsec Wed Aug 04 07:14:27 2004 (41107EC3)
aaf1c000 aaf29000 TmPreFlt Wed Nov 26 09:42:34 2008 (492D1A0A)
bf800000 bf9c2c00 win32k Mon Feb 09 10:19:20 2009 (49900328)
bf9c3000 bf9d4580 dxg Wed Aug 04 07:00:51 2004 (41107B93)
bf9d5000 bf9e3000 ialmrnt5 Fri Oct 01 00:57:51 2004 (415C9D7F)
bf9e3000 bfa02000 ialmdnt5 Fri Oct 01 00:57:45 2004 (415C9D79)
bfa02000 bfa27680 ialmdev5 Fri Oct 01 00:57:36 2004 (415C9D70)
bfa28000 bfaeb000 ialmdd5 Fri Oct 01 01:04:33 2004 (415C9F11)
f70c8000 f7120e80 update Mon Apr 23 11:32:54 2007 (462C8B56)
f7121000 f7151100 rdpdr Wed Aug 04 07:01:10 2004 (41107BA6)
f7152000 f7162e00 psched Wed Aug 04 07:04:16 2004 (41107C60)
f716f000 f7172a00 kbdhid Wed Aug 04 06:58:33 2004 (41107B09)
f7187000 f7189580 hidusb Fri Aug 17 22:02:16 2001 (3B7D8658)
f718b000 f71a1680 ndiswan Wed Aug 04 07:14:30 2004 (41107EC6)
f71a2000 f71b5900 parport Wed Aug 04 06:59:04 2004 (41107B28)
f71b6000 f71cd940 aeaudio Thu Oct 23 19:17:07 2003 (3F981B23)
f71ce000 f71f0680 ks Wed Aug 04 07:15:20 2004 (41107EF8)
f71f1000 f7214980 portcls Wed Aug 04 07:15:47 2004 (41107F13)
f7215000 f72aa840 smwdm Thu Apr 15 16:20:35 2004 (407EA843)
f72ab000 f72d6000 e1000325 Mon Nov 22 18:38:39 2004 (41A2322F)
f72d6000 f72f8e80 USBPORT Wed Aug 04 07:08:34 2004 (41107D62)
f72f9000 f730c780 VIDEOPRT Wed Aug 04 07:07:04 2004 (41107D08)
f730d000 f73c49a0 ialmnt5 Fri Oct 01 01:05:11 2004 (415C9F37)
f73c5000 f73c7280 rasacd Fri Aug 17 21:55:39 2001 (3B7D84CB)
f73cd000 f73d06e0 EAWDMFD Fri Oct 29 20:35:07 1999 (3819F6EB)
f73e1000 f73e3900 Dxapi Fri Aug 17 21:53:19 2001 (3B7D843F)
f740d000 f7427580 Mup Wed Aug 04 07:15:20 2004 (41107EF8)
f7428000 f7454a80 NDIS Wed Aug 04 07:14:27 2004 (41107EC3)
f7455000 f74e1400 Ntfs Fri Feb 09 11:10:31 2007 (45CC56A7)
f74e2000 f74f8780 KSecDD Wed Aug 04 06:59:45 2004 (41107B51)
f74f9000 f7518780 fltmgr Mon Aug 21 10:14:57 2006 (44E97991)
f7519000 f7530480 atapi Wed Aug 04 06:59:41 2004 (41107B4D)
f7531000 f7556700 dmio Wed Aug 04 07:07:13 2004 (41107D11)
f7557000 f7575880 ftdisk Fri Aug 17 21:52:41 2001 (3B7D8419)
f7576000 f7586a80 pci Wed Aug 04 07:07:45 2004 (41107D31)
f7587000 f75b4d80 ACPI Wed Aug 04 07:07:35 2004 (41107D27)
f75d6000 f75dec00 isapnp Fri Aug 17 21:58:01 2001 (3B7D8559)
f75e6000 f75f0500 MountMgr Wed Aug 04 06:58:29 2004 (41107B05)
f75f6000 f7602c80 VolSnap Wed Aug 04 07:00:14 2004 (41107B6E)
f7606000 f760ee00 disk Wed Aug 04 06:59:53 2004 (41107B59)
f7616000 f7622200 CLASSPNP Wed Aug 04 07:14:26 2004 (41107EC2)
f7636000 f763e700 wanarp Wed Aug 04 07:04:57 2004 (41107C89)
f7646000 f764e700 netbios Wed Aug 04 07:03:19 2004 (41107C27)
f7676000 f767e880 Fips Sat Aug 18 02:31:49 2001 (3B7DC585)
f7686000 f768ed80 HIDCLASS Wed Aug 04 07:08:18 2004 (41107D52)
f76c6000 f76d5900 Cdfs Wed Aug 04 07:14:09 2004 (41107EB1)
f7746000 f7754b80 drmk Wed Aug 04 07:07:54 2004 (41107D3A)
f7756000 f7762e00 i8042prt Wed Aug 04 07:14:36 2004 (41107ECC)
f7766000 f7775d80 serial Wed Aug 04 07:15:51 2004 (41107F17)
f7776000 f7782180 cdrom Wed Aug 04 06:59:52 2004 (41107B58)
f7786000 f7794080 redbook Wed Aug 04 06:59:34 2004 (41107B46)
f7796000 f779ed00 intelppm Wed Aug 04 06:59:19 2004 (41107B37)
f77a6000 f77b2880 rasl2tp Wed Aug 04 07:14:21 2004 (41107EBD)
f77b6000 f77c0200 raspppoe Wed Aug 04 07:05:06 2004 (41107C92)
f77c6000 f77d1d00 raspptp Wed Aug 04 07:14:26 2004 (41107EC2)
f77d6000 f77de900 msgpc Wed Aug 04 07:04:11 2004 (41107C5B)
f77e6000 f77eff00 termdd Wed Aug 04 06:58:52 2004 (41107B1C)
f7806000 f780f480 NDProxy Fri Aug 17 21:55:30 2001 (3B7D84C2)
f7826000 f7834100 usbhub Wed Aug 04 07:08:40 2004 (41107D68)
f7856000 f785c200 PCIIDEX Wed Aug 04 06:59:40 2004 (41107B4C)
f785e000 f7862900 PartMgr Sat Aug 18 02:32:23 2001 (3B7DC5A7)
f78d6000 f78db500 TDTCP Wed Aug 04 06:58:52 2004 (41107B1C)
f78de000 f78e3000 usbuhci Wed Aug 04 07:08:34 2004 (41107D62)
f78e6000 f78ec800 usbehci Wed Aug 04 07:08:34 2004 (41107D62)
f78ee000 f78f3a00 mouclass Wed Aug 04 06:58:32 2004 (41107B08)
f78f6000 f78fbac0 eaps2kbd Wed Dec 19 19:06:56 2001 (3C20E550)
f78fe000 f7904000 kbdclass Wed Aug 04 06:58:32 2004 (41107B08)
f7906000 f7907000 fdc unavailable (00000000)
f790e000 f7912880 TDI Wed Aug 04 07:07:47 2004 (41107D33)
f7916000 f791a580 ptilink Fri Aug 17 21:49:53 2001 (3B7D8371)
f791e000 f7922080 raspti Fri Aug 17 21:55:32 2001 (3B7D84C4)
f792e000 f7933000 flpydisk Wed Aug 04 06:59:24 2004 (41107B3C)
f7946000 f794c180 HIDPARSE Wed Aug 04 07:08:15 2004 (41107D4F)
f794e000 f7953200 vga Wed Aug 04 07:07:06 2004 (41107D0A)
f7956000 f795aa80 Msfs Wed Aug 04 07:00:37 2004 (41107B85)
f795e000 f7965880 Npfs Wed Aug 04 07:00:38 2004 (41107B86)
f798e000 f7992500 watchdog Wed Aug 04 07:07:32 2004 (41107D24)
f79e6000 f79e9000 BOOTVID Fri Aug 17 21:49:09 2001 (3B7D8345)
f7a82000 f7a85c80 serenum Wed Aug 04 06:59:06 2004 (41107B2A)
f7a8a000 f7a8c280 wmiacpi Wed Aug 04 07:07:39 2004 (41107D2B)
f7a8e000 f7a90f80 fsvga Fri Aug 17 21:57:21 2001 (3B7D8531)
f7a92000 f7a94580 ndistapi Fri Aug 17 21:55:29 2001 (3B7D84C1)
f7aae000 f7ab1c80 mssmbios Wed Aug 04 07:07:47 2004 (41107D33)
f7ad6000 f7ad7b80 kdcom Fri Aug 17 21:49:10 2001 (3B7D8346)
f7ad8000 f7ad9100 WMILIB Fri Aug 17 22:07:23 2001 (3B7D878B)
f7ada000 f7adb700 dmload Fri Aug 17 21:58:15 2001 (3B7D8567)
f7af4000 f7af5100 swenum Wed Aug 04 06:58:41 2004 (41107B11)
f7af6000 f7af7280 USBD Fri Aug 17 22:02:58 2001 (3B7D8682)
f7afc000 f7afdf00 Fs_Rec Fri Aug 17 21:49:37 2001 (3B7D8361)
f7afe000 f7aff080 Beep Fri Aug 17 21:47:33 2001 (3B7D82E5)
f7b00000 f7b01080 mnmdd Fri Aug 17 21:57:28 2001 (3B7D8538)
f7b02000 f7b03080 RDPCDD Fri Aug 17 21:46:56 2001 (3B7D82C0)
f7b18000 f7b19100 dump_WMILIB Fri Aug 17 22:07:23 2001 (3B7D878B)
f7b90000 f7b91a80 ParVdm Fri Aug 17 21:49:49 2001 (3B7D836D)
f7b9e000 f7b9ed00 pciide Fri Aug 17 21:51:49 2001 (3B7D83E5)
f7bbb000 f7bbbb80 Null Fri Aug 17 21:47:39 2001 (3B7D82EB)
f7c6c000 f7c6cc00 audstub Fri Aug 17 21:59:40 2001 (3B7D85BC)
f7c77000 f7c77d00 dxgthk Fri Aug 17 21:53:12 2001 (3B7D8438)

Unloaded modules:
a973a000 a9765000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9848000 a996b000 VSApiNt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9805000 a9848000 TmXPFlt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a973a000 a9765000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a973a000 a9765000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9df9000 a9e24000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7c27000 f7c28000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aa6fb000 aa708000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9ec4000 a9ee7000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9fb7000 a9fc5000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7b1c000 f7b1e000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9a76000 a9b99000 VSApiNt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9a33000 a9a76000 TmXPFlt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aa95e000 aaa81000 VSApiNt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
aa91b000 aa95e000 TmXPFlt.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7666000 f7671000 imapi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f7656000 f765f000 processr.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f73c9000 f73cd000 kbdhid.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f793e000 f7943000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f73d1000 f73d4000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {0, 2, 1, 805095f2}

Probably caused by : ntoskrnl.exe ( nt!PiMarkDeviceStackStartPending+33 )

Followup: MachineOwner
---------

Finished dump check

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Thanks for the quick reply Dian - I've given some responses below:
Keyboard issue - I'll check it out
Miscellaneous corruption .....
Corrupt boot.ini file. - I don't thinkt he PC would boot into Windows in that case?
Missing boot.ini file. - same as previous
Missing or corrupt ntoskrnl.exe file. - same as previous
Windows NT installed on a partition bigger then 7.8GB - does not apply, is Windows XP
Corrupted hard disk drive or severely corrupted Windows. - We've run diagnostics on the hard drive and it's healthy, but could possibly be windows corruption

The PC has been working fine for over 3 years and nothing has changed recently. I'm suspecting memory might be the issue but I'd like to find some help in reading the file none the less. The machine in question is at a remote site, so I'm going to send them memtest to test the memory. But as I said, if anybody can give me any clues on how to read the output, that'd be great

Thanks !

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
Install Debugging Tools for Windows 32-bit Version

Debugging Tools and Symbols: Getting Started

A couple of Vista articles but they may be worth looking at.

THE BLUE SCREEN OF DEATH

Analyze your Crash Dumps with WhoCrashed


Debugging a DUMP file in XP
thread779-1292544

Troubleshooting
How to Create and Use XP Critical Error DUMP files
faq779-6451
 
On random BSOD's, I would run a MEMTEST first, as that is most likely the cause... other causes are bad drivers or corrupt system files...

order of checking:

1. Memtest preferable from a bootable CD image...
2. CHKDSK /F (or /R) from the Recovery Console, to ensure that the drive is ok...
3. SFC /SCANNOW to check the system files integrity, have the XP CD at hand...

here are a few links to read up on:

Troubleshooting a Stop 0x0000000A Error in Windows XP

Possible Resolutions to STOP 0x0A, 0x01E, and 0x50 Errors

How to Use Driver Verifier to Troubleshoot Windows Drivers

During upgrade to Win XP



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
Hi guys, sorry for the late reply on this. I've run all sorts of hardware diagnostics on this machine including memtest86 and they've all come back fine. I also ran sfc /scannow and there was only one file replaced, and I also ran chkdsk /f to no avail.

Although the link below isn't the exact same symptoms as mine, I do have a LoadPerf warning in the Application log so I followed the instructions here also:


The interesting thing is, even after running chkdsk /f 3 times - when I run it again (with the /f switch) it still says that there were problems found. Any ideas why that might be?

With regard to the debugging tools - I've already instlled them, the output above is the result of running the minidump through the debugging tools. But I want to know how I can use this to find out what might be wrong ?????

Anybody got any suggestions

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau
 
The interesting thing is, even after running chkdsk /f 3 times - when I run it again (with the /f switch) it still says that there were problems found. Any ideas why that might be?
Have you run the HDD manufacturers tools on the harddrive? it may be an impending HDD failure that you are heading towards...

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
It is worth a try, to replace the ntoskrnl.exe file:
1. Start the computer by using your Windows XP CD-ROM. Press any key to boot from the CD.
2. After the setup files are finished loading press R to repair using Recovery Console.
3. When you are in the recovery console, select the installation to log on to (usually number 1), and then press ENTER.
4. Login to the Administrator account by typing the password for this account, and then press ENTER.
5. At the recovery console command prompt, type the following command, and then press ENTER:

For Uni-Processor systems (Single Core CPUs):
expand <cd-drive>:\i386\ntoskrnl.ex_ <hd-drive>:\Windows\system32\ntoskrnl.exe

For Multi-Processor systems (Dual core & Dual Socket CPUs):
expand <cd-drive>:\i386\ntkrnlmp.ex_ <hd-drive>:\Windows\system32\ntoskrnl.exe

Note In these two commands, the <cd-drive> placeholder represents the drive letter of your CD drive, and the <hd-drive> placeholder represents the drive letter of the hard disk on which windows is installed.

6. If you receive a prompt to overwrite the file, press Y.
7. Type exit, and press ENTER at the command prompt.
source: Microsoft

Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."

How to ask a question, when posting them to a professional forum.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top