prakashpms Posted May 16, 2011 Posted May 16, 2011 In Windows 2008, it causes frequent crash of windows resulting in blue screen. On debugging the crash dump file, it shows VISTA_DRIVER_FAULT and points to a process that belongs to our application. On collecting crash dump two times, it showed two different processes that belong to our application. From the stack trace, I am unable to get much information other than some kernel related symbols. How do I proceed to check what is the cause of the problem from the crash dump? The following is the output of the stack trace. The process NodeScann in the trace belongs to our application. How do I use the dump to find out exact cause of the dump. I tried loading all the pdb files of our application etc, but unable to get any info from the stack trace. Thanks Praks ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_OBJECT_TERMINATION (f4) A process or thread crucial to system operation has unexpectedly exited or been terminated. Several processes and threads are necessary for the operation of the system when they are terminated (for any reason), the system can no longer function. Arguments: Arg1: 0000000000000003, Process Arg2: fffffa800680ba30, Terminating object Arg3: fffffa800680bd10, Process image file name Arg4: fffff8000199ddb0, Explanatory message (ascii) Debugging Details: ------------------ Page 12f940 not present in the dump file. Type ".hh dbgerr004" for details PROCESS_OBJECT: fffffa800680ba30 IMAGE_NAME: _ DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: _ FAULTING_MODULE: 0000000000000000 PROCESS_NAME: NodeScann BUGCHECK_STR: 0xF4_NodeScann DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80001a22982 to fffff8000169a640 STACK_TEXT: fffff880`03baeb08 fffff800`01a22982 : 00000000`000000f4 00000000`00000003 fffffa80`0680ba30 fffffa80`0680bd10 : nt!KeBugCheckEx fffff880`03baeb10 fffff800`019d00ab : ffffffff`ffffffff fffffa80`06229500 fffffa80`0680ba30 fffffa80`057abb30 : nt!PspCatchCriticalBreak+0x92 fffff880`03baeb50 fffff800`01953698 : ffffffff`ffffffff 00000000`00000001 fffffa80`0680ba30 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17ad6 fffff880`03baeba0 fffff800`016998d3 : fffffa80`0680ba30 fffff880`ffffffff fffffa80`06229500 fffffa80`0625bfe0 : nt!NtTerminateProcess+0xf4 fffff880`03baec20 00000000`773d15da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0444e808 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773d15da STACK_COMMAND: kb FOLLOWUP_NAME: MachineOwner FAILURE_BUCKET_ID: X64_0xF4_NodeScann_IMAGE__ BUCKET_ID: X64_0xF4_NodeScann_IMAGE__ Followup: MachineOwner Quote
ICTCity Posted May 16, 2011 Posted May 16, 2011 Try to open the dump file with this: http://www.nirsoft.net/utils/blue_screen_view.html Hope this help... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
prakashpms Posted May 17, 2011 Author Posted May 17, 2011 Try to open the dump file with this: http://www.nirsoft.net/utils/blue_screen_view.html Hope this help... Thanks for the link. Since the dump file is not giving much information using windbg, this also shows very little. It could not show the drivers affecting the crash etc. All I could see is the blue screen using blue screen view. Quote
ICTCity Posted May 17, 2011 Posted May 17, 2011 Thanks for the link. Since the dump file is not giving much information using windbg, this also shows very little. It could not show the drivers affecting the crash etc. All I could see is the blue screen using blue screen view. Can you please upload the DMP file? Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
prakashpms Posted May 17, 2011 Author Posted May 17, 2011 Can you please upload the DMP file? It is around 500MB. Quote
prakashpms Posted May 17, 2011 Author Posted May 17, 2011 It is around 500MB. Is that ok if I make it available from an http or ftp location for you to download? Quote
ICTCity Posted May 17, 2011 Posted May 17, 2011 Is that ok if I make it available from an http or ftp location for you to download? yes. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
prakashpms Posted May 17, 2011 Author Posted May 17, 2011 yes. It is available for download at http://02cb259.netsolhost.com/dump/MEMORY.DMP Quote
ICTCity Posted May 17, 2011 Posted May 17, 2011 I have no idea. The only thing that I can read is "CRITICAL_OBJECT_TERMINATION" which means nothing to me! You could use WinDbg but honestly I don't think you will find something more... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
prakashpms Posted May 17, 2011 Author Posted May 17, 2011 I have no idea. The only thing that I can read is "CRITICAL_OBJECT_TERMINATION" which means nothing to me! You could use WinDbg but honestly I don't think you will find something more... Yes. I have already used windbg and could not get much information. All I could see is the kernel stack information and the process name and nothing more. Quote
ICTCity Posted May 17, 2011 Posted May 17, 2011 I assume you can see nothing in event viewer... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts