How to read memory dumps?

Discussion in 'Windows 7 Help and Support' started by BetaMac, Mar 29, 2010.

  1. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Ok, I've been getting random BSOD's lately on my Win7Ult 64b, and cant find the root of the issue. I've got my memory dumps, and dl'd Windebug to read them., but truthfully I'm at the extent of my knowledge at this point. I know I'm looking for a faulty driver somewhere, from what my BSOD tells me, but the dumps are... well quizzing. How can i make sense of what they're telling me?
     
  2. SlyDelvecchio

    SlyDelvecchio New Member

    Joined:
    Mar 30, 2010
    Messages:
    10
    Likes Received:
    0
    Have you specified the Windows Symbol Path? And are you running the "extended" scan?
     
  3. ickymay

    ickymay New Member

    Joined:
    Jan 12, 2009
    Messages:
    1,689
    Likes Received:
    113
    attach your .dmp and someone can take a look at it How to ask for help with a BSOD problem :)
     
  4. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0

    Thanks icky, but the point of my thread is to learn more about reading the dumps myself. And of course, if i get too far in, then I will happily upload my dumps. I just want to be more self reliant. I'm pretty good with computers, but never ran into a major BSOD problem (testament to how well I've kept my machines, i hope!) which is why I'm posting now. So if you can, help me understand what they're saying. :)
     
    #4 BetaMac, Mar 30, 2010
    Last edited: Mar 30, 2010
  5. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Ummm, remember that part about me writing "but truthfully I'm at the extent of my knowledge at this point."? Yeah, I wasn't lying :redface:.
    I read about the Symbols grammar when i dl'd dbug, but I wasn't aware i need to specify the path. Which path, the one to my dump? Soirry, Im just trying to get a better bearing on how to troubleshoot this issue. I appreciate your help!
     
  6. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Ok, I think i know what you mean by the symbol path, I started Windebug with the "-y" switch (or argument!) but nothing happens. It just starts the way it did before, and opening my dump, still says I need to set my Symbol path (why doesn't debug do this automagically?).



    EDIT: Got that wrong as well. Ok, I think I understand, Symbols are .pdb files, right? I need to find them, but a wildcard search doesn't show any .pdb files on system. So how can I link WinDebug with "Symbols" which dont exist so i can read my memory dumps???? Damn you MS! Lost I am!



    EDIT#2: Ahhh, maybe if I downloaded and installed the symbols pack I can do this? Hmm, maybe? Lol, yeah I'm a smart dude. lol
     
    #6 BetaMac, Mar 30, 2010
    Last edited: Mar 30, 2010
  7. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    *This* seriously cannot be this complicated. And I havent done anything yet. I've installed the correct Symbols pack, and pointed Debug to the correct path and Debug says.... You do not have the Symbols installed. Really? OK, yeah... help.
     
  8. ickymay

    ickymay New Member

    Joined:
    Jan 12, 2009
    Messages:
    1,689
    Likes Received:
    113
    the symbols path for debugger is the first thing you need to set on install in order for debugger to work, as you have discovered :eek:

    what it means is where debugger accesses it's symbols from, this is ultimately two places , the first is your own symbols store on your pc and the second is a download path to a Microsoft file server ;)

    open debugger then click file\symbol file path (ctrl+S) then in that box enter SRV*C:\SymCache*ht tp://msdl.microsoft.com/download/symbols then close and save

    If you went for the default install this should work "out of the box" where SRV*C:\SymCache*ht tp://msdl.microsoft.com/download/symbols information is your own symbols already downloaded onto your pc into the default directory, and SRV*C:\SymCache*ht tp://msdl.microsoft.com/download/symbols is where debugger accesses msdl for any other symbols needed on demand ..........

    personally for the purposes of debugging I set debugger as the default program for .dmp files so i can simply download any files and double click them to automatically open debugger and start the process ....

    using debugger effectively is a huge subject starting with the switches you use , recognizing NT kernels , Microsoft patch versions and checking driver date stamps etc but working with the same OS after a few months debugging files you can start to see recognizable patterns, files and bugcheck codes that all help to nail down the causes :cool:

    N.B. for all the lines above SRV*C:\SymCache*ht tp://msdl.microsoft.com/download/symbols remove the space in ht tp which i added to stop the forum automatically treating it as a url ;)
     
  9. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Cant read the dumps, need help!

    Alright, I'm back, and honestly, between work, school, naggy GF, and my incredibly awesome dog, I have *no* time to get this down. And this week my comp has crashed 3 times more often than it had. I need some help. I'm canceling the idea of learning how to read dumps, I just need to know which driver is causing me all these problems, so if anyone can give me help, I would really appreciate it!

    EDIT: Sorry, forgot to ul my most recent dumps. All from April.
     

    Attached Files:

    #9 BetaMac, Apr 22, 2010
    Last edited: Apr 22, 2010
  10. ickymay

    ickymay New Member

    Joined:
    Jan 12, 2009
    Messages:
    1,689
    Likes Received:
    113
    consistent across all 8 .dmp files this is a bugcheck 0x10d (0x5 , 0x0, 0x1401, 0xa80080c) = the Kernel Windows Driver Framework (KWDF) encountered an error. The probable cause was listed as the Microsoft 1394 OpenHCI Driver - 1394ohci.sys - which is Firewire which points the blame at your flex audio drivers ??
    does that sound familiar ?

    you also have a lot of other drivers present in the crash dmp which are dated from around july\august 2009 and really need updating , such as the realtek driver
    found here

    track down your audio drivers and update them , then go to your motherboard manufacturers website and download the lastest chipset drivers and all other devices ?

    also check your systems compatibility with windows 7 upgrade advisor found here

    let us know how it goes ?
     
  11. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Yup, I knew it. BTW big thanks icky. The ffsaffire is my audio card (I do music) and I figured it was the root of my issues, my crashes happen at 2 times, either listening to audio, or downloading (which I'm always doing, dl'ing). Which is why my Realtek drivers (ethernet) are out of date. I updated them, and immediately got consistent crashes. So my issue is my audio card, which aint gonna get updated anytime soon (Focusrite canceled my card so no new driver updates), and my Realtek 'net drivers which even though a new version came out, it causes BSOD like nuts (possibly a reaction between both?). Sucks, I really dont wnat to buy a new Audio device, but seems I'm gonna have to. I'll ebay it and take a loss, i guess. Thanks again, icky.
     
  12. ickymay

    ickymay New Member

    Joined:
    Jan 12, 2009
    Messages:
    1,689
    Likes Received:
    113
    glad i have helped and it's a shame you can't use that card due to lack of driver support :(

    have you tried emailing the manufacturer ?
     
    BetaMac and (deleted member) like this.
  13. SlyDelvecchio

    SlyDelvecchio New Member

    Joined:
    Mar 30, 2010
    Messages:
    10
    Likes Received:
    0
    I've had exactly this problem too. I was using Windows 7 Professional x64. I went through 3 sound cards until I found a stable, working one that held the settings properly.

    Good job I own a shop or it would have been a pain to try all the different cards.
    The card I ended up with some cheapo C-Media card. Works a charm, though.
     
  14. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Yeah, the bitch is I bought the card about 2 years ago, right before I got my win7 beta download. Maybe a month or two after, the company canceled the line, introduced newer cards. Since then they've had one driver update that's still in beta, mind you, to fix a miiinnnnoor metering problem. No 64 bit drivers, no Vista or win7 drivers. Ah well you live and learn.

    icky, I would contact them but i'm sure you can imagine how many others have already begged and asked and pleaded for newer drivers, and they simply wont budge. "You want newer drivers, buy one of our newer cards."
     
  15. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Success!

    I've finally found the source of my issues! As it turned out, I was running my computer in the Balanced power profile, thinking it would throttle up as I needed, but otherwise run low if nobody was using it. Apparently, it does not. Using the excellent DPC latency checker (Google it!), I could see, visually, how even opening a web page caused such latency and how my system would spike for power, but there was none! A simple check to the High Power profile and my system calmed down like a baby on the nipple! I have no spikes, and thereby, no dropouts nor BSODs! A simple fix, for a simple oversight, I recommend those that have similar problems to check their power profile!
     
  16. ickymay

    ickymay New Member

    Joined:
    Jan 12, 2009
    Messages:
    1,689
    Likes Received:
    113
    you mean the power options from windows control panel ?
     
  17. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Yes, apologies, in my happiness forgot to be specific :D! I'm so amazed at this, it has totally transformed my system to a rock solid machine! To that thought, how would this affect laptop users, as they cant be on a High Power profile while mobile, and this issue affected my audio, perhaps on another system affect graphics or wLAN.
     
  18. ickymay

    ickymay New Member

    Joined:
    Jan 12, 2009
    Messages:
    1,689
    Likes Received:
    113
    I don't see how it could ?
     
  19. BetaMac

    BetaMac New Member

    Joined:
    Mar 29, 2010
    Messages:
    26
    Likes Received:
    0
    Right? I'm no newcomer to computer mechanics myself, but it really does work this way. As a matter of fact it was one of the "Win 7 optimizing" strategies the soundcards makers have on their website, which I had followed earlier, but without the diagnostic tool, I wasn't aware of the impact this particular advice had. In essence, I had tried so many different things, I assumed this would have, if any little to no effect on my situation, as I imagine you would as well. I need to read a bit more on how power savings settings impact how the computer and OS runs programs. As I noted before, I simply assumed that the Balanced configuration would simply throttle down if there was no usage on the processor, whereas the High Performance setting would keep the engine running full throttle, fans running hot and such. But I guess I was wrong! Anywho, I'm attaching a screenshot showing the dramatic difference turning it on and off has. The yellow and red bars show high latency which interrupts and causes the proc to compensate, I'm assuming. the green bars means all is cool, no issues. You'll see a steady stream of green then, when I switch the power profile, it shows higher and more dramatic issues. Mind you, I'm doing simple things, downloading some music, and of course responding here. Amazing. The tool is DPC Latency Checker from here.
     

    Attached Files:

  20. ickymay

    ickymay New Member

    Joined:
    Jan 12, 2009
    Messages:
    1,689
    Likes Received:
    113
    that is truly an excellent tool and i can see how it has shown you the cause of your bluescreen problems, but to find the cure it's then that some assumptions are being made ?

    As I understand it the overall power options in windows are mostly triggered reactions to timers or button presses such as sleep and hibernate etc but in amongst the advanced options there are settings which make specific power management changes , these are normally accessible from device manager ?

    have you tried going through all of your devices including your soundcard and unticking "allow the computer to turn off this device to save power" or is there no available tab ?

    I am not totally surprised at this situation though as power management and sleep and device power control has always been problematic in windows systems :frown:
     

Share This Page

Loading...