Dump file analysis - more help required

• Question

• 

  

  0

  Sign in to vote

  Hi Everyone,
  
                      Am currently facing an BSOD issue where i am trying to analyse the issue. I have tried using the Windows debugger to find the Root cause but am struck up there , where i need your help.
  
  Below is the Crash dump analysis output , which says Mcpdh.exe is the reason for the BSOD, but i would like to know where exactly the issue lies with in the mcpdh.exe as the this mcpdh.exe is an custom application. I would appreciate if we could really point out which line or function in the application(mcpdh.exe) has caused  the BSOD.
  
  
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  Use !analyze -v to get detailed debugging information.
  
  BugCheck 1000008E, {c0000005, 80932514, baf6fb64, 0}
  
  Probably caused by : ntkrnlmp.exe ( nt!CmpFindValueByNameFromCache+be )
  
  Followup: MachineOwner
  ---------
  
  3: kd> !analyze -v
  *******************************************************************************
  *                                                                             *
  *                        Bugcheck Analysis                                    *
  *                                                                             *
  *******************************************************************************
  
  KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
  This is a very common bugcheck.  Usually the exception address pinpoints
  the driver/function that caused the problem.  Always note this address
  as well as the link date of the driver/image that contains this address.
  Some common problems are exception code 0x80000003.  This means a hard
  coded breakpoint or assertion was hit, but this system was booted
  /NODEBUG.  This is not supposed to happen as developers should never have
  hardcoded breakpoints in retail code, but ...
  If this happens, make sure a debugger gets connected, and the
  system is booted /DEBUG.  This will let us see why this breakpoint is
  happening.
  Arguments:
  Arg1: c0000005, The exception code that was not handled
  Arg2: 80932514, The address that the exception occurred at
  Arg3: baf6fb64, Trap Frame
  Arg4: 00000000
  
  Debugging Details:
  ------------------
  
  
  EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
  
  FAULTING_IP:
  nt!CmpFindValueByNameFromCache+be
  80932514 3b4804          cmp     ecx,dword ptr [eax+4]
  
  TRAP_FRAME:  baf6fb64 -- (.trap 0xffffffffbaf6fb64)
  ErrCode = 00000000
  eax=00790052 ebx=baf6fc7c ecx=249e5540 edx=e181e890 esi=e181e890 edi=baf6fc78
  eip=80932514 esp=baf6fbd8 ebp=baf6fc20 iopl=0         nv up ei pl nz na po nc
  cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
  nt!CmpFindValueByNameFromCache+0xbe:
  80932514 3b4804          cmp     ecx,dword ptr [eax+4] ds:0023:00790056=????????
  Resetting default scope
  
  CUSTOMER_CRASH_COUNT:  1
  
  DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP
  
  BUGCHECK_STR:  0x8E
  
  PROCESS_NAME:  mcpdh.exe
  
  CURRENT_IRQL:  0
  
  LAST_CONTROL_TRANSFER:  from 8092edf9 to 80932514
  
  STACK_TEXT: 
  baf6fc20 8092edf9 e181e890 baf6fcb0 baf6fc74 nt!CmpFindValueByNameFromCache+0xbe
  baf6fca4 80931865 e181e890 020a0030 7ffdec00 nt!CmQueryValueKey+0x23b
  baf6fd44 80833bef 00000744 7ffdebf8 00000002 nt!NtQueryValueKey+0x29a
  baf6fd44 7c82860c 00000744 7ffdebf8 00000002 nt!KiFastCallEntry+0xfc
  WARNING: Frame IP not in any known module. Following frames may be wrong.
  0012fd8c 00000000 00000000 00000000 00000000 0x7c82860c
  
  
  STACK_COMMAND:  kb
  
  FOLLOWUP_IP:
  nt!CmpFindValueByNameFromCache+be
  80932514 3b4804          cmp     ecx,dword ptr [eax+4]
  
  SYMBOL_STACK_INDEX:  0
  
  SYMBOL_NAME:  nt!CmpFindValueByNameFromCache+be
  
  FOLLOWUP_NAME:  MachineOwner
  
  MODULE_NAME: nt
  
  IMAGE_NAME:  ntkrnlmp.exe
  
  DEBUG_FLR_IMAGE_TIMESTAMP:  49c22f72
  
  FAILURE_BUCKET_ID:  0x8E_nt!CmpFindValueByNameFromCache+be
  
  BUCKET_ID:  0x8E_nt!CmpFindValueByNameFromCache+be
  
  Followup: MachineOwner
  ---------
  
  3: kd> lmvm nt
  start    end        module name
  80800000 80a7e000   nt       # (pdb symbols)          C:\Program Files\Debugging Tools for Windows (x86)\sym\ntkrnlmp.pdb\EE9924F93AA24F008A3D9032AC21DE5F2\ntkrnlmp.pdb
      Loaded symbol image file: ntkrnlmp.exe
      Mapped memory image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\ntkrnlmp.exe\49C22F7227e000\ntkrnlmp.exe
      Image path: ntkrnlmp.exe
      Image name: ntkrnlmp.exe
      Timestamp:        Thu Mar 19 12:41:38 2009 (49C22F72)
      CheckSum:         00264643
      ImageSize:        0027E000
      File version:     5.2.3790.4478
      Product version:  5.2.3790.4478
      File flags:       0 (Mask 3F)
      File OS:          40004 NT Win32
      File type:        1.0 App
      File date:        00000000.00000000
      Translations:     0804.04b0
      CompanyName:      Microsoft Corporation
      ProductName:      Microsoft(R) Windows(R) Operating System
      InternalName:     ntkrnlmp.exe
      OriginalFilename: ntkrnlmp.exe
      ProductVersion:   5.2.3790.4478
      FileVersion:      5.2.3790.4478 (srv03_sp2_gdr.090319-1204)
      FileDescription:  NT Kernel & System
      LegalCopyright:   (C) Microsoft Corporation. All rights reserved.
  

  ---

  S.Arun Prasath IBM Global delivery

  • Edited by Arun Prasath S (Arun) Tuesday, December 8, 2009 3:40 PM spell checks
  • Moved by Bruce AdamczakMicrosoft employee Thursday, December 10, 2009 1:47 PM find correct forum (From:Windows Perfmon and Diagnostic Tools)

  Tuesday, December 8, 2009 3:37 PM