locked
Dump file analysis - more help required RRS feed

  • Question

  • Hi Everyone,

                        Am currently facing an BSOD issue where i am trying to analyse the issue. I have tried using the Windows debugger to find the Root cause but am struck up there , where i need your help.

    Below is the Crash dump analysis output , which says Mcpdh.exe is the reason for the BSOD, but i would like to know where exactly the issue lies with in the mcpdh.exe as the this mcpdh.exe is an custom application. I would appreciate if we could really point out which line or function in the application(mcpdh.exe) has caused  the BSOD.


    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000008E, {c0000005, 80932514, baf6fb64, 0}

    Probably caused by : ntkrnlmp.exe ( nt!CmpFindValueByNameFromCache+be )

    Followup: MachineOwner
    ---------

    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 80932514, The address that the exception occurred at
    Arg3: baf6fb64, Trap Frame
    Arg4: 00000000

    Debugging Details:
    ------------------


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

    FAULTING_IP:
    nt!CmpFindValueByNameFromCache+be
    80932514 3b4804          cmp     ecx,dword ptr [eax+4]

    TRAP_FRAME:  baf6fb64 -- (.trap 0xffffffffbaf6fb64)
    ErrCode = 00000000
    eax=00790052 ebx=baf6fc7c ecx=249e5540 edx=e181e890 esi=e181e890 edi=baf6fc78
    eip=80932514 esp=baf6fbd8 ebp=baf6fc20 iopl=0         nv up ei pl nz na po nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
    nt!CmpFindValueByNameFromCache+0xbe:
    80932514 3b4804          cmp     ecx,dword ptr [eax+4] ds:0023:00790056=????????
    Resetting default scope

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

    BUGCHECK_STR:  0x8E

    PROCESS_NAME:  mcpdh.exe

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 8092edf9 to 80932514

    STACK_TEXT: 
    baf6fc20 8092edf9 e181e890 baf6fcb0 baf6fc74 nt!CmpFindValueByNameFromCache+0xbe
    baf6fca4 80931865 e181e890 020a0030 7ffdec00 nt!CmQueryValueKey+0x23b
    baf6fd44 80833bef 00000744 7ffdebf8 00000002 nt!NtQueryValueKey+0x29a
    baf6fd44 7c82860c 00000744 7ffdebf8 00000002 nt!KiFastCallEntry+0xfc
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0012fd8c 00000000 00000000 00000000 00000000 0x7c82860c


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!CmpFindValueByNameFromCache+be
    80932514 3b4804          cmp     ecx,dword ptr [eax+4]

    SYMBOL_STACK_INDEX:  0

    SYMBOL_NAME:  nt!CmpFindValueByNameFromCache+be

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  49c22f72

    FAILURE_BUCKET_ID:  0x8E_nt!CmpFindValueByNameFromCache+be

    BUCKET_ID:  0x8E_nt!CmpFindValueByNameFromCache+be

    Followup: MachineOwner
    ---------

    3: kd> lmvm nt
    start    end        module name
    80800000 80a7e000   nt       # (pdb symbols)          C:\Program Files\Debugging Tools for Windows (x86)\sym\ntkrnlmp.pdb\EE9924F93AA24F008A3D9032AC21DE5F2\ntkrnlmp.pdb
        Loaded symbol image file: ntkrnlmp.exe
        Mapped memory image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\ntkrnlmp.exe\49C22F7227e000\ntkrnlmp.exe
        Image path: ntkrnlmp.exe
        Image name: ntkrnlmp.exe
        Timestamp:        Thu Mar 19 12:41:38 2009 (49C22F72)
        CheckSum:         00264643
        ImageSize:        0027E000
        File version:     5.2.3790.4478
        Product version:  5.2.3790.4478
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        1.0 App
        File date:        00000000.00000000
        Translations:     0804.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft(R) Windows(R) Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   5.2.3790.4478
        FileVersion:      5.2.3790.4478 (srv03_sp2_gdr.090319-1204)
        FileDescription:  NT Kernel & System
        LegalCopyright:   (C) Microsoft Corporation. All rights reserved.

    S.Arun Prasath IBM Global delivery
    Tuesday, December 8, 2009 3:37 PM

Answers

All replies