windows 7 debugging
Can you do the following to set the symbol path:
Click on WinDbg > File > Symbol File Path and then paste the following under "Symbol path":
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Then click "OK"
Then close WinDbg and answer "Yes" to the "Save information for workspace" question.
Then rerun the analysis.
It is not necessary to install any symbol package as setting the symbol path to Microsoft Symbol Server will allow the downloading of symbols as needed:
http://support.microsoft.com/kb/311503
Symbols will now be downloaded to C:\Symbols as needed.
August 23rd, 2012 12:32am
i am trying to debug a users new laptop that keeps crashing. i installed the windows sdk as well as the symbols for windows 7 sp1 retail version. i entered the symbol path and loaded the mini dump file and here is what i get. i'm not understanding why it
keeps saying symbols could not be loaded or i have the wrong symbols. Here is the link to the symbols i downloaded. i chose the Windows 7 and Windows Server 2008 R2:
Windows 7 Service Pack 1 Symbols retail, all language version. i downloaded and installed/extracted the files to a local directory on my pc. i pointed windbg to see that symbols folder and reloaded the dump file but keep getting those messages.
any help would be greatly appreciated as i have 34 of these machines and i need to know if there is a specific driver causing this issue.
http://msdn.microsoft.com/en-us/windows/hardware/gg463028
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\jvend02w764\c$\Windows\Minidump\082212-12838-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: D:\Software\Windows SDK\symbols
Executable search path is:
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`03001000 PsLoadedModuleList = 0xfffff800`03245670
Debug session time: Wed Aug 22 10:09:38.794 2012 (UTC - 4:00)
System Uptime: 0 days 0:02:06.679
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols ***
***
***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
***
***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work.
***
***
***
*** Type referenced: nt!_KPRCB
***
***
***
*************************************************************************
Probably caused by : ntoskrnl.exe ( nt+7f190 )
Followup: MachineOwner
---------
Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2012 2:54pm
thanks for the tip. here is the output. any suggestions on how to correct this?
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\jvendrell02w764\c$\Windows\Minidump\082212-9765-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;D:\Software\Windows SDK\symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`0325c000 PsLoadedModuleList = 0xfffff800`034a0670
Debug session time: Wed Aug 22 11:08:14.057 2012 (UTC - 4:00)
System Uptime: 0 days 0:15:42.230
Loading Kernel Symbols
...............................................................
................................................................
........................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {0, 0, 0, 0}
Unable to load image \SystemRoot\system32\DRIVERS\iusb3xhc.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iusb3xhc.sys
*** ERROR: Module load completed but symbols could not be loaded for iusb3xhc.sys
*** WARNING: Unable to verify timestamp for win32k.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 )
Followup: Pool_corruption
---------
0: kd>
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+3139663532346234
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0
BUGCHECK_STR: 0x1E_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff80000b9c4f8 -- (.exr 0xfffff80000b9c4f8)
ExceptionAddress: fffff800034079bc (nt!ExDeferredFreePool+0x0000000000000100)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff80000b9c5a0 -- (.trap 0xfffff80000b9c5a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa80074c84e0 rbx=0000000000000000 rcx=fffff80003462740
rdx=c00100000b9d21e0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800034079bc rsp=fffff80000b9c730 rbp=0000000000000000
r8=c00100000b9d21e0 r9=fffffa800bfc5580 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExDeferredFreePool+0x100:
fffff800`034079bc 4c8b02 mov r8,qword ptr [rdx] ds:5cd0:c0010000`0b9d21e0=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032d2bbe to fffff800032db190
STACK_TEXT:
fffff800`00b9b5d8 fffff800`032d2bbe : fffff800`00b9b670 fffff800`00b9b698 fffff800`00b9bd50 fffff800`03306160 : nt!KeBugCheck
fffff800`00b9b5e0 fffff800`03305e2d : fffff800`034e1770 fffff800`0341e2f0 fffff800`0325c000 fffff800`00b9c4f8 : nt!KiKernelCalloutExceptionHandler+0xe
fffff800`00b9b610 fffff800`03304c05 : fffff800`03421fac fffff800`00b9b688 fffff800`00b9c4f8 fffff800`0325c000 : nt!RtlpExecuteHandlerForException+0xd
fffff800`00b9b640 fffff800`03315b81 : fffff800`00b9c4f8 fffff800`00b9bd50 fffff800`00000000 fffffa80`0ad57360 : nt!RtlDispatchException+0x415
fffff800`00b9bd20 fffff800`032da842 : fffff800`00b9c4f8 00000000`00000000 fffff800`00b9c5a0 00000000`00000000 : nt!KiDispatchException+0x135
fffff800`00b9c3c0 fffff800`032d914a : 00000000`00000202 fffff800`032e081a fffff880`03502180 fffffa80`0b84f060 : nt!KiExceptionDispatch+0xc2
fffff800`00b9c5a0 fffff800`034079bc : fffff880`076db000 00000000`00000000 00000000`00010011 fffffa80`09a349d0 : nt!KiGeneralProtectionFault+0x10a
fffff800`00b9c730 fffff800`034071a1 : 00000000`00000000 fffffa80`0ac13210 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0x100
fffff800`00b9c7c0 fffff800`03217865 : fffffa80`0ac13220 00000000`00000000 fffffa80`206c6148 fffffa80`07666102 : nt!ExFreePoolWithTag+0x411
fffff800`00b9c870 fffff880`04ca489f : fffffa80`076f31d0 fffffa80`09a28000 fffffa80`07477090 fffffa80`07666010 : hal!HalPutScatterGatherList+0x115
fffff800`00b9c8d0 fffffa80`076f31d0 : fffffa80`09a28000 fffffa80`07477090 fffffa80`07666010 fffffa80`07477090 : iusb3xhc+0x3789f
fffff800`00b9c8d8 fffffa80`09a28000 : fffffa80`07477090 fffffa80`07666010 fffffa80`07477090 fffff880`04cb60da : 0xfffffa80`076f31d0
fffff800`00b9c8e0 fffffa80`07477090 : fffffa80`07666010 fffffa80`07477090 fffff880`04cb60da fffffa80`0ac29c70 : 0xfffffa80`09a28000
fffff800`00b9c8e8 fffffa80`07666010 : fffffa80`07477090 fffff880`04cb60da fffffa80`0ac29c70 fffff880`04cd8da0 : 0xfffffa80`07477090
fffff800`00b9c8f0 fffffa80`07477090 : fffff880`04cb60da fffffa80`0ac29c70 fffff880`04cd8da0 00000000`00000000 : 0xfffffa80`07666010
fffff800`00b9c8f8 fffff880`04cb60da : fffffa80`0ac29c70 fffff880`04cd8da0 00000000`00000000 fffffa80`07666010 : 0xfffffa80`07477090
fffff800`00b9c900 fffffa80`0ac29c70 : fffff880`04cd8da0 00000000`00000000 fffffa80`07666010 00000000`00000000 : iusb3xhc+0x490da
fffff800`00b9c908 fffff880`04cd8da0 : 00000000`00000000 fffffa80`07666010 00000000`00000000 fffff880`04c9a85b : 0xfffffa80`0ac29c70
fffff800`00b9c910 00000000`00000000 : fffffa80`07666010 00000000`00000000 fffff880`04c9a85b fffffa80`07477090 : iusb3xhc+0x6bda0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+100
fffff800`034079bc 4c8b02 mov r8,qword ptr [rdx]
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: nt!ExDeferredFreePool+100
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x1E_0_nt!ExDeferredFreePool+100
BUCKET_ID: X64_0x1E_0_nt!ExDeferredFreePool+100
Followup: Pool_corruption
---------
August 26th, 2012 10:20am
The driver that appears to be at issue is the iusb3xhc.sys which appears to be causing "pool corruption":
BugCheck 1E, {0, 0, 0, 0}
Unable to load image \SystemRoot\system32\DRIVERS\iusb3xhc.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for iusb3xhc.sys
*** ERROR: Module load completed but symbols could not be loaded for
iusb3xhc.sys
*** WARNING: Unable to verify timestamp for win32k.sys
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+100 )
The
iusb3xhc.sys is an Intel USB 3.0 driver so try updating and/or reinstalling the Intel USB 3.0 driver.
Does this error occur under a particular circumstance or does the error occur randomly?
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2012 2:03pm
seems to happen when he has a usb hp inkjet 8600 printer plugged into his dock station. the unit locks up, starts overheating. other times it will blue screen.
August 26th, 2012 2:12pm
That's interesting.
A similar error was reported in the following link and the problem appeared to be traced to the printer - scroll way down to see the responses:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_27717727.html
If the problem persists can you zip up the minidump files in the C:\Windows\Minidump folder and make available (provide link) via Windows Live SkyDrive or similar site?
The following link has information on using Windows Live SkyDrive:
http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65
I could take a look at the dump files and see if I can see anything else.
Also, could you analyze the following file with WinDbg and see if there is any more information on the error:
C:\Windows\MEMORY.DMP
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2012 5:32pm