Solved: Vista Debugging

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
Vista Home Premium, pre-installed
32 bit
Gateway GM5410E, purchased less than 2 weeks ago.
Processor: Intel Core 2 duo E6300
Memory: 2048 MB DDR2 duel channel
Vista home premium
Video: Intel graphics media accelerator x3000 with 256 MB, integrated

When the user turns on the slide show screen saver, or uses the filmstrip feature in Windows Photo gallery, BSOD, briefly & computer hangs.

Gateway tech support blamed Microsoft. The store from which the computer was purchased has an identical PC & monitor. The problem doesn't occur on their setup.

I downloaded the latest Windows debugging tool from Microsoft.
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

I downloaded the symbols packages from Microsoft, x86 retail & x86 checked
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx

I installed the symbols to c:\windows\symbols

This is the path I use in Windows debugger, for symbols.
SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols

I know that the report states that I don't have the correct symbols. However, I have the only symbols available. I suspect that the error message is incorrect.

I hope you can help me.

Sincerely,
RF123
 

Attachments

Joined
Dec 9, 2000
Messages
45,855
Weird, I actually got the correct symbols -- even though I never installed the ones from that site -- I did download the exe installer -- just never used it.

Note the "executable search path" shown here:

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: c:\windows\System32; c:\windows\system\System32; http://www.alexander.com/SymServe
Windows Longhorn Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal


I've uploaded a text file of the results; the error appears to be a hardware error of some kind; interestingly there is a similar discussion here of what is apparently a Vista issue:

http://www.windowsbbs.com/showthread.php?t=61910

>> The indication is that it's a hardware error -- but I'd try disabling any 3rd party firewalls or antivirus programs for starters.

You might want to troll through these Google hits which I believe should relate to Vista:

http://www.google.com/search?hl=en&...+caused+by+vista+++"ntkrpamp+exe"&btnG=Search
 

Attachments

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
RR:
Thank you VERY much.

I installed the symbols to C:\windows\symbols
www.lazyadmin.com provided the "http://msdl.microsoft.com/download/symbols/error.htm"

Where did you find "http://www.alexander.com/SymServe"?

I will have to change my path.

I'll try the system in safe mode. The computer is still under warranty. I'll run memcheck or a Gateway utility if they have one. They will probably want to verify that the problem is a hardware issue.

Sincerely,
RF123
 

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
Joined
Dec 9, 2000
Messages
45,855
Just try placing that path information in the location I have it and see if you get the full symbol report for Vista.

Everytime you open a crash dump you get the message to run !analyze -v for more information. It is mostly of use to developers but in some cases it may provide helpful detail.

This is a command line you enter after "kd>"; there are other command lines designed to produce specific information. I don't have a list of these and usually forget them and have to look around for examples in my bookmarks -- but mainly they are for loading module information and getting a picture of what is called the "stack trace" which identifies the particular module processes in the stack at the time the error occured.

Again, I don't have a lot of experience with this, but if you research this you may find examples where interpretations are given.

In bugcheck2 I borrowed this command line from an example similar to your own:

!analyze -v;r;kv;lmtn;

and it produced this result along with the rest of the text:

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x124

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from 81ba6e93 to 818d85c9

STACK_TEXT:
818eef84 81ba6e93 00000124 00000000 84c6cb10 nt!KeBugCheckEx+0x1e
818eefa0 818cecb6 84c6cb10 85186de8 00000001 hal!HalBugCheckSystem+0x37
818eefc0 81ba6e52 85186de8 85186f00 818eeff4 nt!WheaReportHwError+0x10c
818eefd0 81ba6f73 00000003 85186de8 00000000 hal!HalpReportMachineCheck+0x28
818eeff4 81ba389f 80154000 00000000 00000000 hal!HalpMcaExceptionHandler+0xc3
818eeff4 00000000 80154000 00000000 00000000 hal!HalpMcaExceptionHandlerWrapper+0x77
This stack trace shows that there is a hardware (HardwareAbstractonLayer) issue bringing the system to its knees. WHEA also stands for Windows Hardware Error Architecture.
 

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
Dear RR:
Thanks for the reply.
From the "dense as rock" department.

1. Did you install your symbols to C:\windows\system32 and C:\Windows\system\system32

2. "Just try placing that path information in the location I have it and see if you get the full symbol report for Vista.

Everytime you open a crash dump you get the message to run !analyze -v for more information."
When I run windows debugger, I don't receive a prompt to run !analyze.

3.Are the results from my minidump?

4. I am following the lazyAdmin recipe.
step #1. the first step is to select the symbols location

step #2. 2nd step: file > "open crash dump".

5. I saw no mention of "executable image search path", which your screen shot notes, at http://thelazyadmin.com/index.php?/a...th-WinDBG.html
I can't figure out how to bring "executable image search path" up, using Windows DeBugger, RR.

6. In Windows Debugger
file > "open executable" . I selected c:\program files\debugging tools for Windows\dumpcheck.exe.

************
Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: "C:\Program Files\Debugging Tools for Windows\dumpchk.exe"
Symbol search path is: C:\WINDOWS\Symbols*http://www.alexander.com/SymServ
Executable search path is:
ModLoad: 01000000 01006000 dumpchk.exe
ModLoad: 7c900000 7c9b0000 ntdll.dll
ModLoad: 7c800000 7c8f4000 C:\WINDOWS\system32\kernel32.dll
ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 02000000 0232d000 C:\Program Files\Debugging Tools for Windows\dbgeng.dll
ModLoad: 03000000 03115000 C:\Program Files\Debugging Tools for Windows\dbghelp.dll
ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e70000 77f01000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\VERSION.dll
(c64.c68): Break instruction exception - code 80000003 (first chance)
eax=00181eb4 ebx=7ffdd000 ecx=00000004 edx=00000010 esi=00181f48 edi=00181eb4
eip=7c901230 esp=0006fb20 ebp=0006fc94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!DbgBreakPoint:
7c901230 cc
************

6.a.HOWEVER, I did see the kd line, so I ran !analyze with the other stuff. My brain is swiftly changing from rock to mush. :)

The analysis, attached, still informs me that I am using the incorrect symbols.

I will research the issue further, as you suggest, RR.

Sincerely,
RF123
 

Attachments

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
Joined
Dec 9, 2000
Messages
45,855
I never installed the Vista symbols.

In File > Symbol Path I have this:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

I think you must have changed yours since I am not now seeing it; put that back there.

In File > Image Path I have this, 3 separate lines separated by semicolons:

c:\windows\System32;
c:\windows\system\System32;
http://www.alexander.com/SymServe


In File > Source Path I have nothing.

In your !analyze -v command you are getting about as much useful information as you probably need including a list of loaded modules; what you are NOT getting is the info on who owns them -- ie some third party app for which MS has symbol info or their own copyright version.

You can always google module names to get info which is sometimes what you need to do anyway if there are no symbols available for them.
 

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
RR:
Thanks for taking the time & interest to reply.
I followed your instructions.
STILL, I am receiving the message that I am not using the correct symbols.

I found a couple sites that suggest things for which to look with the ntoskrnl.exe . Am I spinning my wheels, worrying about not using the correct symbols?

Thanks again, RR.

RF123
 

Attachments

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
I noticed in the attachment that even though I had set the symbol path as you had directed, RR, the old symbol path was being used.
Flying by the seat of my pants, it seems sometimes, I cleared the workspace.

Now, debugger likes the symbols I am using.

Thanks, again, RR.

RF123
 

Attachments

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
Liutiliites describes ktkrpamp.exe thusly

Description:
ntkrpamp.exe is a process associated with Microsoft® Windows® Operating System from Microsoft Corporation.

Recommendation for ntkrpamp.exe:
ntkrpamp.exe should not be disabled, required for essential applications to work properly.

source: http://www.liutilities.com/products/wintaskspro/processlibrary/ntkrpamp/

I will do more research. My current plan is to run mem / ram diags. The video is integrated into the motherboard, so I don't need to learn how to run diags on video card memory. Hurrah! :)

RF123
 
Joined
Dec 9, 2000
Messages
45,855
Clearing the workspace was a good move, I hadn't thought of that.

Yeah, that's pretty much what I get out of it. Possibly just reseating the modules would do the trick if they are not actually bad.

She certainly has enough here to press for hardware warranty support I would think.

I just wonder why the error occurs in such a specfic operation -- that is not typical of hardware problems. It may actualy be an issue with the integrated display chip's memory.
 

rainforest123

Thread Starter
Joined
Dec 28, 2004
Messages
8,256
RR:
The owner has had the computer for less than a week. Out of the box, problems began. The vendor has a return policy of > 2 weeks. I have suggested that the owner return the box.

I asked for additional assistance and was given the following diagnosis.

"I think Vista bugcheck code 124 is the same as XP bugcheck code 9C (Machine Check). The 4th Bugcheck parameter is 175.

MEMHIRERR - Memory Hierarchy Error {TT}CACHE{LL}_{RRRR}_ERR

RRRR 0111 Memory Transaction Type Bits (evict)
TT 01 Data
LL 01 L1 Cache

The problem is related to data access error at L1 Cache memory. Probably it is related to faulty CPU."


RF123
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top