Crash dump analysis

Posted by Ryan Ries on Server Fault See other posts from Server Fault or by Ryan Ries
Published on 2012-10-03T23:31:50Z Indexed on 2012/10/04 3:40 UTC
Read the original article Hit count: 615

Filed under:

Windows

|

debugging

|

server-crashes

I hope this isn't a stupid question, and if it is, then I want to at least get it over with so I don't feel so dumb in the future.

Here we are, loading up a Windows crash dump with Windbg. Here are the first few lines of the debugger output:

0: kd> .dumpdebug
----- 64 bit Kernel Summary Dump Analysis
DUMP_HEADER64:
MajorVersion 0000000f
MinorVersion 00001db1
...

The MinorVersion I mostly understand. It's hexadecimal and it translates to 7601 in decimal. Windows admins would already be able to tell from that that this must be either a Win7 x64 machine or a 2k8 R2 machine with SP1. But isn't 7601 the build number? It's supposed to be Major.Minor.Build/Revision... right?

Also I don't understand the MajorVersion. It should be 6. This version of Windows is 6. But isn't 0000000f in hexadecimal 15 in decimal?

The full version string of this version of Windows, when you launch the Command Prompt for instance, is 6.1.7601. If 7601 is the MinorVersion, then what is 1 and what is 6? And why does the crash dump say 0F?

© Server Fault or respective owner

Related posts about Windows

Server 2012 DFS New Member Issue

as seen on Server Fault - Search for 'Server Fault'
I am trying to add a new member to our DFS topology. We have 3 DCs (VMs - VMware) running Windows server 2012, two servers are located in or Primary site and the third at our DR site. Currently the two servers at our primary site are currently replicating DFS (full mesh) and are working fine. I have… >>> More
error in IIS7 but not on IIS6

as seen on Server Fault - Search for 'Server Fault'
I have a website that is we are now deploying to windows 2008 servers that has worked in the past on IIS6 without a problem. It is using .net 2 framework. Most of the website works. Just when we create a screen report over a certain size on the server we get this error. Event code: 3005 Event… >>> More
error in IIS7 but not on IIS6

as seen on Server Fault - Search for 'Server Fault'
I have a website that is we are now deploying to windows 2008 servers that has worked in the past on IIS6 without a problem. It is using .net 2 framework. Most of the website works. Just when we create a screen report over a certain size on the server we get this error. Event code: 3005 Event… >>> More
Microsoft Management Console stops working when I add snap-in to it

as seen on Super User - Search for 'Super User'
I have Windows 7 Ultimate OS. I'm opening mmc.exe as administrator and trying add Certificates or any other snap-in, then while loading that snap-in MMC breaks and displays following message and after that it closes automatically once I click on close button on that message. What could be the problem… >>> More
Handling keyboard and mouse input (Win API)

as seen on Game Development - Search for 'Game Development'
There is a number of ways to catch mouse or keyboard under Windows. So I tried some of them, but every of them has some advantages and drawbacks. I want to ask you: Which method do use? I've tried these: WM_KEYDOWN/WM_KEYUP - Main disadvantage is that, I can't distinguish between left and right-handed… >>> More

Related posts about debugging

I need help debugging apache with gdb (no debugging symbols found)

as seen on Server Fault - Search for 'Server Fault'
I'm trying to debug a segfault in PHP/Apache running on RHEL4. This is a production server, so I'm trying to install a separate copy of apache and php, and run apache through gdb. When I load httpd through gdb and then do run -X, I get the error (no debugging symbols found)...Error while reading… >>> More
debugging C++ when compared to debugging C

as seen on Stack Overflow - Search for 'Stack Overflow'
HI, I am normally a C programmer. I do regularly debug C programs on unix environment using tools like gdb,dbx. i have never done debugging of big applications of C++. Is that much different from how we debug in C. theoretically i am quite good in C++ but have never got a chance to debug C++ programs… >>> More
How to fix Ogre3d segfault with std::_Rb_tree_insert_and_rebalance ?

as seen on Game Development - Search for 'Game Development'
Hello all. I'm working on a 3d music visualizer using Ogre3d, basically it's a spectrum analizer, a lot like the old xmms plugin: (http)://www.youtube.com/watch?v=_6NKBiwYN24 It works well, the bars are drawn and updated, there are no framerate issues, but it crashes randomly. Sometimes it can run… >>> More
Will logging debugging incur a performance hit if I don't turn debugging on?

as seen on Server Fault - Search for 'Server Fault'
On a Cisco device, I know that enabling debugging can incur a performance hit since debugging has such a high priority on the CPU. I know that to log debugging, you have to set logging up to the debugging level (logging buffered 4096 debugging, for example) and also enable debugging on some feature… >>> More
Debugging unmanaged code while debugging managed code

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, The .NET 3.5 application I am working on consists of bunch of different solutions. Some of these solutions consist of managed code(C#) and others have unmanaged code(C++). Methods written in C# communicate with the ones written in C++. I am trying to trace the dependencies between these various… >>> More