Is there anyway to fix corrupted / broken mini dump files.

Shintaro · Jul 19, 2012

I came across a .dmp (attached) that seemed to be broken. Such that Windbg can't seem to analyze it.
Is there anyway to become Lazarus and fix it or edit the file to get more information out of it?

Anybody got any ideas?

Loading Dump File [C:\Users\Andrew\Desktop\071712-26832-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Mini Kernel Dump does not have process information
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02001000 PsLoadedModuleList = 0xfffff800`02245670
Debug session time: Wed Jul 18 08:16:16.628 2012 (UTC + 10:00)
System Uptime: 0 days 0:07:56.518
Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Loading Kernel Symbols
.Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000

Loading User Symbols
Missing image name, possible paged-out or corrupt data.
Loading unloaded module list
.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck FE, {8, 6, 6, fffffa8006836640}

***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057.

Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

Dumpcheck.exe

c:\Temp\AAAjunk>dumpchk -c faulty.dmp
Loading dump file faulty.dmp

Microsoft (R) Windows Debugger Version 6.1.7601.17514 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [c:\Temp\AAAjunk\faulty.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Mini Kernel Dump does not have process information
Symbol search path is: srv*c:\symbols
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02001000 PsLoadedModuleList = 0xfffff800`02245670
Debug session time: Wed Jul 18 08:16:16.628 2012 (UTC + 10:00)
System Uptime: 0 days 0:07:56.518
Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000
WARNING: .reload failed, module list may be incomplete
Debugger can not determine kernel base address
Loading Kernel Symbols
.Unable to load image Unknown_Module_00000000`00000000, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000
Unable to add module at 00000000`00000000

Loading User Symbols
Missing image name, possible paged-out or corrupt data.
Loading unloaded module list
.
The call to LoadLibrary(ext) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kdexts) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ext) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kdexts) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
*****************************************************************************
*
* Bugcheck Analysis
*
*****************************************************************************
Bugcheck code 000000FE
Arguments 00000000`00000008 00000000`00000006 00000000`00000006 fffffa80`0683
0

RetAddr : Args to Child
: Call Site
fffff880`030017fa : 00000000`000000fe 00000000`00000008 00000000`00000006 000
00`00000006 : 0xfffff800`020801c0
00000000`000000fe : 00000000`00000008 00000000`00000006 00000000`00000006 fff
80`06836640 : 0xfffff880`030017fa
00000000`00000008 : 00000000`00000006 00000000`00000006 fffffa80`06836640 fff
80`06082000 : 0xfe
00000000`00000006 : 00000000`00000006 fffffa80`06836640 fffffa80`06082000 fff
80`021b4760 : 0x8
00000000`00000006 : fffffa80`06836640 fffffa80`06082000 fffff880`021b4760 fff
80`06b32a78 : 0x6
fffffa80`06836640 : fffffa80`06082000 fffff880`021b4760 fffffa80`06b32a78 fff
ff`dc3a58a0 : 0x6
fffffa80`06082000 : fffff880`021b4760 fffffa80`06b32a78 ffffffff`dc3a58a0 000
00`00000000 : 0xfffffa80`06836640
fffff880`021b4760 : fffffa80`06b32a78 ffffffff`dc3a58a0 00000000`00000000 000
00`23c7af17 : 0xfffffa80`06082000
fffffa80`06b32a78 : ffffffff`dc3a58a0 00000000`00000000 00000000`23c7af17 000
00`23c5a760 : 0xfffff880`021b4760
ffffffff`dc3a58a0 : 00000000`00000000 00000000`23c7af17 00000000`23c5a760 fff
80`06836818 : 0xfffffa80`06b32a78
00000000`00000000 : 00000000`23c7af17 00000000`23c5a760 fffffa80`06836818 fff
80`06836fc8 : 0xffffffff`dc3a58a0

----- 64 bit Kernel Mini Dump Analysis

DUMP_HEADER64:
MajorVersion 0000000f
MinorVersion 00001db1
KdSecondaryVersion 00000000
DirectoryTableBase 00000000`00000001
PfnDataBase fffff800`022af278
PsLoadedModuleList fffff800`02245670
PsActiveProcessHead fffff800`02227370
MachineImageType 00008664
NumberProcessors 00000004
BugCheckCode 000000fe
BugCheckParameter1 00000000`00000008
BugCheckParameter2 00000000`00000006
BugCheckParameter3 00000000`00000006
BugCheckParameter4 fffffa80`06836640
KdDebuggerDataBlock fffff800`021f10a0
ProductType 00000001
SuiteMask 00000310
WriterStatus 00000002
MiniDumpFields 00000cff

TRIAGE_DUMP64:
ServicePackBuild 00000100
SizeOfDump 00040000
ValidOffset 0003fffc
ContextOffset 00000348
ExceptionOffset 00000f00
MmOffset 00002080
UnloadedDriversOffset 000020d0
PrcbOffset 00002110
ProcessOffset 00000000
ThreadOffset 00006e10
CallStackOffset 000072b8
SizeOfCallStack 000008e8
DriverListOffset 00007ee0
DriverCount 00000001
StringPoolOffset 00007f70
StringPoolSize 00000048
BrokenDriverOffset 00000000
TriageOptions ffffffff
TopOfStack fffff880`021b4718
BStoreOffset 00000000
SizeOfBStore 00000000
LimitOfBStore 00000000`00000000
DebuggerDataOffset 00007ba0
DebuggerDataSize 00000340
DataBlocksOffset 00007fb8
DataBlocksCount 0000000c
fffff800`02245ac0 - fffff800`02245b5b at offset 00008078
fffff800`0222d928 - fffff800`0222d92b at offset 00008114
fffff800`0222d924 - fffff800`0222d927 at offset 00008118
fffff800`021b6880 - fffff800`021b697f at offset 0000811c
fffffa80`06836000 - fffffa80`06836fff at offset 0000821c
fffff800`0227c3e0 - fffff800`0227c3e3 at offset 0000921c
fffff800`0227bfe0 - fffff800`0227c01f at offset 00009220
fffff800`022af07c - fffff800`022af07f at offset 00009260
fffff800`022af068 - fffff800`022af06b at offset 00009264
fffffa80`04eb8010 - fffffa80`04eb81f7 at offset 00009268
fffffa80`04e85310 - fffffa80`04e854f7 at offset 00009450
fffff800`02080000 - fffff800`02080fff at offset 00009638
Max offset a638, 359c8 from end of file

Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02001000 PsLoadedModuleList = 0xfffff800`02245670
Debug session time: Wed Jul 18 08:16:16.628 2012 (UTC + 10:00)
System Uptime: 0 days 0:07:56.518
***** NT module not found - module list may be corrupt
The call to LoadLibrary(ext) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kext) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(kdexts) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.
No export analyze found
Finished dump check

jcgriff2 · Jul 19, 2012

Hi -

The dump is corrupt; no way to fix it that I know of.

The bugcheck = 0xfe = USB related.

Ask the OP what USB devices are plugged in & if any have software installed.

Regards. . .

John

Vir Gnarus · Jul 23, 2012

Yah, definitely no way; can't pull data from that which is nonexistent. In most cases I've seen from people generating nothing but corrupt crashdumps, they either have hardware failure (memory, mobo, psu or drive) or their drive controller drivers/BIOS is whacking out or they have an SSD drive with buggy firmware. Basically anything that has the potential to manipulate memory at the time of producing the crashdump, or cause failing/erroneous drive I/O. If you haven't already, you'll wanna look at my thread here on an explanation as to how crashdumps are made. The book Windows Internals also explains on their chapter on Crash Dump Analysis on how it takes place (if I recall correctly). It should help you get an idea what can impede on crashdump creation and steps necessary to ascertain cause.

Search

Search

Is there anyway to fix corrupted / broken mini dump files.

Shintaro

Well-known member

Attachments

jcgriff2

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED

Vir Gnarus

BSOD Kernel Dump Expert

Is there anyway to fix corrupted / broken mini dump files.

Shintaro

Well-known member

Attachments

jcgriff2

Co-Founder/AdminBSOD Expert (Ret.)Microsoft MVP (Ret.)PRIMARILY RETIRED

Vir Gnarus

BSOD Kernel Dump Expert

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED