sysinfo: note that mssmbios.sys must be loaded (XPSP2+)

J

jasieltego

Member
Joined
Oct 5, 2021
Posts
15
Hi All,

I need some help. I'm running !sysinfo cpuspeed but when I do I get a message stating mssmbios.sys must be loaded.
I checked my symbols folder and its in place, I also checked my Drivers folder and its there.
I know the file exists in my pc. To make things a little odd, this only happens when I open a dump file that was generated in a PC that has an AMD CPU.
As I just opened up a different Dump File that has an Intel CPU and in that windbg instance I can run any !sysinfo commands.
Not sure why, any help would be appreciated.
Thanks
 
Have you checked the loaded modules in the dump? I wouldn't be surprised if the mssmbios driver isn't loaded.
 
What version of WinDBG are you using? There was a problem with some earlier versions of WinDBG including the Preview version which had problems with the !sysinfo command.

Make sure you are running the latest versions. Alternatively, share the dump files with us and we will check - you can attach them in a zip file.
 
Unfortunately the command lmtsmn did not help.
I'm using version 10.0.22000.1 AMD64
I have attached the dump file.
However I would also learn how to be able to use the !sysinfo commands since the I have the sys file and pdb required.
 

Attachments

The reason !sysinfo doesn't work is because the mssmbios driver is not loaded, the dump simply doesn't have data on unloaded modules.
Rich (BB code): 
22: kd> lmtsmn
fffff803`4fa2d000 fffff803`4fa3e000   werkernel werkernel.sys 030A7CCE (This is a reproducible build file hash, not a timestamp)
fffff804`23640000 fffff804`23670000   wfplwfs  wfplwfs.sys  4F264AD9 (This is a reproducible build file hash, not a timestamp)
fffff804`228b0000 fffff804`228c6000   WindowsTrustedRT WindowsTrustedRT.sys BD0B79F0 (This is a reproducible build file hash, not a timestamp)
fffff804`22d50000 fffff804`22d5b000   WindowsTrustedRTProxy WindowsTrustedRTProxy.sys 5192684A (This is a reproducible build file hash, not a timestamp)
fffff804`227b0000 fffff804`227bc000   WMILIB   WMILIB.SYS   7710989F (This is a reproducible build file hash, not a timestamp)
fffff804`22f50000 fffff804`22f8e000   Wof      Wof.sys      06615439 (This is a reproducible build file hash, not a timestamp)
fffff804`22610000 fffff804`22620000   WppRecorder WppRecorder.sys E67C59BA (This is a reproducible build file hash, not a timestamp)
Mini Kernel Dump does not contain unloaded driver list

22: kd> lmvm mssmbios
Browse full module list
start             end                 module name
Mini Kernel Dump does not contain unloaded driver list

This message is not about what you do have locally, it is about what data is not stored in the dump file.
 
axe0 said:
The reason !sysinfo doesn't work is because the mssmbios driver is not loaded, the dump simply doesn't have data on unloaded modules.
Rich (BB code): 
22: kd> lmtsmn
fffff803`4fa2d000 fffff803`4fa3e000   werkernel werkernel.sys 030A7CCE (This is a reproducible build file hash, not a timestamp)
fffff804`23640000 fffff804`23670000   wfplwfs  wfplwfs.sys  4F264AD9 (This is a reproducible build file hash, not a timestamp)
fffff804`228b0000 fffff804`228c6000   WindowsTrustedRT WindowsTrustedRT.sys BD0B79F0 (This is a reproducible build file hash, not a timestamp)
fffff804`22d50000 fffff804`22d5b000   WindowsTrustedRTProxy WindowsTrustedRTProxy.sys 5192684A (This is a reproducible build file hash, not a timestamp)
fffff804`227b0000 fffff804`227bc000   WMILIB   WMILIB.SYS   7710989F (This is a reproducible build file hash, not a timestamp)
fffff804`22f50000 fffff804`22f8e000   Wof      Wof.sys      06615439 (This is a reproducible build file hash, not a timestamp)
fffff804`22610000 fffff804`22620000   WppRecorder WppRecorder.sys E67C59BA (This is a reproducible build file hash, not a timestamp)
Mini Kernel Dump does not contain unloaded driver list

22: kd> lmvm mssmbios
Browse full module list
start             end                 module name
Mini Kernel Dump does not contain unloaded driver list

This message is not about what you do have locally, it is about what data is not stored in the dump file.
Click to expand...
anything I can do for the dump to include them going forward?
So there is no way to check if the that cpu is overheating or overclocking through windbg then since that is not part of the dump file.
This error leads me to believe its a CPU issue, I was thinking overheating or overclocked? But I can't really tell anymore if I can't look into !sysinfo commands.
Any ideas of what the error is?
 
The full kernel memory dump will have this data if you really want to investigate it.

It may be worth looking into the error record and examining section 0 which describes parts of the error, but I'm afraid this dump may not have sufficient data that allows you to draw a conclusion. You can decipher some of the stuff like the CPU ID in section 0 using documentation from the CPU vendor to get more insight though. The limited data usually is a problem with minidumps which is why I typically do pattern hunting with 0x124 crashes.

Having said that, there does appear to have been something going wrong with the processor. FRUText, or Field Replacement Unit Text identifies the hardware where the error occurred which indicates there was an error with the processor. CPU Id may reveal more on it.
Code: 
22: kd> dt _WHEA_ERROR_RECORD  ffffda03`2906a038
nt!_WHEA_ERROR_RECORD
   +0x000 Header           : _WHEA_ERROR_RECORD_HEADER
   +0x080 SectionDescriptor : [1] _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR
22: kd> dx -id 0,0,ffffda031c2b4600 -r1 (*((ntkrnlmp!_WHEA_ERROR_RECORD_HEADER *)0xffffda032906a038))
(*((ntkrnlmp!_WHEA_ERROR_RECORD_HEADER *)0xffffda032906a038))                 [Type: _WHEA_ERROR_RECORD_HEADER]
    [+0x000] Signature        : 0x52455043 [Type: unsigned long]
    [+0x004] Revision         [Type: _WHEA_REVISION]
    [+0x006] SignatureEnd     : 0xffffffff [Type: unsigned long]
    [+0x00a] SectionCount     : 0x1 [Type: unsigned short]
    [+0x00c] Severity         : WheaErrSevFatal (1) [Type: _WHEA_ERROR_SEVERITY]
    [+0x010] ValidBits        [Type: _WHEA_ERROR_RECORD_HEADER_VALIDBITS]
    [+0x014] Length           : 0xc78 [Type: unsigned long]
    [+0x018] Timestamp        [Type: _WHEA_TIMESTAMP]
    [+0x020] PlatformId       : {00000000-0000-0000-0000-000000000000} [Type: _GUID]
    [+0x030] PartitionId      : {00000000-0000-0000-0000-000000000000} [Type: _GUID]
    [+0x040] CreatorId        : {CF07C4BD-B789-4E18-B3C4-1F732CB57131} [Type: _GUID]
    [+0x050] NotifyType       : {3D61A466-AB40-409A-A698-F362D464B38F} [Type: _GUID]
    [+0x060] RecordId         : 0x1d7b793fb849dcb [Type: unsigned __int64]
    [+0x068] Flags            [Type: _WHEA_ERROR_RECORD_HEADER_FLAGS]
    [+0x06c] PersistenceInfo  [Type: _WHEA_PERSISTENCE_INFO]
    [+0x074] Reserved         [Type: unsigned char [12]]
22: kd> dx -r1 (*((ntkrnlmp!_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR *)0xffffda032906a0b8))
(*((ntkrnlmp!_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR *)0xffffda032906a0b8))                 [Type: _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR]
    [+0x000] SectionOffset    : 0xc8 [Type: unsigned long]
    [+0x004] SectionLength    : 0xe0 [Type: unsigned long]
    [+0x008] Revision         [Type: _WHEA_REVISION]
    [+0x00a] ValidBits        [Type: _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS]
    [+0x00b] Reserved         : 0x0 [Type: unsigned char]
    [+0x00c] Flags            [Type: _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS]
    [+0x010] SectionType      : {DC3EA0B0-A144-4797-B95B-53FA242B6E1D} [Type: _GUID]
    [+0x020] FRUId            : {00000000-0000-0000-0000-000000000000} [Type: _GUID]
    [+0x030] SectionSeverity  : WheaErrSevFatal (1) [Type: _WHEA_ERROR_SEVERITY]
    [+0x034] FRUText          : "ProcessorError" [Type: char [20]]
 
axe0 said:
The full kernel memory dump will have this data if you really want to investigate it.

It may be worth looking into the error record and examining section 0 which describes parts of the error, but I'm afraid this dump may not have sufficient data that allows you to draw a conclusion. You can decipher some of the stuff like the CPU ID in section 0 using documentation from the CPU vendor to get more insight though. The limited data usually is a problem with minidumps which is why I typically do pattern hunting with 0x124 crashes.

Having said that, there does appear to have been something going wrong with the processor. FRUText, or Field Replacement Unit Text identifies the hardware where the error occurred which indicates there was an error with the processor. CPU Id may reveal more on it.
Code: 
22: kd> dt _WHEA_ERROR_RECORD  ffffda03`2906a038
nt!_WHEA_ERROR_RECORD
   +0x000 Header           : _WHEA_ERROR_RECORD_HEADER
   +0x080 SectionDescriptor : [1] _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR
22: kd> dx -id 0,0,ffffda031c2b4600 -r1 (*((ntkrnlmp!_WHEA_ERROR_RECORD_HEADER *)0xffffda032906a038))
(*((ntkrnlmp!_WHEA_ERROR_RECORD_HEADER *)0xffffda032906a038))                 [Type: _WHEA_ERROR_RECORD_HEADER]
    [+0x000] Signature        : 0x52455043 [Type: unsigned long]
    [+0x004] Revision         [Type: _WHEA_REVISION]
    [+0x006] SignatureEnd     : 0xffffffff [Type: unsigned long]
    [+0x00a] SectionCount     : 0x1 [Type: unsigned short]
    [+0x00c] Severity         : WheaErrSevFatal (1) [Type: _WHEA_ERROR_SEVERITY]
    [+0x010] ValidBits        [Type: _WHEA_ERROR_RECORD_HEADER_VALIDBITS]
    [+0x014] Length           : 0xc78 [Type: unsigned long]
    [+0x018] Timestamp        [Type: _WHEA_TIMESTAMP]
    [+0x020] PlatformId       : {00000000-0000-0000-0000-000000000000} [Type: _GUID]
    [+0x030] PartitionId      : {00000000-0000-0000-0000-000000000000} [Type: _GUID]
    [+0x040] CreatorId        : {CF07C4BD-B789-4E18-B3C4-1F732CB57131} [Type: _GUID]
    [+0x050] NotifyType       : {3D61A466-AB40-409A-A698-F362D464B38F} [Type: _GUID]
    [+0x060] RecordId         : 0x1d7b793fb849dcb [Type: unsigned __int64]
    [+0x068] Flags            [Type: _WHEA_ERROR_RECORD_HEADER_FLAGS]
    [+0x06c] PersistenceInfo  [Type: _WHEA_PERSISTENCE_INFO]
    [+0x074] Reserved         [Type: unsigned char [12]]
22: kd> dx -r1 (*((ntkrnlmp!_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR *)0xffffda032906a0b8))
(*((ntkrnlmp!_WHEA_ERROR_RECORD_SECTION_DESCRIPTOR *)0xffffda032906a0b8))                 [Type: _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR]
    [+0x000] SectionOffset    : 0xc8 [Type: unsigned long]
    [+0x004] SectionLength    : 0xe0 [Type: unsigned long]
    [+0x008] Revision         [Type: _WHEA_REVISION]
    [+0x00a] ValidBits        [Type: _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_VALIDBITS]
    [+0x00b] Reserved         : 0x0 [Type: unsigned char]
    [+0x00c] Flags            [Type: _WHEA_ERROR_RECORD_SECTION_DESCRIPTOR_FLAGS]
    [+0x010] SectionType      : {DC3EA0B0-A144-4797-B95B-53FA242B6E1D} [Type: _GUID]
    [+0x020] FRUId            : {00000000-0000-0000-0000-000000000000} [Type: _GUID]
    [+0x030] SectionSeverity  : WheaErrSevFatal (1) [Type: _WHEA_ERROR_SEVERITY]
    [+0x034] FRUText          : "ProcessorError" [Type: char [20]]
Click to expand...
Thank You, that is a great ID to look at the CPU ID.
But it's not giving me the numbers I need to look at, at least this doesnt look like the ID to me. what am I doing wrong?


22: kd> !cpuid
Unable to get information for processor 0
Unable to get information for processor 1
Unable to get information for processor 2
Unable to get information for processor 3
Unable to get information for processor 4
Unable to get information for processor 5
Unable to get information for processor 6
Unable to get information for processor 7
Unable to get information for processor 8
Unable to get information for processor 9
Unable to get information for processor 10
Unable to get information for processor 11
Unable to get information for processor 12
Unable to get information for processor 13
Unable to get information for processor 14
Unable to get information for processor 15
Unable to get information for processor 16
Unable to get information for processor 17
Unable to get information for processor 18
Unable to get information for processor 19
Unable to get information for processor 20
Unable to get information for processor 21
CP F/M/S Manufacturer MHz
22 23,49,0 AuthenticAMD 3000
Unable to get information for processor 23
Unable to get information for processor 24
Unable to get information for processor 25
Unable to get information for processor 26
Unable to get information for processor 27
Unable to get information for processor 28
Unable to get information for processor 29
Unable to get information for processor 30
Unable to get information for processor 31
Unable to get information for processor 32
Unable to get information for processor 33
Unable to get information for processor 34
Unable to get information for processor 35
Unable to get information for processor 36
Unable to get information for processor 37
Unable to get information for processor 38
Unable to get information for processor 39
Unable to get information for processor 40
Unable to get information for processor 41
Unable to get information for processor 42
Unable to get information for processor 43
Unable to get information for processor 44
Unable to get information for processor 45
Unable to get information for processor 46
Unable to get information for processor 47
Unable to get information for processor 48
Unable to get information for processor 49
Unable to get information for processor 50
Unable to get information for processor 51
Unable to get information for processor 52
Unable to get information for processor 53
Unable to get information for processor 54
Unable to get information for processor 55
Unable to get information for processor 56
Unable to get information for processor 57
Unable to get information for processor 58
Unable to get information for processor 59
Unable to get information for processor 60
Unable to get information for processor 61
Unable to get information for processor 62
Unable to get information for processor 63
 
That'll be a lack of info, but what I mean is this.
Code: 
22: kd> !errrec ffffda032906a038
===============================================================================
Common Platform Error Record @ ffffda032906a038
-------------------------------------------------------------------------------
Record Id     : 01d7b793fb849dcb
Severity      : Fatal (1)
Length        : 3192
Creator       : Microsoft
Notify Type   : BOOT Error Record
Timestamp     : 10/2/2021 13:47:13 (UTC)
Flags         : 0x00000002 PreviousError

===============================================================================
Section 0     : x86/x64 Processor Specific
-------------------------------------------------------------------------------
Descriptor    @ ffffda032906a0b8
Section       @ ffffda032906a100
Offset        : 200
Length        : 224
Flags         : 0x00000001 Primary
Severity      : Fatal
FRU Text      : ProcessorError

Local APIC Id : 0x0000000000000000
[hi]CPU Id        : 10 0f 83 00 00 00 00 00 - 00 08 20 00 00 00 00 00
                0b 32 d8 76 00 00 00 00 - ff fb 8b 17 00 00 00 00
                00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00[/hi]

Proc. Info 0  @ ffffda032906a100
I have never spent much time on that part specifically, but I believe it reflects the state of the CPU.

!cpuid isn't going to tell you much about the CPU itself, the following is from another dump. All you see is
  • the processor #,
  • the processor family number,
  • the processor model number,
  • the processor stepping size,
  • the vendor and
  • the speed of the processor core.
Code: 
kd> !cpuid
CP  F/M/S  Manufacturer     MHz
 0  6,58,9  GenuineIntel    2494
 
axe0 said:
That'll be a lack of info, but what I mean is this.
Code: 
22: kd> !errrec ffffda032906a038
===============================================================================
Common Platform Error Record @ ffffda032906a038
-------------------------------------------------------------------------------
Record Id     : 01d7b793fb849dcb
Severity      : Fatal (1)
Length        : 3192
Creator       : Microsoft
Notify Type   : BOOT Error Record
Timestamp     : 10/2/2021 13:47:13 (UTC)
Flags         : 0x00000002 PreviousError

===============================================================================
Section 0     : x86/x64 Processor Specific
-------------------------------------------------------------------------------
Descriptor    @ ffffda032906a0b8
Section       @ ffffda032906a100
Offset        : 200
Length        : 224
Flags         : 0x00000001 Primary
Severity      : Fatal
FRU Text      : ProcessorError

Local APIC Id : 0x0000000000000000
[hi]CPU Id        : 10 0f 83 00 00 00 00 00 - 00 08 20 00 00 00 00 00
                0b 32 d8 76 00 00 00 00 - ff fb 8b 17 00 00 00 00
                00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00[/hi]

Proc. Info 0  @ ffffda032906a100
I have never spent much time on that part specifically, but I believe it reflects the state of the CPU.

!cpuid isn't going to tell you much about the CPU itself, the following is from another dump. All you see is
  • the processor #,
  • the processor family number,
  • the processor model number,
  • the processor stepping size,
  • the vendor and
  • the speed of the processor core.
Code: 
kd> !cpuid
CP  F/M/S  Manufacturer     MHz
 0  6,58,9  GenuineIntel    2494
Click to expand...
Thanks, I see the CPU ID now, but where specifically do I look for it. I searched AMD's site and I can see the details about the CPU sockets, threads, cores, etc
However I did not see CPU id. I try to enter it in google and not much. I end up getting top results for software CPUID.
 
Sorry, I think I am wrong here. I'm currently going through the AMD developer manual myself and I believe the CPU Id actually shows the features and capabilities of the CPU.
Developer Guides, Manuals & ISA Documents - AMD

I suggest investigating the error record a bit more if you are up to it to see if there's more information to be found, but I believe there's not much more to be found, if anything more.
 
axe0 said:
Sorry, I think I am wrong here. I'm currently going through the AMD developer manual myself and I believe the CPU Id actually shows the features and capabilities of the CPU.
Developer Guides, Manuals & ISA Documents - AMD

I suggest investigating the error record a bit more if you are up to it to see if there's more information to be found, but I believe there's not much more to be found, if anything more.
Click to expand...
Thank you for your help, It's hard to say what this error is. I checked memory and all running appropriate speed, no memory issues, Bios is updated.
Only thing I can think of is one of the 2 CPU's could be malfunctioning. I may just have to remove one CPU and let it run.
However, I'll wait for the crash to happen again which should happen shortly so I can collect the Full Dump and not mini dump.

In addition, is there a way I can make it crash with a windbg command?
 
You can do live kernel debugging using Windbg, but we don't do that at Sysnative so I can't provide any useful info on that.

Don't you already have a full kernel memory dump? Unless in the recovery options minidumps are specified at least a kernel memory dump is generated.
 
jasieltego said:
In addition, is there a way I can make it crash with a windbg command?
Click to expand...
Yes you can
Forcing a System Crash from the Debugger - Windows drivers
you can also generate a crash by keystroke if you want and prepare your system before to do that
Forcing a System Crash from the Keyboard - Windows drivers
also by loading a special crafted driver can be used to crash win(x), scroll to "use the notmyfault_tool"
Generate a kernel or complete crash dump - Windows Client Management

do your personal crash:ROFLMAO:
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top