How can I interpret a windows dmp file analysis using Windbg?

windows-7 analysis windbg
11,221

Solution 1

For a really quick high level information set try:

!analyze -v

This will give you a bunch of related information, including a detailed stack trace.

The windows team blogs are pretty useful resources, the article at the link below goes into some good detail on what this particular command does:

Debug 101: What does !analyze do? - Microsoft Tech Community

Also check the NTDebugging blog for extremely detailed articles.

Solution 2

Your 'tcpip.sys' can be using a buggy network driver. Try to uninstall it (or them) and see what happens.

Also it can be buggy itself: with proprietary software you never know what is really happening :) But at the first glance Attempt to read from address ffffffffffffffff is very strange: looks like pointer arithmetics error.

To read the output, you need to know WinAPI. Try to Google for the functions you meet: like IppFlushNeighborSet(). This can help you to understand what's happening, and maybe it'll point on something.

Share:
11,221

Related videos on Youtube

li ki
Author by

li ki

Updated on September 17, 2022

Comments

  • li ki
    li ki over 1 year

    I have uploaded the full debug output here.

    I've got a Windows 7 RTM 64 bit machine that is crashing intermittently and I managed to load the correct symbols and get what seems to be a proper analysis. I don't know where to go from here or go about fixing the problem since it seems to be blaming it on tcpip.sys. Although I don't really know how to read this output, the following excerpts from the WinDBG seem relevant:

    CURRENT_IRQL:  2
    
EXCEPTION_RECORD:  fffff80000b9c058 -- (.exr
 0xfffff80000b9c058)
ExceptionAddress: fffff80002abb2b6 (nt!RtlEnumerateEntryHashTable+0x0000000000000080)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

FOLLOWUP_IP: 
tcpip!IppFlushNeighborSet+ba
fffff880`0186e22a 4885c0          test
rax,rax

SYMBOL_STACK_INDEX:  8

SYMBOL_NAME: 
tcpip!IppFlushNeighborSet+ba

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: tcpip

IMAGE_NAME:  tcpip.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc26e

FAILURE_BUCKET_ID: 
X64_0x1E_tcpip!IppFlushNeighborSet+ba

BUCKET_ID: 
X64_0x1E_tcpip!IppFlushNeighborSet+ba

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windbg crash dump analysis
Local Kernel Debugging on Windows 7 - WinDBG and LiveKD both give errors
How to install WinDbg on a PC without internet connection
where can I get windbg for windows 7 64bit without the whole sdk?
analysis_options.yaml the included file not found
USB 3.0 to SATA external drive connected but not visible in Windows explorer
How to solve: Intel Network driver won't install? "no supported network connection exists", Windows 10, Dell Latitude E6420
How to enable, disable, and switch between internal and external microphones in Windows 7?
How to apply Ubuntu font in Windows 7
Is it possible to configure a virtual network interface on Windows7?