How can I interpret a windows dmp file analysis using Windbg?
Solution 1
For a really quick high level information set try:
!analyze -v
This will give you a bunch of related information, including a detailed stack trace.
The windows team blogs are pretty useful resources, the article at the link below goes into some good detail on what this particular command does:
Debug 101: What does !analyze do? - Microsoft Tech Community
Also check the NTDebugging blog for extremely detailed articles.
Solution 2
Your 'tcpip.sys' can be using a buggy network driver. Try to uninstall it (or them) and see what happens.
Also it can be buggy itself: with proprietary software you never know what is really happening :) But at the first glance Attempt to read from address ffffffffffffffff
is very strange: looks like pointer arithmetics error.
To read the output, you need to know WinAPI. Try to Google for the functions you meet: like IppFlushNeighborSet()
. This can help you to understand what's happening, and maybe it'll point on something.
Related videos on Youtube
li ki
Updated on September 17, 2022Comments
-
li ki over 1 year
I have uploaded the full debug output here.
I've got a Windows 7 RTM 64 bit machine that is crashing intermittently and I managed to load the correct symbols and get what seems to be a proper analysis. I don't know where to go from here or go about fixing the problem since it seems to be blaming it on tcpip.sys. Although I don't really know how to read this output, the following excerpts from the WinDBG seem relevant:
CURRENT_IRQL: 2 EXCEPTION_RECORD: fffff80000b9c058 -- (.exr 0xfffff80000b9c058) ExceptionAddress: fffff80002abb2b6 (nt!RtlEnumerateEntryHashTable+0x0000000000000080) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff FOLLOWUP_IP: tcpip!IppFlushNeighborSet+ba fffff880`0186e22a 4885c0 test rax,rax SYMBOL_STACK_INDEX: 8 SYMBOL_NAME: tcpip!IppFlushNeighborSet+ba FOLLOWUP_NAME: MachineOwner MODULE_NAME: tcpip IMAGE_NAME: tcpip.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc26e FAILURE_BUCKET_ID: X64_0x1E_tcpip!IppFlushNeighborSet+ba BUCKET_ID: X64_0x1E_tcpip!IppFlushNeighborSet+ba