Reply to thread

Message

I added a line at the top of the article to get people's attention of the somber truth that minidumps are worthless for these bugchecks.

Btw, when or if you plan on looking at the kernel dump, a quick way of running through data on all the processors instead of having to tediously having to churn out the thread for each processor is using the !running command:

[code]0: kd> !running -it

System Processors: (000000000000000f)
Idle Processors: (0000000000000000) (0000000000000000) (0000000000000000) (0000000000000000)

   Prcbs    Current    (pri) Next (pri) Idle
0 fffff80002df3e80 fffffa8006261060 ( 8)    fffff80002e01cc0 ................

Child-SP RetAddr    Call Site
fffff880`08cd6918 fffff800`02cd7f3a nt!KeBugCheckEx
fffff880`08cd6920 fffff800`02c8ace7 nt! ?? ::FNODOBFM::`string'+0x4e2e
fffff880`08cd69b0 fffff800`031f4895 nt!KeUpdateSystemTime+0x377
fffff880`08cd6ab0 fffff800`02c7d713 hal!HalpHpetClockInterrupt+0x8d
fffff880`08cd6ae0 00000000`7518cffd nt!KiInterruptDispatchNoLock+0x163
00000000`0008e350 00000000`00000000 0x7518cffd

1 fffff880009ec180 fffff880009f6fc0 ( 0) fffffa800394f540 (22) fffff880009f6fc0 ................

Child-SP RetAddr    Call Site
00000000`00000000 00000000`00000000 0x0

2 fffff88002f65180 fffffa80036aead0 (16) fffffa80036ae5e0 (23) fffff88002f6ffc0 ................

Child-SP RetAddr    Call Site
fffff880`03316740 fffff800`02c6afe4 nt!KeFlushMultipleRangeTb+0x260
fffff880`03316810 fffff800`02cf94f5 nt!MiAgeWorkingSet+0x64a
fffff880`033169c0 fffff800`02c6b116 nt! ?? ::FNODOBFM::`string'+0x4cd46
fffff880`03316a40 fffff800`02c6b5cb nt!MmWorkingSetManager+0x6e
fffff880`03316a90 fffff800`02f17e6a nt!KeBalanceSetManager+0x1c3
fffff880`03316c00 fffff800`02c71f06 nt!PspSystemThreadStartup+0x5a
fffff880`03316c40 00000000`00000000 nt!KiStartSystemThread+0x16

3 fffff88002fd7180 fffffa80037c02c0 (11) fffffa80065ffb50 (21) fffff88002fe1fc0 ................

Child-SP RetAddr    Call Site
fffff880`09462880 fffff800`02cb5acd nt!KxFlushEntireTb+0x93
fffff880`094628c0 fffff800`02cd9e90 nt!KeFlushTb+0x119
fffff880`09462940 fffff800`02c8de8d nt! ?? ::FNODOBFM::`string'+0xae02
fffff880`09462980 fffff800`02c7f2ee nt!MmAccessFault+0xa7d
fffff880`09462ae0 00000000`6862ce6a nt!KiPageFault+0x16e
00000000`0e29fba0 00000000`00000000 0x6862ce6a
[/code]

The "i" argument causes it to display idle procs too, and "t" displays the stack trace for the thread running on each proc. Of course, to get the IRQLs and some other PRCB/PCR data, you unfortunately still have to type !irql or !prcb for each separate proc. Oh, and concerning the line of periods at the end of each, those are related to spinlock queues. Read up on it from the Windbg help manual for !running, as well as Windows Internals book on the chapter about Processes and Threads.

<blockquote data-quote="Vir Gnarus" data-source="post: 20484" data-attributes="member: 60">I added a line at the top of the article to get people&#039;s attention of the somber truth that minidumps are worthless for these bugchecks.Btw, when or if you plan on looking at the kernel dump, a quick way of running through data on all the processors instead of having to tediously having to churn out the thread for each processor is using the !running command:[code]0: kd&gt; !running -itSystem Processors:&nbsp; (000000000000000f)&nbsp; Idle Processors:&nbsp; (0000000000000000) (0000000000000000) (0000000000000000) (0000000000000000)&nbsp; &nbsp; &nbsp;&nbsp; Prcbs&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Current&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; (pri) Next&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; (pri) Idle&nbsp; 0&nbsp; &nbsp; fffff80002df3e80&nbsp; fffffa8006261060 ( 8)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; fffff80002e01cc0&nbsp; ................Child-SP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RetAddr&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Call Sitefffff880`08cd6918 fffff800`02cd7f3a nt!KeBugCheckExfffff880`08cd6920 fffff800`02c8ace7 nt! ?? ::FNODOBFM::`string&#039;+0x4e2efffff880`08cd69b0 fffff800`031f4895 nt!KeUpdateSystemTime+0x377fffff880`08cd6ab0 fffff800`02c7d713 hal!HalpHpetClockInterrupt+0x8dfffff880`08cd6ae0 00000000`7518cffd nt!KiInterruptDispatchNoLock+0x16300000000`0008e350 00000000`00000000 0x7518cffd&nbsp; 1&nbsp; &nbsp; fffff880009ec180&nbsp; fffff880009f6fc0 ( 0) fffffa800394f540 (22) fffff880009f6fc0&nbsp; ................Child-SP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RetAddr&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Call Site00000000`00000000 00000000`00000000 0x0&nbsp; 2&nbsp; &nbsp; fffff88002f65180&nbsp; fffffa80036aead0 (16) fffffa80036ae5e0 (23) fffff88002f6ffc0&nbsp; ................Child-SP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RetAddr&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Call Sitefffff880`03316740 fffff800`02c6afe4 nt!KeFlushMultipleRangeTb+0x260fffff880`03316810 fffff800`02cf94f5 nt!MiAgeWorkingSet+0x64afffff880`033169c0 fffff800`02c6b116 nt! ?? ::FNODOBFM::`string&#039;+0x4cd46fffff880`03316a40 fffff800`02c6b5cb nt!MmWorkingSetManager+0x6efffff880`03316a90 fffff800`02f17e6a nt!KeBalanceSetManager+0x1c3fffff880`03316c00 fffff800`02c71f06 nt!PspSystemThreadStartup+0x5afffff880`03316c40 00000000`00000000 nt!KiStartSystemThread+0x16&nbsp; 3&nbsp; &nbsp; fffff88002fd7180&nbsp; fffffa80037c02c0 (11) fffffa80065ffb50 (21) fffff88002fe1fc0&nbsp; ................Child-SP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RetAddr&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Call Sitefffff880`09462880 fffff800`02cb5acd nt!KxFlushEntireTb+0x93fffff880`094628c0 fffff800`02cd9e90 nt!KeFlushTb+0x119fffff880`09462940 fffff800`02c8de8d nt! ?? ::FNODOBFM::`string&#039;+0xae02fffff880`09462980 fffff800`02c7f2ee nt!MmAccessFault+0xa7dfffff880`09462ae0 00000000`6862ce6a nt!KiPageFault+0x16e00000000`0e29fba0 00000000`00000000 0x6862ce6a[/code]The &quot;i&quot; argument causes it to display idle procs too, and &quot;t&quot; displays the stack trace for the thread running on each proc. Of course, to get the IRQLs and some other PRCB/PCR data, you unfortunately still have to type !irql or !prcb for each separate proc. Oh, and concerning the line of periods at the end of each, those are related to spinlock queues. Read up on it from the Windbg help manual for !running, as well as Windows Internals book on the chapter about Processes and Threads.</blockquote>

[QUOTE="Vir Gnarus, post: 20484, member: 60"] I added a line at the top of the article to get people's attention of the somber truth that minidumps are worthless for these bugchecks. Btw, when or if you plan on looking at the kernel dump, a quick way of running through data on all the processors instead of having to tediously having to churn out the thread for each processor is using the [I]!running[/I] command: [code]0: kd> !running -it System Processors: (000000000000000f) Idle Processors: (0000000000000000) (0000000000000000) (0000000000000000) (0000000000000000) Prcbs Current (pri) Next (pri) Idle 0 fffff80002df3e80 fffffa8006261060 ( 8) fffff80002e01cc0 ................ Child-SP RetAddr Call Site fffff880`08cd6918 fffff800`02cd7f3a nt!KeBugCheckEx fffff880`08cd6920 fffff800`02c8ace7 nt! ?? ::FNODOBFM::`string'+0x4e2e fffff880`08cd69b0 fffff800`031f4895 nt!KeUpdateSystemTime+0x377 fffff880`08cd6ab0 fffff800`02c7d713 hal!HalpHpetClockInterrupt+0x8d fffff880`08cd6ae0 00000000`7518cffd nt!KiInterruptDispatchNoLock+0x163 00000000`0008e350 00000000`00000000 0x7518cffd 1 fffff880009ec180 fffff880009f6fc0 ( 0) fffffa800394f540 (22) fffff880009f6fc0 ................ Child-SP RetAddr Call Site 00000000`00000000 00000000`00000000 0x0 2 fffff88002f65180 fffffa80036aead0 (16) fffffa80036ae5e0 (23) fffff88002f6ffc0 ................ Child-SP RetAddr Call Site fffff880`03316740 fffff800`02c6afe4 nt!KeFlushMultipleRangeTb+0x260 fffff880`03316810 fffff800`02cf94f5 nt!MiAgeWorkingSet+0x64a fffff880`033169c0 fffff800`02c6b116 nt! ?? ::FNODOBFM::`string'+0x4cd46 fffff880`03316a40 fffff800`02c6b5cb nt!MmWorkingSetManager+0x6e fffff880`03316a90 fffff800`02f17e6a nt!KeBalanceSetManager+0x1c3 fffff880`03316c00 fffff800`02c71f06 nt!PspSystemThreadStartup+0x5a fffff880`03316c40 00000000`00000000 nt!KiStartSystemThread+0x16 3 fffff88002fd7180 fffffa80037c02c0 (11) fffffa80065ffb50 (21) fffff88002fe1fc0 ................ Child-SP RetAddr Call Site fffff880`09462880 fffff800`02cb5acd nt!KxFlushEntireTb+0x93 fffff880`094628c0 fffff800`02cd9e90 nt!KeFlushTb+0x119 fffff880`09462940 fffff800`02c8de8d nt! ?? ::FNODOBFM::`string'+0xae02 fffff880`09462980 fffff800`02c7f2ee nt!MmAccessFault+0xa7d fffff880`09462ae0 00000000`6862ce6a nt!KiPageFault+0x16e 00000000`0e29fba0 00000000`00000000 0x6862ce6a [/code] The "i" argument causes it to display idle procs too, and "t" displays the stack trace for the thread running on each proc. Of course, to get the IRQLs and some other PRCB/PCR data, you unfortunately still have to type [I]!irql[/I] or [I]!prcb[/I] for each separate proc. Oh, and concerning the line of periods at the end of each, those are related to spinlock queues. Read up on it from the Windbg help manual for [I]!running[/I], as well as Windows Internals book on the chapter about Processes and Threads. [/QUOTE]

Verification