help reading pstat & dumpchk results pls

  • Thread starter Thread starter Wendy.J
  • Start date Start date
W

Wendy.J

My Win2K SP4 all the latest critical patches machine just crashes every few
hours.
So in order to troubleshoot the problem, I have used checkdmp to read the
mini-dmp file(s) and then pstat -v >dumpfile.txt command to give me the clue
what could be causing it.
I am still stumped , or should I say dumped :-) by the result.
Here are the results of the dump file and the pstat command pasted below.

When I check for some hardware running on the exception address of 0x800 etc
I don't understand the result . Can anyone assist here?


DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0x820da000
PsLoadedModuleList . .0x8046e1b8
PsActiveProcessHead. .0x8046e460
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x0000004e
BugCheckParameter1 . .0x0000008f
BugCheckParameter2 . .0x00013c4c
BugCheckParameter3 . .0x0000624c
BugCheckParameter4 . .0x00000000

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x80449eed
_________________________

result of pstat command ( abridged for posting purposes )

0:00:00.015 0:00:00.015 3064 804 1888 8 94 4 800 MDM.EXE
c 13 1 804190F0 0:00:00.000 0:00:00.000 Wait:EventPairLow
10 14 28 804190F0 0:00:00.000 0:00:00.000 Wait:EventPairLow
14 13 7209 804190F0 0:00:00.000 0:00:00.078 Wait:EventPairLow
18 13 6294 804190F0 0:00:00.000 0:00:00.046 Wait:EventPairLow
1c 13 7187 804190F0 0:00:00.000 0:00:00.046 Wait:EventPairLow
20 13 975 804190F0 0:00:00.000 0:00:00.140 Wait:EventPairLow
24 12 21791 804190F0 0:00:00.000 0:00:00.296 Wait:EventPairLow
28 12 668 804190F0 0:00:00.000 0:00:00.218 Wait:EventPairLow
2c 15 1040 804190F0 0:00:00.000 0:00:00.000 Wait:EventPairLow
30 14 3204 804C7248 0:00:00.000 0:00:00.000 Wait:Executive
34 18 1 8043999D 0:00:00.000 0:00:00.000 Wait:VirtualMemory
38 17 1203 804EE5F1 0:00:00.000 0:00:00.000 Wait:FreePage
3c 16 48473 804641D6 0:00:00.000 0:00:00.000 Wait:Executive
40 23 595588 804642D5 0:00:00.000 0:00:00.000 Wait:Executive
44 16 1 8041E68D 0:00:00.000 0:00:00.000 Wait:EventPairLow
48 17 1 8041E68D 0:00:00.000 0:00:00.000 Wait:EventPairLow
50 17 27 8043D327 0:00:00.000 0:00:00.000 Wait:VirtualMemory
804 9 17 7C57B700 0:00:00.000 0:00:00.000 Wait:UserRequest
pid:320 pri: 8 Hnd: 94 Pf: 804 Ws: 3064K MDM.EXE
ntoskrnl.exe 80400000 445568 97600 776448 Wed Jun 11 12:37:06 2003
i8042prt.sys EB470000 10208 224 21600 Wed Apr 16 11:00:59 2003
 
My Win2K SP4 all the latest critical patches machine just crashes
every few hours.
So in order to troubleshoot the problem, I have used checkdmp to read
the mini-dmp file(s) and then pstat -v >dumpfile.txt command to give
me the clue what could be causing it.
I am still stumped , or should I say dumped :-) by the result.
Here are the results of the dump file and the pstat command pasted
below.

When I check for some hardware running on the exception address of
0x800 etc I don't understand the result . Can anyone assist here?


DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0x820da000
PsLoadedModuleList . .0x8046e1b8
PsActiveProcessHead. .0x8046e460
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0x0000004e
BugCheckParameter1 . .0x0000008f
BugCheckParameter2 . .0x00013c4c
BugCheckParameter3 . .0x0000624c
BugCheckParameter4 . .0x00000000

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x80449eed
_________________________

result of pstat command ( abridged for posting purposes )

0:00:00.015 0:00:00.015 3064 804 1888 8 94 4 800
MDM.EXE
c 13 1 804190F0 0:00:00.000 0:00:00.000
Wait:EventPairLow
10 14 28 804190F0 0:00:00.000 0:00:00.000
Wait:EventPairLow 14 13 7209 804190F0 0:00:00.000
0:00:00.078 Wait:EventPairLow 18 13 6294 804190F0 0:00:00.000
0:00:00.046 Wait:EventPairLow 1c 13 7187 804190F0
0:00:00.000 0:00:00.046 Wait:EventPairLow 20 13 975 804190F0
0:00:00.000 0:00:00.140 Wait:EventPairLow 24 12 21791
804190F0 0:00:00.000 0:00:00.296 Wait:EventPairLow 28 12
668 804190F0 0:00:00.000 0:00:00.218 Wait:EventPairLow 2c 15
1040 804190F0 0:00:00.000 0:00:00.000 Wait:EventPairLow 30 14
3204 804C7248 0:00:00.000 0:00:00.000 Wait:Executive 34 18
1 8043999D 0:00:00.000 0:00:00.000 Wait:VirtualMemory 38 17
1203 804EE5F1 0:00:00.000 0:00:00.000 Wait:FreePage 3c 16
48473 804641D6 0:00:00.000 0:00:00.000 Wait:Executive 40 23
595588 804642D5 0:00:00.000 0:00:00.000 Wait:Executive 44 16
1 8041E68D 0:00:00.000 0:00:00.000 Wait:EventPairLow 48 17
1 8041E68D 0:00:00.000 0:00:00.000 Wait:EventPairLow 50 17
27 8043D327 0:00:00.000 0:00:00.000 Wait:VirtualMemory
804 9 17 7C57B700 0:00:00.000 0:00:00.000 Wait:UserRequest
pid:320 pri: 8 Hnd: 94 Pf: 804 Ws: 3064K MDM.EXE
ntoskrnl.exe 80400000 445568 97600 776448 Wed Jun 11 12:37:06 2003
i8042prt.sys EB470000 10208 224 21600 Wed Apr 16 11:00:59 2003
Click to expand...

You will not be able to get much farther without reading a kernel memory
dump and even that might not show the bad driver/hardware. Basically you
have a hardware problem or a kernel driver that is corrupting IO address
space. Here is the article on it. Pstat will not tell you anything.

http://support.microsoft.com/default.aspx?scid=kb;en-us;29180

Have you added any hardware or changed any drivers recently. If so start
there. If not I would enable driver verifier to check all drivers. It
may give you a different stop error that flags the bad driver.

Run "verifier /flags 9" and reboot.

Leonard Severt

Windows 2000 Server Setup Team
 
Leonard said:
You will not be able to get much farther without reading a kernel
memory dump and even that might not show the bad driver/hardware.
Basically you have a hardware problem or a kernel driver that is
corrupting IO address space. Here is the article on it. Pstat will
not tell you anything.

http://support.microsoft.com/default.aspx?scid=kb;en-us;29180

Have you added any hardware or changed any drivers recently. If so
start there. If not I would enable driver verifier to check all
drivers. It may give you a different stop error that flags the bad
driver.

Run "verifier /flags 9" and reboot.

Leonard Severt

Windows 2000 Server Setup Team
Click to expand...

Do you have to run the command with an output file switch also?
eg. verifier /flags 9 /log outputfile.txt
or something like that ??
 
Do you have to run the command with an output file switch also?
eg. verifier /flags 9 /log outputfile.txt
or something like that ??
Click to expand...

No this does not turn on any file logging. Actually I see I left out
something. I should have said "verifier /flags 9 /all" . It enables
Windows monitoring of drivers for specific invalid actions. Hopefully it
will catch the bad driver and produce a stop error that list the bad
driver. If you want to see the GUI for Verifier just run it without any
switches.

Leonard Severt

Windows 2000 Server Setup Team
 
Back
Top