How to open DMP files in Windows 7?

DMP files (dump files) are useful for debugging Windows 7, so you should know how to open and read DMP files in Windows 7 if you want to debug Windows 7. It’s very easy to open DMP files, the difficult part is locating the actual problem and analyzing the DMP file.

How to open DMP files in Windows

In order to open and view DMP files in Windows 7, you first have to install a driver kit and set the symbol path. This will allow you to open DMP files. DMP, dump files are there for you to debug your system, so there’s no way around this.
This shouldn’t take longer than 10 minutes, but if you have a slow connection, downloading the 700MB ISO file (debugging tools) might take a while.

1. Download Windows Driver Kit

To open DMP files, you will need the Windows Debugging Tools (additional download). The Debugging Tools are included in the Windows Driver Kit Version 7.1.0. You have to download this ~700MB large ISO file from Microsoft first.

Download Windows Driver Kit Version 7.1.0

2. Install Driver Kit

I’m usually to lazy to burn ISO files, so I use some tools to open the ISO files and extract the files on it.
So, open the ISO file and extract everything. In the Debuggers directory you will find a x32 and x64 installer for the Windows Debugging Tool. Make sure to install the correct one!

64-bit Windows 7: Run setup_amd64.exe
32-bit Windows 7: Run setup_x86.exe

Important: Select Custom installed and change the location to e.g. C:\Debug\ it will make things easier if you don’t like typing the full path.

Don’t know how to open ISO files? Read this: How to open ISO files in Windows 7

3. Open WinDBG

Either go directly to C:\Debug (or wherever you installed the debugging tools to) and click on windbg.exe:

Debug Tools Windbg.exe

Or open WinDBG via the Start Menu:

Open WinDbg

Set Symbol File Path

1. Create a new folder on your main drive and call it “Symbols”, e.g. C:\Symbols

2. Click on “File” – “Symbol File Path …”:

WinDBG Set Symbol File Path

3. Insert the following path:

SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

Replace “C:\Symbols” with your own folder if you created it somewhere else in step 1.

Open DMP file via WinDBG (CTRL+D)

WinDBG still opened? Good, the quickest way to open DMP files now is the shortcut CTRL+D or go to “File” and click on “Open Crash Dump File..”:

WinDBG Open Crash DUMP DMP File Windows 7

Where are DMP files located?

DMP files are located at O:\Windows\Minidump!

You can change the location where they are stored.

Can’t open DMP files? Permission Error!

If you are receiving a permission error like the one below, you have to take ownership of the DMP files first.

How to open Crash DMP file: Permission error

Usually, the owner is not even set:
Unable to display Current owner

Important: If you still receive the error “you don’t have permission to open this file, contact the system administrator”, copy the DMP file that you want to open and copy it into a subfolder, then it will work.

Let’s analyze the DMP file!

When you’re asked if you want to save the workspace, click yes. WinDBG will now open the DMP file and process it. This will take some time! Have some patience.

Here’s the first Bugcheck Analysis:
DMP Bugcheck Analysis

Of course, we want to dig a little deeper and enter !analyze -v to get detailed information. Now, below the next paragraph “Bugcheck Analysis” you will find some more concrete details. For my DMP file it read:

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff80002c03000, address which referenced memory

In this case I had some corrupt drivers that attempted to access a IRQL that is too high, so my conclusion was to check my drivers. Now that you know the concrete error (my case: DRIVER_CORRUPTED_EXPOOL), you can also do some research and possibly find people with the same problem.

Sidenote: To run the driver verifier enter “verifier” into an elevated command prompt (how to open command prompt), you can then check the settings of currently loaded drivers for example. Keep in mind that this is advanced stuff, so you would have to do some research about it first.

I hope that this helped out some of you guys who wanted to open DMP files. Once you get used to reading DMP files, they can be handy for finding and solving problems in Windows 7 and Windows in general.

Source: http://windows7themes.net/how-to-open-dmp-files-in-windows-7.html

Advertisements

Group permissions not working while user permissions work?!

  1. Double check your share permissions, in addition to your NTFS permissions. If people are logging in remotely the FIRST place they will run into authorization problems is in the share permissions.
  2. Have you tried using the “Effective Permissions” tab in the Advanced section of the security setup? This can be a helpful tool for diagnosing these kinds of problems.
  3. Have you given time for replication to take place? This may not matter if you are in a sufficiently small AD environment, but strange things can appear to happen if you are making changes on one DC and the users are authentication off a different one.
  4. Users need to log off of the domain and then back in again in order to pick up the new group membership. In most cases this will actually involve logging all the way off of their computers in order to get a new access token.

 

Kā iztikt bez restarta?

Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed….

Sometimes Windows networking really does my head in. Not only does it take up to a minute to connect to a network resource that is literally sitting one meter away, it also has annoying limitations such as the one listed in the title of this article.
I have seen this message before and usually disconnecting a network drive would do the trick. This time however the message would just not go away.
After a couple of minutes of Googling I found the solution in the following command:
net use * /delete

Hyper-V WMI: Creating/Applying/Deleting Virtual Machine Snapshots

Hyper-V WMI: Creating/Applying/Deleting Virtual Machine Snapshots

 

imageHyper-V implements a feature known as snapshots, this should not be confused with a SAN snapshot or a VSS snapshot these snapshots are quite different.  A Hyper-V snapshot allows you to save off the current state of a virtual machine even while the virtual machine is running or paused.  You can then you can revert back to this state at a latter point…  You can create tree’s of snapshots (see screen shot), think about application testing when you might need an XP RTM image, XP SP1, XP SP2, XP SP1 that was upgraded to SP2 and then rolled back to SP1 etc…  With a snapshot tree you can create all of these interesting combinations without having to reinstall a physical or virtual machine 20 times… and when the next service pack comes out you can just apply the interesting base snapshots create a new snapshot and install the service pack – Major Time Saver!

The way a snapshot works is that Hyper-V creates a copy of the virtual machine configuration (network connections, disk configuration, cpu count, ram count etc…) Hyper-V then creates a special diffrencing VHD file known as an AVHD for every virtual hard disk connected to the VM to prevent the current VHD from being changed.  If the virtual machine is running a full copy of the guest memory is also saved – unlike a saved state the virtual machine continues to run while this is occurring.  There are a few things that should be noted, since Hyper-V effectively uses a diffrencing VHD to branch the hard disk state VM’s that are using passthough disks or cd’s can not be snapshoted.  Along the same lines just like diffrencing VHD files have a disk read and write performance penalty over a fixed or even dynamically expanding VHD snapshots to incur this cost.  Another thing to note is that the AVHD file and saved memory file by default is located in the same location as the virtual machine configuration, this can be changed either by creating the virtual machine in a non-default location or more comely in the Virtual Machine Settings’s UI under Management (Snapshot File Location).

Snapshot’s are excellent for test and development they are a huge time saver.  They are also great for staging up a server you get the ability to undo when you accidentally type the wrong machine name or password… Just remember to merge your snapshots before putting the server into production, to merge a snapshot you just deleted the snapshot tree with the virtual machine off, it will then start a background merge which you can monitor from the Hyper-V management UI.  When the merge is completed you will have a flat VHD that you can then put into production with no-performance impact.  Now let’s see some code!

Taking a Snapshot
$VMManagementService = Get-WmiObject -Namespace root\virtualization -Class Msvm_VirtualSystemManagementService
$SourceVm = Get-WmiObject -Namespace root\virtualization -Query “Select * From Msvm_ComputerSystem Where ElementName=’VmToSnapshot‘”

$result = $VMManagementService.CreateVirtualSystemSnapshot($SourceVm)
#ProcessWMIJob($result)

Applying a Snapshot
$VMManagementService = Get-WmiObject -Namespace root\virtualization -Class Msvm_VirtualSystemManagementService
$SourceVm = Get-WmiObject -Namespace root\virtualization -Query “Select * From Msvm_ComputerSystem Where ElementName=‘VmToSnapshot’
$Snapshot = Get-WmiObject -Namespace root\virtualization -Query “Associators Of {$SourceVm} Where AssocClass=Msvm_ElementSettingData ResultClass=Msvm_VirtualSystemSettingData”

$result = $VMManagementService.ApplyVirtualSystemSnapshot($SourceVm, $Snapshot)
#ProcessWMIJob($result)

Deleting a Snapshot
$VMManagementService = Get-WmiObject -Namespace root\virtualization -Class Msvm_VirtualSystemManagementService
$SourceVm = Get-WmiObject -Namespace root\virtualization -Query “Select * From Msvm_ComputerSystem Where ElementName=’VmToSnapshot‘”
$Snapshot = Get-WmiObject -Namespace root\virtualization -Query “Associators Of {$SourceVm} Where AssocClass=Msvm_ElementSettingData ResultClass=Msvm_VirtualSystemSettingData”

$result = $VMManagementService.RemoveVirtualSystemSnapshot($Snapshot)
#ProcessWMIJob($result)

Enumerating Snapshots
$SourceVm = Get-WmiObject -Namespace root\virtualization -Query “Select * From Msvm_ComputerSystem Where ElementName=’VmToSnapshot‘”
Get-WmiObject -Namespace root\virtualization -Query “Associators Of {$SourceVm} Where AssocClass=Msvm_ElementSettingData ResultClass=Msvm_VirtualSystemSettingData” | Format-List -Property ElementName, InstanceID
Enumerating Snapshots – With a bit more information…
$SourceVm = Get-WmiObject -Namespace root\virtualization -Query “Select * From Msvm_ComputerSystem Where ElementName=’VmToSnapshot‘”
$Snapshots = Get-WmiObject -Namespace root\virtualization -Query “Associators Of {$SourceVm} Where AssocClass=Msvm_ElementSettingData ResultClass=Msvm_VirtualSystemSettingData”

$script:list = @()
foreach ($Snapshot in $Snapshots)
{
$SnapObj = New-Object -TypeName System.Object
$SnapObj | Add-Member -MemberType NoteProperty -Name SnapshotName -Value $Snapshot.ElementName
$SnapObj | Add-Member -MemberType NoteProperty -Name SnapshotID -Value $Snapshot.InstanceID
$SnapObj | Add-Member -MemberType NoteProperty -Name SnapshotParentName -Value ([WMI]$Snapshot.Parent).ElementName
$script:list += $SnapObj
}
$script:list

ProcessWMIJob Function

Put this block at the top of your script and uncomment the ProcessWMIJob call if you want the function call to wait for completion and provide error messages…

function ProcessWMIJob
{
param
(
[System.Management.ManagementBaseObject]$Result
)

if ($Result.ReturnValue -eq 4096)
{
$Job = [WMI]$Result.Job

while ($Job.JobState -eq 4)
{
Write-Progress $Job.Caption “% Complete” -PercentComplete $Job.PercentComplete
Start-Sleep -seconds 1
$Job.PSBase.Get()
}
if ($Job.JobState -ne 7)
{
Write-Error $Job.ErrorDescription
Throw $Job.ErrorDescription
}
Write-Progress $Job.Caption “Completed” -Completed $TRUE
}
elseif ($Result.ReturnValue -ne 0)
{
Write-Error “Hyper-V WMI Job Failed!”
Throw $Result.ReturnValue
}
}

ENJOY!

Taylor Brown
Hyper-V Integration Test Lead
http://blogs.msdn.com/taylorb