Need Help Creating Complete Dump on XP

Hi,

I'm attempting to debug an OS crash at startup using the system dumps.

The crash happens in all modes but safe mode. In safe mode, I enable the complete dump from the advanced tab in System Properties. From the Startup and Recovery screen, I write an event to the system log and write complete memory dump information to either the default file name or my own file name.

When the system crashes, I restart the system in safe mode but I don't see the file being created. Is there something I am overlooking?

 

Yeah, that 's right.
Dump XP it will happen when You adjust FSB of CPU is higher than Ram and You did not adjust timmings of ram or balancing ram Frequency between Ram/FSB
(1/1, 9/10, 5/6, 3/4, 2/3, 3/5, 1/2....).
increase a little Vcore of CPU and ram higher

 

Thanks for responding.

I don't think that changes to the CPU settings has caused this problem. I have a backup HD that boots OK. The dump occurs at boot time with a stop 0x0000007E error. I thought that it might be because of a bad driver loading.

The system is a P4 1.4 256M RAM.
The FSB is 100, Vcore is 1.7

I wanted to look at a dump to see if by debugging the dump I could see what causes the blue screen.

Any suggestions?

 

Base on the System, when you load DF in bios, this Error message happen when harewares is not stable, should you try another of ram.

 

The location of the dump file is located (usually) here:

c:\windows\minidump

Usually, that 0x7e error represents bad memory.

Try testing your memory with:

Memtest86+

http://www.majorgeeks.com/download.php?det=4226

 

Hi,

How do I use memtest? There is an .iso file within the .zip.

Also, if there was a problem with the memory, wouldn't it show in safe mode also? The dump only happens in normal mode. Also, it appeared that when I went into the bios (without making any changes) the computer booted in normal mode for the first time, then subsequent times it dumped with the 0x7E

 

Burn a CD from ISO image with Nero or any CD burner sofware. Don't burn the file itself to the disk or it won't work. You don't run the program from windows, it is a stanalone application that loads and runs at boot. Put the CD you created in your CD drive, restart the computer, make sure that your BIOS options are set to boot from CD-ROM. The programs boots and runs. Follow the on screen instructions.

 

Hi,

Thanks. Memtest86+ has been running for the past 3:19:00, completed 20 passes without any errors.

Again, since I was able to boot successfully with another HD, and I am able to boot in safe mode, I wonder if it is something other than memory. I would think that the memory would fail in all boot scenarios.

I'll report back when memtest is done.

 

If it didn't find any problems in the first 5 passes then your memory is OK. I would say the you problem is a driver. Minidumps are stored in C:\Windows\Minidump you don't want a complete sytem dump file, it will take up like your entire drive. Check out this post; it might be helpful. Post #20 from Prompt Command

 

Thanks. I didn't realize that memtest continues to run the same tests over and over until I stop it.

After stopping memtest, I rebooted the machine and it loaded correctly in normal mode. I was able to see that the AVG installation was somehow corrupted, I repaired the installation, updated the definitions and I am now scanning the computer for viruses. After it is done, I'll reboot to see if I get a BSOD again.

I haven't been able to get a dump file. There is nothing in Windows\minidump or any dump files on the HD when I performed a search.

 

Hi,

After running memtest86+ and rebooting I was able to boot in normal mode. I repaired the AVG installation because it reported errors. I scanned with AVG and it found Downloader.Purityscan.U which was deleted. I rebooted several times and everything appeared OK. I updated XP, rebooted several times and everything appeared OK.

I shut down the computer overnight and when I booted this morning the stop error occurred once again.

I'm at a loss. Why would running memtest seemingly correct the problem temporarily?

Any suggestions on what to do from here would help a lot.

 

Follow everything from this thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal. Sounds like you may have a malware problem.

 

Thanks,

Did all of that stuff already. Everything appeared clean before the last shutdown. Rebooting got me back to square one.

If you think this is a malware problem, I'll follow this up with the Spyware Specific forum.

Thanks a lot for your help.

 

Could be malware could be hardware could be a corrupt driver. Without the dump files, won't know if it is a driver.

 

OK, and that's why I created the title of this post. In Windows\minidump there are no dumps. I can't find any dumps on the HD.

I'll try downloading the debugger tools again and following your post's suggestions. If I am successful at creating a dump I'll forward it to you.

BTW, running memtest86+ didn't help me get a normal boot this time, but saving the BIOS did. All I did was save changes (but no real changes were made).

Is that helpful information?

Thanks much.

 

You might need a new CMOS battery.

 

Interesting post.

Why would you think that, if you don't mind me asking. I thought that the CMOS battery is responsible for power to keep config info stored.

If the battery is bad, wouldn't the clock be unset? Drive parameters, password, etc. too?

Would that affect the OS when booting?

 

System clock would be slow, the battery is responsible for retaining your CMOS settings. If it is getting low, strange things could happen. Besides if your problem is hardware that's the cheapest option.

 

Thanks.

OK. I can't create a dump. I tried a small memory dump. The dump directory is set to %SystemRoot%\Minidump. Whenever I try to locate the file or directory, it doesn't exist.

Is there something that I'm missing? Why isn't the dump being generated?

 

Check this registry key for the following values:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl

CrashDumpEnabled REG_DWORD 0x3
MinidumpDir REG_EXPAND_SZ %SystemRoot%\Minidump

 

MiniDumpDir is set as you specified.

CrashDumpEnabled is set to 0x00000001 (1)

 

CrashDumpEnabled REG_DWORD 0x0 = None
CrashDumpEnabled REG_DWORD 0x1 = Complete memory dump
CrashDumpEnabled REG_DWORD 0x2 = Kernel memory dump
CrashDumpEnabled REG_DWORD 0x3 = Small memory dump (64KB)

Additional registry values for CrashControl:
0x0 = Disabled
0x1 = Enabled

AutoReboot REG_DWORD 0x1
DumpFile REG_EXPAND_SZ %SystemRoot%\Memory.dmp
LogEvent REG_DWORD 0x1
MinidumpDir REG_EXPAND_SZ %SystemRoot%\Minidump
Overwrite REG_DWORD 0x1
SendAlert REG_DWORD 0x1

From MS Article:
Overview of memory dump file options for Windows 2000, for Windows XP, and for Windows Server 2003

 

OK. Great info.

Don't know why the user interface isn't setting the registry values but that, I guess, is a post for another day.

I manually set the registry values of CrashDumpEnabled to Hex 3, Overwrite, SendAlert and LogEvent to Hex 1 and still no dump.

What do you think?

 

Question, can you slave that drive to another and scan it for viruses? If there is a boot sector virus on the drive it normally won't be found if it is the boot drive.

 

I'll create a virus boot disk and see if I can scan the boot sector or slave it and get back to you.

Thanks.

 

Was unable to detect any viruses. Performed online scans, boot scans, slave scans, spyware scans, etc. Actually I did a lot of these previously using the spyware "Read this first" section, and everything is clean.

It looks like I'm going to have to re-install the OS. The OS is not functioning properly (UI not making the registry changes, etc.).

Thanks.

 

Do what you feel best; without the minidumps or error messages, I don't have a starting point, to even suggest a fix. The stop 0x0000007E error makes me think it is hardware realated, double check all your connections inside the case, make sure all your cards and memory are seated correctly. You may even want to unistall, then reload your hardware drivers, mobo drivers included.

 

There is an old backup drive available (about 5 months) that is smaller that boots fine. Unless it's the size of the drive or the drive itself that's bad, it might be best to go to the backup and work from there since I can't produce a dump.

The old drive is 80 GB, the new drive is 160GB.

 

The 160, how many and what size are the partitions? Also, when you put the new drive in, did you do a clean install of windows or did you image the drive from the old drive?

 

The 160 was cloned from the 80 originally. Only 1 partition.

 

That's what is causing your problem. XP doesn't like it when you change major components like the HDD. Do a 'Clean' install of XP on the 160, and that should take care of your problem.

 

Maybe there is no logical answer to this question, but why does it work originally? Why was I able to boot with the cloned drive?

 

Your right, there is no logical answer to that. I do know that when you install XP, and make any major changes in hardware you have to install XP again, in order to get it to behave correctly.

 

I appreciate your time and advice.

Thanks a lot for your insight.