Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

Posts Tagged ‘Dump’

The Case of the IE Hangs and Missing PNG Images (or Killing Two Birds with One Stone)

Posted by William Diaz on January 9, 2012

The initial issue I was asked to look at started with Internet Explorer failing to gracefully exit. Instead, it would just hang and required manual intervention via the Task Manager to kill the iexplore.exe process. I connected remotely to the workstation and ran Process Explorer so I could examine IE’s threads for anything out of the ordinary. Sure enough, I saw the presence of a .tmp file:
Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , , , | 5 Comments »

Your Hard Disk is Failing

Posted by William Diaz on October 5, 2011

Sometimes a BSOD is not a sign of a software issue but instead points to a hardware problem and might help explain the symptoms of bad system performance. That was the case recently when a user complained that she was having troubles trying to logon. The workstation was amazingly slow (can slow be amazing?) and then blue-screened on her randomly. My co-worker was handling this but he happens to sit right next to me and I jumped in when I heard the words “blue screen”. I unkindly interjected with “Lets get a minidump.” While he chatted her up, I went about getting her IP, connected via the UNC, went into C:\Windows\Minidump and grabbed the last two mini dumps for that day.

Minidumps excite me. To understand why, you need to have come across a great amount of support calls that usually end up trumping first tier technical support. Often times, these issues are too vague to narrow down if you don’t know how to handle a BSOD, and the incident remains open longer than it needs because it can’t be explained or reproduced immediately. The mini dump provides a means to sometimes quickly resolve what might otherwise become an unexplained system problem.

Minidumps are small, too. Between 64 and 256KB, they only record the smallest set of useful information that could help identify why the system stopped unexpectedly so there would be no problem copying from over a WAN. Once copied over to my workstation, I opened with WinDbg, clicked the !analyze -v  hyper command. Both dumps produced identical results: Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , , | Leave a Comment »

An Oldie But Still A Goodie–Dr. Watson

Posted by William Diaz on October 3, 2011

A few years ago I started to see several complaints of Internet Explorer crashing in the course of a couple months. The error was one of the rather vague exception messages thrown at the time of the crash and didn’t allude to anything obvious. Tired of not being able to explain through any of the conventional troubleshooting methods, I did a little research into advanced troubleshooting techniques and came across the Windows XP default debugger, Dr. Watson. Sure it sounds a little cheesy but this is actually a helpful little gem that has assisted me in resolving many cases of unexplained application crashes. And even though Microsoft has done away with drwtsn32.exe in all Windows operating systems after XP, the majority of small and large enterprises are still using XP, which means it should be one of core tools of any Windows XP troubleshooting guru. You’ll also see how, despite Microsoft moving to WER, Dr. Watson can still be leveraged by the Windows Vista/7 OS (just for the hell of it).

To use Dr. Watson, you don’t need to do anything. By default, it is the default Windows XP debugger. When an application experiences a exception of sorts that leads to a crash, ideally it is designed to dump that process and create two files, a plain text drwtsn32.log and a dump file named user.dmp, the latter which requires WinDbg to open and analyze. If you are not sure if Dr. Watson is the default debugger, you can run drwtsn32.exe –i to make it the default. You can also confirm by going to HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug and looking in the Debugger string for drwtsn32 -p %ld -e %ld –g:
Read the rest of this entry »

Posted in Troubleshooting, Troubleshooting Tools, Uncategorized | Tagged: , , | Leave a Comment »

Uninstalling Doesn’t Mean Its Been Completely Uninstalled

Posted by William Diaz on October 1, 2011

I don’t trust uninstallers. They always tend to leave something behind. Every now and then one of these orphaned components still ends up not playing well with some other application or the OS, resulting in crashing user-mode apps or the kernel. A good example of this was a previous post where I was experiencing a BSOD when running Process Monitor (read about it here) after installing a Microsoft application.

So, we have a workstation that is about to be sent off to be re-imaged because iLinc, a web conferencing application, is crashing when the user tries to join a session. I intervene because I hate to see these issue written off as unexplained. Who knows, the system gets re-imaged, the user installs some application again and the problem repeats itself (which it would have been the case here).

It happened that Dr. Watson, the Windows XP post-mortem default debugger, was capturing the user-mode crash so I jumped in without hesitation:
Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , , | Leave a Comment »

Don’t Dismiss That Error

Posted by William Diaz on April 28, 2011

Instead, click the click here:
MOOErr1 Read the rest of this entry »

Posted in Office, Troubleshooting | Tagged: , , | Leave a Comment »

Out With the Old, In(stall) With the New

Posted by William Diaz on April 12, 2011

It’s not uncommon for outdated drivers to have a negative impact on user applications. Without knowing how to do some basic crash analysis, finding an outdated problem driver can be quite daunting when you consider how many drivers there are on the average system. However, you can simplify this by looking for or obtaining a crash dump of the application.

In the case here, we have a user complaining of frequent crashes while working in Adobe Photoshop. This is an XP system so I am hoping that Dr Watson, the default post mortem debugger*, is capturing the crash. I ask for the computer name and UNC to the location where the drwtsn32.log and user.dmp files are written when an exception is caught; this can be found in \Documents and Settings\All Users\Application Data\Microsoft\Dr Watson. Both files are there and have a recent modify date-time, and I copy both of these to my system for analysis.

Because Photoshop is primarily graphics, I am guessing we might find a graphics driver somewhere in either file along with an exception. I start by opening the drwtsn32.log, a plain text file that records a history of all the crashes it captured. The file is read from the bottom since this is where the latest information is added. From there, I do a text search going up for the word application to verify that Photoshop is the crashing application:
Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , | Leave a Comment »

Size Matters

Posted by William Diaz on April 8, 2011

Open exiting some client management software program each time, our user ran into the following error: “The instruction at … references memory at …. The memory could not be ‘read’…
This is a network based application that relies on .Net 1.1 so previous troubleshooting involved removing and reinstalling the .Net dependencies, all to no avail. An important detail was overlooked, though, which would have saved us time and get the issue properly escalated: our user was a timekeeper for another user, who also was running into the same error on their workstation when exiting the application. From this minor detail, we could assume the issue was not workstation or user specific.

Beyond this, I have no insight behind the internal workings of this application. But, that did not mean we cannot turn to the power of the dump to get an idea of what was happening. When you encounter such an error dialog, do not click OK, do not pass go, do not collect $200. Instead dump the crashing process.

After creating a .dmp file, I copied it to my workstation and opened with WinDbg from the Windows Debugging Tools. In the only thread was an important clue in the top frame of the stack (you read threads and stacks going up, so this would be the last routine before crashing):
cmsbase is the module and the “!” tells us where the function starts, in this case CMSTempFile Size. Then user heard me muttering to myself this and noted that the attorney’s Subscription List was rather large. Upon escalation to the software developer, this issue was confirmed as a bug with large subscription lists. To correct, the subscription list needed to be shortened (or recreated in cases where it persisted).

Posted in Troubleshooting | Tagged: , | Leave a Comment »

The Case of the Print to PDF Hangs

Posted by William Diaz on April 4, 2011

One morning I started hearing a few reports of cases where users were not able to print to the BullZip PDF software printing device. After a wait of 5 minutes, the BullZip printer would return the following error: “An error occurred. Error 1008: Ghostscript timed out – Make PDF

Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , | Leave a Comment »

Another Instance of Internet Explorer Crashing (or Update Your IE Add-Ons)

Posted by William Diaz on October 13, 2010

It doesn’t surprise me when Internet Explorer crashes. Instead, I remain calm and collected (most of the time). I don’t expect the average person to know why or how it happened and I expect them to take the opposite approach and be fed up with IE. But with everything that’s happening with the endless number of add-ons that it needs to support and the dynamic nature of web content, it’s amazing it works more often than not. So, here I was asked to explore the latest case of IE crashing. Our user has logged into an online document collaboration site. They need to open and print several dozen documents. About half the time, the client is interrupted by the following error before IE crashes: “Microsoft Visual C++ Runtime Library. Runtime Error!.. iexplore.exe. abnormal program termination

Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , | Leave a Comment »

Process Monitor & the BSOD

Posted by William Diaz on August 24, 2010

Very rarely do I ever experience a Blue Screen of Death. In fact, I can’t recall the last time I did, so it was worth taking a photo of:
Read the rest of this entry »

Posted in Troubleshooting | Tagged: , , , | 2 Comments »