Feb 03

Decoding a MEMORY.DMP file should be easier

My new custom built PC running Windows Server 2008 R2 with Hyper-V at Microsoft with an Intel Core i7 950, 12GB RAM, triple channel DDR3 memory system, 120GB SSD, and etc. was randomly crashing this week. Very very annoying.

I have a MEMORY.DMP file. How do I read that… MSDN points you to several articles telling you to run a DUMPCHK.EXE program. The Web installer for the Windows SDK which has this utility is broken. The .ISO download does work, but I failed to find a utility I was comfortable using to extract the file and I didn’t want to burn a disk. I also gathered that you could use WinDbg to parse a MEMORY.DMP file. However, the same problem of locating WinDbg existed.

Shortcut for internal Microsoft employees: http://dbg/ is the WinDbg team! They had the latest installer available there to run! Yay!

WinDbg allows you to load the MEMORY.DMP file. However, it still doesn’t help much unless you tell WinDbg where the symbols are for it to use during decoding. In WinDbg use the File -> Symbol File Path… command. I entered SRV*\\symbols\symbols there which works inside of Microsoft. Outside of Microsoft you would use C:\localsymbols*http://msdl.microsoft.com/download/symbols which will cache them at the C:\localsymbols location and use the public symbols server.

Then you use File -> Open Crash Dump… to open the MEMORY.DMP file.

After all this I finally saw the critical part of the crash dump:

An expected clock interrupt was not received on a secondary processor in an MP system within the allocated interval. This indicates that the specified processor is hung and not processing interrupts.

A co-worker then pointed me to this optional Windows Update: http://support.microsoft.com/kb/2264080 which fixes the problem I was having.

Problem solved!!!