There are some good books by John Robbins on debugging on windows, Microsoft WIndows Internals by Russinovich and Solomon also are good resources. There are also some good white papers on Microsoft regarding WinDbg - you can get to the same resources from this link - http://www.microsoft.com/whdc/devtools/debugging/resources.mspx Randhir Vayalambrone
----- Original Message ---- From: Jeremy <[EMAIL PROTECTED]> To: [email protected] Sent: Tuesday, July 3, 2007 12:51:18 PM Subject: Help debugging a problem - Virtual Server 2005 Found a packet that causes a Microsoft Windows Server 2003 R2 to blue screen even if the firewall is turned on. The server is unning Virtual Server 2005 R2 SP1 with an XP virtual machine. The packet needs to be sent to the virtual machine and it causes an exception in the VMNetSrv.sys. Interesting is after causing a blue screen about 6-8 times, the packet will not work anymore. However if you reinstall Virtual Server then it will work again. I opened the crash file with WinDbg, to try to figure out what is causing the crash. I am new to using WinDbg and trying to debug problems, so I am asking for help on how to debug, or resources (books or websites) where I can go to look up information. Thanks, Jeremy I am including an analysis of the dump file from WinDbg: ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: e225a000, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: f75c8343, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: e225a000 CURRENT_IRQL: 2 FAULTING_IP: VMNetSrv+1343 f75c8343 ?? ??? CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0xD1 PROCESS_NAME: vssrvc.exe TRAP_FRAME: f789ea80 -- (.trap 0xfffffffff789ea80) ErrCode = 00000000 eax=e225a000 ebx=00000000 ecx=025370af edx=000067ae esi=00000001 edi=00000000 eip=f75c8343 esp=f789eaf4 ebp=e2256f60 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 VMNetSrv+0x1343: f75c8343 ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from f75c8343 to 80837ed5 STACK_TEXT: f789ea80 f75c8343 badb0d00 000067ae f789eac8 nt!KiTrap0E+0x2a7 WARNING: Stack unwind information not available. Following frames may be wrong. f789eaf0 85e0b610 e2256f16 00000005 85e219d8 VMNetSrv+0x1343 f789eb74 8081fdb5 f75cd688 85cf75d0 00000000 0x85e0b610 f789eb84 85a46140 f789eba8 85cf7598 85cf75d0 nt!KeResetEvent+0x34 00000000 00000000 00000000 00000000 00000000 0x85a46140 STACK_COMMAND: kb FOLLOWUP_IP: VMNetSrv+1343 f75c8343 ?? ??? SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: VMNetSrv+1343 FOLLOWUP_NAME: MachineOwner MODULE_NAME: VMNetSrv IMAGE_NAME: VMNetSrv.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4639dc03 FAILURE_BUCKET_ID: 0xD1_VMNetSrv+1343 BUCKET_ID: 0xD1_VMNetSrv+1343 Followup: MachineOwner --------- ____________________________________________________________________________________ Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 ____________________________________________________________________________________ Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097
