hi guys dont know if any of you on iexbeta or ms professionals or mvp but if u r id appreciate your help

my system has been having its unfair share of BSOD recntly and up until now i didnt know what to do so in desparation i found on a microsoft website a debugging tool for windows that lets me view crash dump reports

can someone look through this and perhaps help me to understand just what it is thats happening to my system

Microsoft ® Windows Debugger Version 6.3.0017.0
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [x:\xxxxx\Minidump\Mini102604-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Tue Oct 26 20:45:01 2004
System Uptime: 0 days 4:48:46.797
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
................................................................................
..........................................................
Loading unloaded module list
.............
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1902fe, 95c115fc, 95c112f8, 8055e4fb}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

Unable to load image Ntfs.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
Unable to load image NaiFiltr.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for NaiFiltr.sys
*** ERROR: Module load completed but symbols could not be loaded for NaiFiltr.sys
Probably caused by : Ntfs.sys ( Ntfs+267cb )

Followup: MachineOwner
---------



any clue as to whats up ?

umm, you cant debug windows unless you have a debug symbol package installed AND your running it in debug mode (see the safe mode startup menu)

symbols usually come with visual studio or the msdn platform sdk (if you buy the nice cd version)

if you can get symbols working, great, otherwise, post the minidump, it sometimes helps (i know what generally to look for in a minidump)

1) Go here first.
http://www.microsoft.com/whdc/devtools/deb...ng/default.mspx

2) Download debugger from here. http://msdl.microsoft.com/download/symbols...tup/instmsi.exe

3) Download symbols for SP2 (Huge file - 180mb)
http://msdl.microsoft.com/download/symbols...slp-Symbols.exe

4) Install the debugger and symbols. Follow prompts on screen for easy installation.

The follow these steps to configure the debugger:

Start the debugger, click file, source file path, and set that to C:\Windows\System32 (assuming that path is right to your system32 folder, and if it complains about not being able to load files, try either %systemroot% or C:\Windows) and do the same for Image File Path.

Then set the Symbol Path from the directions in this link (http://www.microsoft.com/whdc/devtools/debugging/symbols.mspx), changing downstream store to the place on your hdd you want to store downloaded kernel symbols.

Choose file \ open crash dump, navigate to your Minidump folder, (usually C:\Windows\minidump) after a blue screen, open the minidump, let it save workspace information, and then you'll get two windows.

Type !analyze -v to get a detailed analysis, and it will usually be able to tell you the exact file or files that caused the system to crash.