Analyzing crash dump using windows debugger windbg – RESOURCE_NOT_OWNED (e3)

Analyzing crash dump using windows debugger windbg

Analyzing crash dump using windows debugger windbg – RESOURCE_NOT_OWNED (e3)

In this blog, we will show you the steps to Analyzing crash dump using windows debugger windbg – RESOURCE_NOT_OWNED (e3).

 

REQUIREMENTS

  • Windows VM
  • Windows Debugger – Windbg
  • Dump file for analysis – Memory.dmp

 

OVERVIEW

  • Before analyzing the crash dump, make sure that symbol file path is pointing to Microsoft symbol server.

steps to Analyzing crash dump

 

  • The default path for memory dump file is C:\windows\memory.dmp

steps to Analyzing crash dump

 

  • !analyze –v is the first debugger command that will be executed while analyzing the crash dump. It’s the most important command in the debugger.
  • It performs the preliminary analysis of the memory dump also it provides details to begin our analysis.
  • This command will display the stop code and type of bug check it occurred with the symbolic name. Also, it provides the explanation of the crash type.
  • It shows the stack trace help us to determine the commands which lead to the crash.
  • Also, it displays Faulting IP, Process & Registers
  • The command will provide the recommendations to resolve this issue.

 

Note : In this demo, we are using the windows 10 crash dump file for analysis.

 

LOADING THE DUMP FILE

  • Go-to start menu and click on Windbg (x64).

steps to Analyzing crash dump

 

  • We have already copied the windows 10 memory dump file in C:\ drive for the demo purpose. Click on the File menu and select Open Crash Dump.

steps to Analyzing crash dump

 

  • Select the Memory.dmp file and Click on Open.

steps to Analyzing crash dump

 

  • It loads the Microsoft symbol and displays the first set of information as shown in below image.

steps to Analyzing crash dump

 

  • First, it loads the memory.dmp file then it loads the Microsoft symbols to analyze this dump. Also, it displays the OS version and built details.

 

Note : As we are using the windows 10 memory dump, windbg is detects the OS type as Windows 8. We are not sure why it is

 

  • It also shows the Architecture type, crashed date and time, system uptime.

 

  • It provides the stop code along with parameters as E3, {ffffc80a1c2d9050, ffffc80a12d4a080, 0, 2}

steps to Analyzing crash dump

 

  • This crash was caused by ntkrnlmp.exe.

steps to Analyzing crash dump

 

  • Also, suggests us to run !analyze -v to get more information.

steps to Analyzing crash dump

 

ANALYZING THE DUMP

  • Type the command !analyze -v in KD prompt and press Enter.

steps to Analyzing crash dump

Note : The number 1 shows in the KD prompts indicates that crashed occured on CPU 1.

 

  • It displays detailed information about the crash dump as shown below.

steps to Analyzing crash dump

steps to Analyzing crash dump

 

  • It shows the bug check type is RESOURCE_NOT_OWNED (e3).

steps to Analyzing crash dump

 

  • Also, there are various arguments related to this crash.

steps to Analyzing crash dump

 

  • We can also find the stack trace for this crash dump.

steps to Analyzing crash dump

 

  • The stack trace will show the history of drivers that are executed during the incident occur. In the above trace, it shows NTFS, NT & FLTMGR drivers loaded were executed during that time.

 

  • In addition to the stack information, the FOLLOWUP IP address shows the command that was executed before bug check.

steps to Analyzing crash dump

 

  • Then it shows the name of the driver that it believed to cause the crash. In this demo, it shows ntkrnlmp.exe

steps to Analyzing crash dump

FINDING THE SOLUTION USING CLUES

steps to Analyzing crash dump

  • In the search window, type the ERROR CODE CLUE and the process name. In the demo, we found RESOURCE_NOT_OWNED and ntkrnlmp.exe these clues from the crash dump. Type these in the search box.

image

 

  • It shows few results matched to this error code.

steps to Analyzing crash dump

 

steps to Analyzing crash dump

steps to Analyzing crash dump

 

  • We have updated the Realtek network card driver to latest version and machine was stable without BSOD.

 

VIDEO

Thanks for reading this blog. We hope it was useful for you to learn to analyze the crash dump using windows debugger tool.

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn
More Interested Related Posts
zfs pool usage

ZFS Pool and Dataset Usage

ZFS Pool and Dataset Usage   I am back with another blog to provide the useful script to the Freebsd users to determine the zpool

Assistanz Networks

Installing Zabbix Agent in FreeBSD 12.0

Zabbix Agent Installation and Configuration Guide on FreeBSD 12.0   Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual

DirectAdmin Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk
$ 99 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • NDA & SLA
  • SLA Review Meetings
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation
  •  

Platinum Support

24/7 Proactive Support
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Support

$ 30 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response Time
  • 4 Hours Resolution time for the Possible Issues
  • Security and Performance Optimization
  • React to Customers queries
  • Simple SignUp Process
  • Instant Account Activation
  • No Third party application support
  • No Migration and End User Support

Cpanel Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk

$ 99 Monthly / Server
  • 24/7 End User White Label Support
  • Unlimited Number of Tickets
  • Chat Support for Admin
  • Separate Account Manager
  • Guaranteed SLA
  • Weekly Status Reports
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation

Platinum Support

24/7 Proactive Server Management
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Server Management

$ 29 Monthly / Server
  • Unlimited Admin Tasks
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response time
  • 4 hours Response time for possible issues
  • Security and Performance Optimization
  • React to Customers queries
  • No Third party application support
  • No Migration and End User Support

Cpanel Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk

$ 99 Monthly / Server
  • 24/7 End User White Label Support
  • Unlimited Number of Tickets
  • Chat Support for Admin
  • Separate Account Manager
  • Guaranteed SLA
  • Weekly Status Reports
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation

Platinum Support

24/7 Proactive Server Management
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Server Management

$ 29 Monthly / Server
  • Unlimited Admin Tasks
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response time
  • 4 hours Response time for possible issues
  • Security and Performance Optimization
  • React to Customers queries
  • No Third party application support
  • No Migration and End User Support