« Reading Notebook: 15-March-10
Fault context, wild code and hardware error: pattern cooperation »

Crash Dump Analysis Patterns (Part 97)

In the case of multiple different faults like bugchecks and/or different crash points, stack traces and modules we can look at what is common among them. It could be their process context, which can easily be seen from the default analysis:

1: kd> !analyze -v

[...]

PROCESS_NAME:  Application.exe

We give this pattern a name Fault Context. Then we can look whether an application is resource consumption intensive (could implicate hardware faults) like games and simulators or uses its own drivers (implicates latent corruption). In a production environment it can also be removed if it is functionally non-critical and can be avoided or replaced. See also a forthcoming case study.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

This entry was posted on Tuesday, March 16th, 2010 at 10:49 am and is filed under Crash Dump Analysis, Crash Dump Patterns, Debugging. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Crash Dump Analysis Patterns (Part 97)”

  1. Crash Dump Analysis » Blog Archive » Fault context, wild code and hardware error: pattern cooperation Says:
    March 16th, 2010 at 10:38 pm

    […] Crash Dump Analysis Exploring Crash Dumps and Debugging Techniques on Windows Platforms « Crash Dump Analysis Patterns (Part 97) […]

Leave a Reply