2

I have a mini dump generated with the default parameters described at Collecting User-Mode Dumps.

The dump was generated when the system was hanging through right CTRL+SCROLL LOCK+SCROLL LOCK as set in the following register keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters]
"CrashOnCtrlScroll"=dword:00000001

So the call stack that WinDbg shows me after the command 0: kd> !analyze -v is the one of the thread that was executing from kbdhid device driver.

When I tried to switch to a different processor I get the error:

0: kd> ~1
Can't switch processors on a single processor kernel triage dump

How can I solve this error?

What is a "single processor kernel triage dump"? If I search with Google I will get 3 or 4 results... no more, maybe someone from Microsoft could be of great help here :-).

Is there some particular value of CustomDumpFlags that I have to set? See MINIDUMP_TYPE enumeration.

I know that my system is multiprocessor and WinDbg confirms it:

0: kd> ~8
8 is not a valid processor number
0: kd> ~7
Can't switch processors on a single processor kernel triage dump
Alessandro Jacopson
  • 18,047
  • 15
  • 98
  • 153

1 Answers1

3

A Single Processor Kernel Dump or a kernel triage dump is a feature

where you can collect the kernel mode stack trace of an user mode process

on a machine that was not booted with /DEBUG on iirc available from vista+

you can also collect this dump using kdbgctrl

D:\>tasklist | grep -i edge
xxxxxxxxxxxxxxxxxxxxxx
MicrosoftEdgeCP.exe          12588 Console                    5     41,892 K
MicrosoftEdgeCP.exe           9152 Console                    5   1,49,064 K
xxxxxxxxxxxxxx

D:\>kdbgctrl -td 9152 edgy.dmp
Dump created in edgy.dmp, 1048564 bytes

D:\>file edgy.dmp
edgy.dmp: MS Windows 64bit crash dump, 1018708 pages

run !process -1 1f command to get the stack of all the threads for the current process only one process kernel memory will be available in this dump !process 0 0 wont work

it is not full kernel memory dump and may not be having information about any other processor stack aswell

run !cpuid only the info about 0 processor will be present in this dump

0: kd> !cpuid
CP  F/M/S  Manufacturer     MHz
 0  6,142,9  GenuineIntel    2304
Unable to get information for processor 1
Unable to get information for processor 2
Unable to get information for processor 3
0: kd>

or irql

0: kd> !irql 0
Debugger saved IRQL for processor 0x0 -- 0 (LOW_LEVEL)
0: kd> !irql 1
Cannot get PRCB address from processor 0x1
0: kd> !irql 2
Cannot get PRCB address from processor 0x2
0: kd> !irql 3
Cannot get PRCB address from processor 0x3
0: kd>
blabb
  • 8,674
  • 1
  • 18
  • 27
  • Thank you. According to https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files what variety do you suggest to use in order to get all the processors info? – Alessandro Jacopson May 12 '20 at 08:28
  • there are various variables the key you have set crash on ctrl scroll does a manually initiated crash the type if dump it writes will be based on computer properties advanced option where you chhos the type of dump a full dump will dump all the ram contents so if you have 4 gb ram you may need 4 gb disk space free and so there isnt pertinent info invyour query regarding – blabb May 12 '20 at 12:14