Help using Windbg on a SQLDump

• n00bDBA

  SSCrazy

  Points: 2986

  More actions

  September 24, 2015 at 4:43 pm

  #399087

  Hi,

  we have a dev box pumping out about 20gb a day of sqldumps.

  Im new to Windbg but was told the secret source was in running !analyse -v but i get an error when running that and when doing anything else i get Unable to load image errors.

  Ive gone through the following steps:

  Downloaded windbg from: https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx

  Open Windbg in 64bit (as the instance was 64bit, i have tried 32bit but get the same errors)

  File -> symbol file path -> SRV*c:\symbols*http://msdl.microsoft.com/download/symbols (making sure that c:\symbols exits)

  File -> open crash dump -> point it to one of the mdmp files generated:

  I then get the following:

  Microsoft (R) Windows Debugger Version 6.3.9600.17336 AMD64

  Copyright (c) Microsoft Corporation. All rights reserved.

  Loading Dump File [C:\Users\Stephen\Desktop\SQLDump0002.mdmp]

  Comment: 'Program fault handler'

  Comment: '09/22/15 01:02:11 spid 87 Exception 0xc0000005 EXCEPTION_ACCESS_VIOLATION reading address 000008004551D7C0 at 0x000007FEF32722B5

  '

  User Mini Dump File: Only registers, stack and portions of memory are available

  ************* Symbol Path validation summary **************

  Response Time (ms) Location

  Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

  Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

  Executable search path is:

  Windows 7 Version 7601 (Service Pack 1) MP (4 procs) Free x64

  Product: Server, suite: TerminalServer SingleUserTS

  Machine Name:

  Debug session time: Tue Sep 22 01:03:03.000 2015 (UTC + 1:00)

  System Uptime: 12 days 21:31:38.822

  Process Uptime: 6 days 8:52:15.000

  ................................................................

  ................................................................

  Loading unloaded module list

  ................................................................

  This dump file has an exception of interest stored in it.

  The stored exception information can be accessed via .ecxr.

  (1414.1440): Access violation - code c0000005 (first/second chance not available)

  ntdll!ZwWaitForSingleObject+0xa:

  00000000`776ad9fa c3 ret

  in the text it says

  The stored exception information can be accessed via .ecxr.

  but if i try that i get:

  0:040> .ecxr

  Unable to load image C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlmin.dll, Win32 error 0n2

  *** WARNING: Unable to verify timestamp for sqlmin.dll

  rax=0000000000000000 rbx=00000002ae800160 rcx=000000014f137f20

  rdx=00000000069d1aa0 rsi=0000000000000000 rdi=0000000000000001

  rip=000007fef32722b5 rsp=0000000013f1e198 rbp=0000000013f1e249

  r8=0000000013f1e220 r9=000007fef63e58a0 r10=0000000000000019

  r11=000007fef641d810 r12=0000000000000019 r13=0000000007d687b7

  r14=00000014668ce040 r15=ffffffffffffffff

  iopl=0 nv up ei pl nz ac pe nc

  cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010212

  sqlmin!GetObjOffsets+0x95:

  000007fe`f32722b5 4a030409 add rax,qword ptr [rcx+r9] ds:00000800`4551d7c0=????????????????

  If i try !analyse -v i get:

  0:040> !analyse -v

  No export analyse found

  Most of the blog posts ive read say that the number next to the command line will be 0>000 which mine is not.. is that a issue? i cant seem to find any solutions to the unable to load image error.

  Does anyone have suggestions on how i can move forward?