What is the reason for failing to write a full memory minidump from within another minidump?

Question

What is the reason for failing to write a full memory minidump from within another minidump?

I was analysing a full memory minidump (31GB) and had to run .imgscan /l to fix the module references.

Now I am trying to save it (following the advice given here - Is it possible to fix a full memory dump so that running .imgscan /l will no longer be required?) and here is the result:

0:000> .dump /ma "d:\tmp\cantestr52 - 06-09-2017\1.dmp"
Creating d:\tmp\cantestr52 - 06-09-2017\1.dmp - mini user dump
WARNING: Thread 1d8 context retrieval failure during dump writing, Win32 error 0n31
WARNING: Teb 146 pointer is NULL - defaulting to 00000000`7ffde000
WARNING: 00000000`7ffde000 does not appear to be a TEB
GenAllocateThreadObject.GetTebInfo(0x1d8) failed, 0x80004002
GenInvokeEnumStackProviders(mscordacwks.dll) failed, 0x8007007e
GenInvokeEnumStackProviders(mscordacwks.dll) failed, 0x8007007e
QuerySystemMemoryInformation failed, 0x80004001
QueryProcessVmCounters failed, 0x80004001
WriteFullMemory.Memory.Read(0x9788090000, 0x2000) failed 0x80004002, ABORT.
Dump creation failed, HRESULT 0x80004002
    "No such interface supported"

What is wrong?

EDIT 1

Here is the output of the version command:

0:000> version
Windows 8.1 Version 9600 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
6.3.9600.18217 (winblue_ltsb.160124-0053)
Machine Name:
Debug session time: Fri Jun  9 03:03:19.000 2017 (UTC - 4:00)
System Uptime: 25 days 6:23:06.206
Process Uptime: 16 days 12:01:43.000
  Kernel time: 4 days 7:59:50.000
  User time: 2 days 17:49:40.000
Full memory user mini dump: D:\tmp\cantestr52 - 06-09-2017\Quartz.Server.DMP

Microsoft (R) Windows Debugger Version 10.0.15063.468 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

command line: '"E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" '  Debugger Process 0x2750 
dbgeng:  image 10.0.15063.468, built Wed Dec 31 19:00:00 1969
        [path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbgeng.dll]
dbghelp: image 10.0.15063.468, built Wed Dec 31 19:00:00 1969
        [path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll]
        DIA version: 24610
Extension DLL search Path:
    E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\arcade;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\pri;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\Users\mkharitonov\AppData\Local\Dbg\EngineExtensions;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\ProgramData\Oracle\Java\javapath;E:\Program Files (x86)\Windows Resource Kits\Tools\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Microsoft Team Foundation Server 2015 Power Tools\;%BPADir%;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;E:\utils\LINQPad4;C:\Program Files\TortoiseHg\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;D:\Anaconda;D:\Anaconda\Scripts;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;E:\Program Files\PostgreSQL\pg95\bin;E:\Program Files\Git\cmd;E:\Program Files\nodejs\;E:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\dotnet\;E:\Utils;c:\dayforce\DayforceDEV\Utils;C:\Program Files\nodejs;c:\Program Files\WinRAR;c:\Program Files\Saxonica\SaxonEE9.6N\bin;C:\Users\mkharitonov\AppData\Roaming\npm
Extension DLL chain:
    dbghelp: image 10.0.15063.468, API 10.0.6, built Wed Dec 31 19:00:00 1969
        [path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll]
    ext: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
        [path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\ext.dll]
    exts: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
        [path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP\exts.dll]
    uext: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
        [path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\uext.dll]
    ntsdexts: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
        [path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP\ntsdexts.dll]

windbg

asked on Stack Overflow Jun 13, 2017 by

mark • edited Jul 10, 2017 by

mark

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0