[THIN] KB: CTX110435 - CtxBSOD v2.1 for 32-bit and 64-bit Platforms

• From: "Jim Kenzig http://ThinHelp.com" <jkenzig@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Fri, 8 Sep 2006 06:13:53 -0700 (PDT)

CTX110435 - CtxBSOD v2.1 for 32-bit and 64-bit Platforms 
  This document was published at: http://support.citrix.com/article/CTX110435 
    Document ID: CTX110435, Created on: Jul 27, 2006, Updated: Aug 17, 2006   
Products: N/A 

 Attachment: CtxBSODv21.zip (270.4 K) 
               CtxBSOD 
  Version 2.1
  Created Date: 06/15/2006
  Updated Date: 08/12/2006
  Description
  The CtxBOSD GUI utility can force a server to generate a memory dump from the 
session or when a keyboard is not available or non-standard (fatal error).
  Whether the complete memory or a kernel memory dump is saved depends on the 
Control Panel settings.
  Features: 
  1. A customer can type a message/text (or copy it from clipboard) before 
forcing a memory dump. This message is saved in a dump and a support engineer 
can read it after loading the dump in WinDbg.exe. This is implemented to 
encourage writing the symptoms and conditions explaining why the dump has to be 
forced.
  2. The tool can stay on top of any windows (if you need this to quickly dump 
the server after a reproduction or during the process of an activity).
  3. It is supplied with Program Database (PDB) symbols for the driver (32-bit 
and 64-bit) which is useful when you want to have all symbols present on the 
bug check thread.
  4. The bug check clearly shows that the dump is manually generated.
  5. The tool can force a memory dump on both 32-bit and 64-bit platforms.
  6. Before forcing a blue screen on a server, the tool warns about potential 
damaging consequences: Users are disconnected and all the data which is not 
saved will be lost. It asks for a confirmation.
  7. A customer can specify a period of time (in minutes) when to force a 
memory dump.
  Installing CtxBSOD
  Download the archive file to a local workstation, unzip it and run 
CtxBSOD.exe from a command prompt or from within a session. The archive has 
subfolders x86 and x64 for 32-bit and 64-bit platforms respectively. 
  How to Use CtxBSOD
      
   Run the CtxBSOD.exe utility on your workstation and/or inside the session 
desktop.
    
   Type a message you want to embed in the dump and a time interval, for 
example:

  
  Note: Setting the time interval to 0 minutes bug checks a server immediately 
after confirmation. 
      
   Click the BSOD button to force a fatal error. A warning message appears and 
asks for confirmation:

  
      
   If you specified an interval other than 0 you can abort the action by 
clicking the Abort button:

  
      
   To make a scheduled bug check effective after a specified interval, do not 
abort a scheduled forced fatal error when exiting the CtxBSOD utility. A 
confirmation message box appears.
    
   The server experiences the fatal error and the dump is saved according to 
the properties in the Control Panel. The fatal error screen says something 
similar to the following:

?*** STOP: 0x000000E2 (0xCCCCCCCC, 0x82212420, 0x000001A4, 0x000000B4)?

  If you open that dump in WinDbg.exe you get the following output where you 
can du the second bug check argument to get the message. Below is !analyze ?v 
output from 32-bit and 64-bit dumps generated with a three-minute delay:
  32-bit dump:
  kd> !analyze ?v

MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: cccccccc
Arg2: 824c7434
Arg3: 000001a4
Arg4: 000000b4

Debugging Details:
------------------


BUGCHECK_STR: MANUALLY_INITIATED_CRASH

DEFAULT_BUCKET_ID: DRIVER_FAULT

LAST_CONTROL_TRANSFER: from f7e695a3 to 8053331e

STACK_TEXT: 
f2522d84 f7e695a3 000000e2 cccccccc 824c7434 nt!KeBugCheckEx+0x1b
f2522dac 8057be15 824c7338 00000000 00000000 CtxBSOD!BSODThread+0x51
f2522ddc 804fa4da f7e69552 824c7338 00000000 
nt!PspSystemThreadStartup+0x300000000 00000000 00000000 00000000 00000000 
nt!KiThreadStartup+0x16


FOLLOWUP_IP:
CtxBSOD!BSODThread+51
f7e695a3 57 push edi

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: CtxBSOD!BSODThread+51

MODULE_NAME: CtxBSOD

IMAGE_NAME: CtxBSOD.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 44a6ca55

STACK_COMMAND: kb

FAILURE_BUCKET_ID: MANUALLY_INITIATED_CRASH_CtxBSOD!BSODThread+51

BUCKET_ID: MANUALLY_INITIATED_CRASH_CtxBSOD!BSODThread+51

Followup: MachineOwner
---------

kd> du 824c7434
824c7434 "The server is slow and all conne"
824c7474 "ctions are refused...I'm generat"
824c74b4 "ing this dump from the console s"
824c74f4 "ession and ..scheduled it in 3 m"
824c7534 "inutes. Please look at it and..s"
824c7574 "ee if you can find anything susp"
824c75b4 "icious in it!"
  64-bit dump:
  kd> !analyze ?v

MANUALLY_INITIATED_CRASH (e2)
The user manually initiated this crash dump.
Arguments:
Arg1: 00000000cccccccc
Arg2: fffffadfe653c7a8
Arg3: 00000000000001a8
Arg4: 00000000000000b4

Debugging Details:
------------------


BUGCHECK_STR: MANUALLY_INITIATED_CRASH

DEFAULT_BUCKET_ID: DRIVER_FAULT

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffffadfe0eb6162 to fffff80001041690

STACK_TEXT: 
fffffadf`e3a18d28 fffffadf`e0eb6162 : 00000000`000000e2 00000000`cccccccc 
fffffadf`e653c7a8 00000000`000001a8 : nt!KeBugCheckEx
fffffadf`e3a18d30 fffff800`012b331e : fffffadf`00000000 fffffadf`e649f5f0 
fffffadf`e669f890 fffffadf`e6fad040 : CtxBSOD64!BSODThread+0x72
fffffadf`e3a18d70 fffff800`01044196 : fffff800`01176180 fffffadf`e669f890 
fffffadf`e6fad040 fffff800`0117abc0 : nt!PspSystemThreadStartup+0x3e
fffffadf`e3a18dd0 00000000`00000000 : 00000000`00000000 00000000`00000000 
00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP: 
CtxBSOD64!BSODThread+72
fffffadf`e0eb6162 cc int 3

SYMBOL_STACK_INDEX: 1

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: CtxBSOD64!BSODThread+72

MODULE_NAME: CtxBSOD64

IMAGE_NAME: CtxBSOD64.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 44a6b998

FAILURE_BUCKET_ID: X64_MANUALLY_INITIATED_CRASH_CtxBSOD64!BSODThread+72

BUCKET_ID: X64_MANUALLY_INITIATED_CRASH_CtxBSOD64!BSODThread+72

Followup: MachineOwner
---------

kd> du fffffadfe653c7a8
fffffadf`e653c7a8 "The server is slow and all conne"
fffffadf`e653c7e8 "ctions are refused. ..I'm genera"
fffffadf`e653c828 "ting this dump from the console "
fffffadf`e653c868 "session and ..scheduled it in 3 "
fffffadf`e653c8a8 "minutes. Please look at it and ."
fffffadf`e653c8e8 ".see if you can find anything su"
fffffadf`e653c928 "spicious in it!"
  Uninstalling CtxBSOD
  To uninstall this utility, delete the executable file and driver.



Jim Kenzig 
    Microsoft MVP - Terminal Services
  Provision Networks VIP
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com

    Terminal Services Downloads: http://www.thinhelp.com



   

Other related posts:

• » [THIN] KB: CTX110435 - CtxBSOD v2.1 for 32-bit and 64-bit Platforms

1. Home
2. thin
3. Archive
4. 09-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---