Entering the Land of BSOD Investigation

Every day upon booting my Vista workstation at work I was getting a message that the system recovered from an unexpected shutdown. I figured that someone was just powering my PC off at night, but I decided to check the logs. It appeared that Windows was crashing right after I left work. I went off to search for any files ending in .DMP. These .DMP files are snapshots of memory when the PC crashes. If you can’t find any, you may have to turn memory dumping on (Under Vista, that’s Control Panel>System>Advanced System Settings>Startup and Recovery>Settings, uncheck “Automatically Restart” and make sure “Write Debugging Information” is set to “Complete” or “Kernel”).

Once again, UAC rears its ugly head. Searching from start menu or the command prompt yielded no results, then I remembered that I wasn’t running from an elevated prompt. The location? C:windowsminidump:

I guess Microsoft thinks that regular users shouldn’t be looking at memory dumps as the permissions on minidump are SYSTEM and Administrators only.

Now we will download the Microsoft Debugging Tools. This will allow us to analyze the .DMP file.

After installing the program, the first thing we want to do is set the symbol path. This gives us more information from the crash dump. We will set the path to SRV*c:symbols*http://msdl.microsoft.com/download/symbols by going to File>Symbol File Path:

Now go to File>Open Crash Dump and open the .DMP file (I’ve provided my crash dump here in case you want to practice with these instructions).

Right away it identifies a possible culprit:

Running “!analyze -v” provides further (geeker) analysis:

Also note the DEFAULT_BUCKET_ID is VISTA_DRIVER_FAULT which gives further clues. WinDBG identifies ECACHE.SYS as being the problem. Doing a Google search brings up that ECACHE.SYS is related to ReadyBoost. Since I don’t use ReadyBoost I just disabled the service (called ReadyBoost, imagine that!) and bingo: the problem goes away.

Now the cause of this: I can only guess it is my external USB hard drive. During the work day, I connect an external USB drive to my PC. I pull this drive without doing the safe disconnect and then log out. Vista is likely using the drive as a ReadyBoost drive and then I pull the rug out from under it by removing the drive.

-Soli Deo Gloria

Windows Vista Product Activation is Retarded

I recently have been having some troubles with my main hard drive: a Western Digital WD1200JB drive. The drive will randomly spin up and down when the drive is in use. The unmistakable “whine” of it spinning down and back up randomly can be heard quite clearly. If I am in a game and it spins down, my whole game freezes for a few seconds until it spins up again. Queries to Western Digital regarding this issue went unanswered: I guess my next drive will be a Seagate.

Any how, I have a slave drive: a Western Digital WD2000JB. I had already copied that data off to another drive unit, so my plan was to take Symantec Ghost 11, clone my boot drive to the second drive and then switch drives. In other words: the slave drive would become the primary and primary drive would become slave. All of this went without a hitch: I wiped the second disk and everything was blissful. That was until the next morning when the system decided that my hardware changed and I was required to reactivate. It let me activate over the Internet without any trouble, but only for the fact that this key has multiple activations. Had this been a retail key, I would have had to call some drone (probably over seas) on the phone and explain what happened.

Why on earth do I have to explain anything? THERE WAS NO HARDWARE CHANGE! Microsoft lead us to believe that Vista would be more forgiving of hardware changes, however, the hardware that was in my PC was still in my PC. The only difference was I flipped one jumper position on each drive. For that, Microsoft contends I have a new computer and it must be “re-activated” with them.

No wonder why everyone tries to get around product activation: a broken system that flags you for piracy when moving around parts in your system. Heaven forbid if I add extra memory or another adapter card to my rig: I’ll probably get flagged. Microsoft needs to relax these restrictions or add activations to each product key. For example: why can’t they allow retail keys a maximum of 5 activations from various hardware configurations? A key leaked on the Internet will exceed 5 activations in about 30 seconds before it is rendered useless.

The only reason for such Draconian measures of course is Microsoft wants to make the most money possible as competitors circle them like wolves. Microsoft is its worst enemy…if it should ever come to pass that an operating system works just as good as Windows without of all these copy protection schemes, Microsoft will be forced to back peddle them back out of the OS for its enterprise and retail customers. How will that look?

Macintosh OS X now runs on x86 chips and the price is $129 and the 5 license family pack is $199! Vista Ultimate alone is $249 (and that’s the upgrade, OEM, no support version). As much as a Microsoft fan boy I am, I am completely turned off by Microsoft deciding whether or not Windows will load on my PC because of my hardware. Devote your R&D to improving how the OS works on my PC, not how you can restrict it.

If Apple can let me run my current applications that I have today in OS X and run it on my PC, I will be seriously considering a switch!

-Soli Deo Gloria