[puntoMX]

3. Windows XP driver locator Guide, Need drivers for XP? Heres what we need from you.
Originally posted by PC_LOAD_LETTER

The original topic can be found here for replies and more additional information.

I have noticed an increasing number of people requesting drivers for Windows XP because they want to migrate away from Windows Vista for whatever reason. (wont get into that here)

Only a few people have been able to provide all the information needed to help them locate the drivers they need for their XP Build. Sometimes we can hunt down a driver with only the make/model of the machine but in truth more information is required to find the best drivers. Therefore I have decided to make a post with instructions on how to get information about your system to the MSFN community so they can help you find drivers. In the process of getting them the information, you may get enough information to locate the drivers on your own.

Download and extract Unknown Devices on the machine you are looking for drivers for.

If you have Internet access on the machine you are looking for drivers for:
Run UnknownDevices.exe then click List->Show->All


Then click List->Upload list to pastebin


Enter a comment if you like and hit upload


a page like this one will open -just close that and paste the link into your post here at MSFN (it will be copied automatically)

If you do not have Internet access on the machine you are looking for drivers for:

Run UnknownDevices.exe then click List->Show->All


Then click List->Save list to file


Save the list


VERY IMPORTANT
Open the text file and remove your product key or change it to something totally different as i have done here:

Computer Info
	Chipset: <unknown>
	Computer Name: FOURBYFOUR
	OS: Windows Vista (TM) Business  (OEM)
	Product Key...
		AAAAA-BBBBB-CCCCC-DDDDD-EEEEE
Device Tree
	Bluetooth Devices
		Bluetooth Bus Enumerator
		Kensington Bluetooth Device
			 Kensington Bluetooth Device
			 ...

Now either upload the text file in your post or paste its contents into a new topic


Please do not reply to this thread with your results. Only reply to this post with Problems/Questions/Comments on this information gathering process. To get the best possible assistance with locating your needed drivers, Please create a new post in whatever your target OS will be (ie XP 32Bit Edition XP 64Bit Edition, or XP Media Center, etc)

[Mr Snrub]

4. Memory dump options for Windows XP

USER-MODE (APPLICATION) MEMORY DUMPS

For applications that hang or crash, the Debugging Tools for Windows are the easiest way to obtain a memory dump to analyze:
Debugging Tools for Windows - Overview
http://www.microsoft.com/whdc/devtools/deb...ng/default.mspx

1. Open a command prompt and change the working directory to where you installed the Debugging Tools for Windows
Commands to switch to the default folders depending on the version of Windows installed:
32-bit: cd "\Program Files\Debugging Tools for Windows (x86)"
64-bit: cd "\Program Files\Debugging Tools for Windows (x64)"

Determine first if the application is crashing ("this program has encountered a problem and will be shut down") or hanging ("not responding"):

For CRASHING applications:
2. Enter the following command to attach to the running process MYAPP.EXE (replace as appropriate) which will crash:
adplus -crash -ctcf -pn MYAPP.EXE -quiet -o C:\AppDumps

> Whilst waiting for the process to crash you will see a minimized cdb.exe process

3. Wait for the application MYAPP.EXE to crash (or reproduce the crash if possible)

> A unique folder will be created in C:\AppDumps with the dump file and some .TXT files containing process & thread information
> The minimized cdb.exe window will close when it is done


For HANGING applications:
2. Enter the following command to attach to the hung process MYAPP.EXE (replace as appropriate):
adplus -hang -ctcf -pn MYAPP.EXE -quiet -o C:\AppDumps

> A unique folder will be created in C:\AppDumps with the dump file and some .TXT files containing process & thread information
> The minimized cdb.exe window will close when it is done
> The MYAPP.EXE process is not terminated

VISTA / SERVER 2008 NOTE:
On Windows versions later than Server 2003, the method for getting a dump of a hung process is much easier and does not require the Debugging Tools to be installed - simply start Task Manager, switch to the Processes tab, right-click the process that is hung and select Create Dump File from the context menu. Once the dump process is completed you are informed as to where the file was created.


KERNEL-MODE MEMORY DUMPS

By default, Windows XP only creates "minidumps" a bugcheck (bluescreen) occurs - this is 64KB and contains almost no information to help with a good analysis.
The OS needs to be prepared to produce the right level of detail when bugchecks occur - "kernel" or "complete" dumps.

Kernel dumps will be smaller, but do not hold any information from user-mode space.
Complete dumps contain kernel and user-mode memory and can be considerably larger.
Most of the time kernel dumps are enough to perform good analysis of a problem, and as they are smaller they are quicker to produce and to upload/download.

A memory dump from the OS is created in PAGEFILE.SYS on the boot volume (typically C:) during the time the STOP screen is displayed, along with "beginning dump of physical memory".
Windows then restarts and the dump is copied from C:\PAGEFILE.SYS into a separate file, defaulting to C:\WINDOWS\MEMORY.DMP.

Because the page file on the boot volume is required, it must exist and have its initial size large enough to guarantee a successful dump:
KERNEL (32-bit): physical RAM plus 50MB up to a maximum of 2098MB
KERNEL (64-bit): physical RAM plus 50MB
COMPLETE (32-bit and 64-bit Windows): physical RAM plus 50MB

Additionally you need at least the same amount of free disk space on the boot volume to guarantee that MEMORY.DMP is created.

Quote

e.g. If there is 4GB (4096MB) of RAM installed:
32-bit kernel dump requires: C:\PAGEFILE.SYS 2098MB + at least 2098MB of free disk space on C:
64-bit kernel dump requires: C:\PAGEFILE.SYS 5046MB + at least 5046MB of free disk space on C:
complete dump requires: C:\PAGEFILE.SYS 5046MB + at least 5046MB of free disk space on C:

To check the page file settings:
- Click the Settings button under Performance
- Click the Advanced tab
- Click the Change button
- Check the page file on the boot volume is large enough, as per the paragraph above


To prepare the system to create a useful memory dump the next time it bugchecks:
- Right-click My Computer, click Properties
- Click the Advanced tab
- Click the Settings button under Startup and Recovery
- Under Write debugging information, select Kernel memory dump or Complete memory dump as required

Quote

NOTE:
If the Complete memory dump option is needed and not available (can occur when there is >=2GB RAM present), you need to modify the following registry value manually via RegEdit:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
Name: CrashDumpEnabled
Type: REG_DWORD
Data: 1

For situations where Windows is hanging (rather than crashing), if you have a PS/2 keyboard connected then you can configure the system to bugcheck on demand by creating the following registry value via RegEdit (then reboot afterwards):

Quote

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
Name: CrashOnCtrlScroll
Type: REG_DWORD
Data: 1

To bugcheck the system, hold down the right-hand CTRL key and press SCROLL LOCK twice.

VISTA / SERVER 2008 NOTE:
On Windows versions later than Server 2003, the dump options are configured in the same place, but to get there you right-click Computer on the Start menu rather than My Computer on the desktop, and click Advanced System Settings in the left pane.

Quote

NOTE:
Due to file / folder permission restrictions, before compressing or attempting to open dump files it is best to make copies of the files to work with - on the desktop or a TEMP folder is advisable - otherwise "access denied" errors can be generated.

NEED SOMEWHERE TO UPLOAD A DUMP FILE FOR ANALYSIS?

SkyDrive is a free Live service providing 5GB of online storage.

It is also recommended to compress the dumps first, using something like 7-zip.

[Mr Snrub]

5. Using Process Monitor

Process Monitor (ProcMon) is a great tool for recording I/O-related activity on Windows - effectively a combination of the old RegMon and FileMon tools plus extra information such as process and thread creation and exit.
It will not show you inter-process activity, and in the case where files exist but contain garbage there will be no error to track, so it's not guaranteed to uncover all types of causes for program failures.

It is of particular use for situations where applications fail to launch if it is due to an "access denied" or "name not found" error when a process accesses specific registry or file resources.

It can also be useful for logging boot or logon activity (under Options / Enable boot logging) - on launching ProcMon after rebooting and logging on you can save the log produced for analysis.

It is recommended to use it for recording data with the default filter, and afterwards use display filters to focus on the I/O you are interested in.

Due to its nature, the system will run significantly slower while ProcMon is recording activity - keep the recording sessions as short as possible and have all unnecessary applications (and notification area processes) stopped.
You may want to consider stopping anti-virus during the recording session too, as it will generate more I/O and slow the system down further.


Bear in mind that "name not found" and "path not found" results may be normal - applications may check for the existence of certain resources in order to determine what they should do - a comparison with a ProcMon trace from an identical working system may be more productive in these situations.

"Buffer overflow" is also normal when reading from the registry - this is a probe to find out how large the item is before allocating memory and then requesting the data again.


ProcMon also records the stack of the thread for each log entry, and optionally use debugging symbols (with the help of dbghelp.dll from the Debugging Tools for Windows) to record more detailed function information.

It does not use the _NT_SYMBOL_PATH variable, the symbols path must be configured separately as well as specifying the location of dbghelp.dll via Options / Configure symbols.

The path for dbghelp.dll by default would be one of the following, depending on the verison of Windows:
C:\Program Files\Debugging Tools for Windows (x86)\dbghelp.dll
C:\Program Files\Debugging Tools for Windows (x64)\dbghelp.dll

The symbols path can be configured in a similar way to _NT_SYMBOL_PATH, e.g.
%systemroot%\SYMBOLS*http://msdl.microsoft.com/download/symbols

After configuring the symbols options, ProcMon needs to be restarted - then you can verify they are resolving correctly by double-clicking a log entry to view the details and click the Stack tab - in the bottom left corner it should read "Loading symbol module for xxx..." for each module in the stack, from top to bottom (this can take a while).

As each symbol module loads, the stack display updates the "Location" field automatically to provide more detailed information for Microsoft modules for which there are public symbols available for the version in use.