Analyzing Windows Crash Dumps in 3 Easy Steps

I have to do this so infrequently that I find the need to Google the steps to do so every few months. This isn’t a comprehensive guide to using the Debugging Tools, but it should be a good start to quickly debugging crash dump (BSOD) files.

1) Download & install the current release of Windows Debugging Tools, either 32 or 64 bit version depending on your platform, from: http://www.microsoft.com/whdc/devtools/debugging/default.mspx

2) Launch WinDbg.exe (GUI version, there is also a command line version). Point WinDbg to the location of the symbols files. These can be downloaded, but easier, if you have Internet access, is using the Microsoft symbols server. This also ensures you’re using up to date symbols. Click File -> Symbol File Path, then type in “srv*c:\symbols*http://msdl.microsoft.com/download/symbols” (without quotes) and click OK.

3) Attach WinDbg to a crash dump file, these are typically found in C:\WINDOWS\Minidump. Go to File -> Open Crash Dump. Give the program several seconds to download the required symbols, and several more seconds to analyze the crash dump, then you should see a Bugcheck Analysis section with a brief description of the Bugcheck and a line reading “Probably caused by:”. This usually isn’t enough information for adequate troubleshooting, so either type the command “!analyze -v” into the debugger, or just simply click that link in the output. This will do a verbose analysis of the crash dump file, and the provided information will go a long way in helping to diagnose the issue, usually showing the exact cause.

WinDbg has many more options that can be utilized not just for further debugging of crash dumps but also for things like stack overflows, memory analysis, deadlocks, etc. Two good resources for that information are http://www.debuginfo.com/articles/easywindbg.html and of course microsoft.com.

Advertisements

One Response

  1. Great looking Blog! Found it through Yahoo. Just as an FYI, it didnt display right when I opened it in the Opera Interet Browser.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: