BSOD, Crash Dump, and Minidump Analysis

Discussion in 'Blogs' started by Mike, Aug 17, 2010.

  1. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783

    In this video, I bring you into the world of the elusive Blue Screen of Death, and the forensic level of study required to analyze such crashes. At Windows 7 Forums, we have an entire team of BSOD experts, many of whom are prolific, ingenious members that know their stuff. Although I am 7x certified by Microsoft and CompTIA, even I still find the process of analyzing minidumps to be elusive, difficult, and annoying. However, in this video we go through a few options: Looking at the extent of BSOD and the impact it has all over the world, Checking out how the Windows SDK can be used to analyze Minidumps, locating a minidump that is generated after Windows crashes, converting crash hexadecimal timestamps into regular dates and times, and showing how to post your Minidump to Windows7Forums.com for help after the crash takes place. Although this video is not a perfect analysis of how minidumps are debugged, it does give a first look level of insight into the knowledge it, and how you can seek help at Windows7Forums.com from prolific experts. In the end, go to the experts, many of whom will help you free of charge.

    THANK YOU, BSOD EXPERTS AT WINDOWS7FORUMS.COM!

    TorrentG
    Trouble
    Captain Jack
    cybercore
    kemical
    zvit
    ickymay
    jcgriff2
    Jonathan King
    reventon
    Mitchell_A
    Josephur

    Check out the Windows SDK:

    Driver Developer Resources: Debugging Tools for Windows
     
  2. TorrentG

    TorrentG Banned

    Joined:
    May 31, 2010
    Messages:
    7,814
    Likes Received:
    372
    Excellent video, Mike. Very well made! I'd like to add some basic information that users interested in working with WinDbg would find useful.

    One of the first things you'd want to do upon opening WinDbg for the first time after installation is to configure it. That means to set the symbol path correctly so that WinDbg will not complain about that while looking at the crashes. This will tell the debugger of the local location on your pc that you'd like to store the symbols and also where to download them if the specific version needed does not currently exist.

    Symbols are in essence, the actual drivers. The two terms are synonymous.

    So now in WinDBG without any crash dump opened, you can press Ctrl+S on the keyboard. Copy and paste this string to the symbol path field:

    Code:
    SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
    then press ok. With this specific example, it will save all the symbols (drivers) in a folder at C:\SymCache for future use. Once there, the version will not have to be downloaded again ever.
    The http part is the web server address where the debugger will download the symbols it needs, if not already in your local cache.

    After hitting ok, you'd want to close and re-open WinDbg to open a crash dump now.

    --------

    Upon closing WinDbg, it will always ask you to "Save information for workspace?"

    The correct answer to this would be yes so that the symbols are stored in the local cache.

    --------

    In order to make Windows automatically open the crash dump .dmp files with WinDbg when double clicked in Windows Explorer, we need to open an elevated command prompt.
    Then we need to change to the directory where WinDbg was installed to. To do this, one can enter chdir /d LOCATIONOFWINDBG.EXEHERE then press enter.
    An example would be chdir /d C:\Program Files\Debugging Tools for Windows (x86)\ if WinDbg was installed to the default location.

    Then you can type (or copy/paste) this:

    windbg.exe -IA

    then press enter.

    Now try and open any .dmp file using Windows Explorer, by clicking or double clicking on it.
     
  3. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,823
    Likes Received:
    321
    Great blog with the video by Mike, excellent addition by TorrentG. Good and informative. Thank you.
     
  4. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    Thanks, Torrent, for this excellent info.
     
  5. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    Great work Mike - If you want to learn a little more advance troubleshooting technique you could check the videos by David Solomon and Mark Russinovich David Solomon Expert Seminars
     

Share This Page

Loading...