Search This Blog

Monday, March 14, 2011

Windows 7 debug windows kernel; get information from Windows 7 *.dmp file; Dumpchk.exe; WinDbg.exe

 

When you experience a BOD (Blue Screen of Death) you’ll most likely get a memory dump from Windows from the time of the crush.

There are three things we want to do:

  • check the consistency of the dump
  • analyze the dump
  • check what program/driver is causing BOD

 

Debugging Tools for Windows

http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

Windows XP Service Pack 2 Support Tools
(contains Dumpchk.exe and WinDbg)

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

Dumpchk.exe –> Dumpchk.exe displays some basic information from the memory dump file, then verifies all the virtual and physical addresses in the file

WinDbg.exe –> gathers information from a dump file

image

Look for *.sys file in the report that is causing BOD!

Instructions from ehow on how to use WinDbg.exe:

Instructions

  1. Go to the Microsoft website to download and install the Windows Debugging Tool (see Resources). Choose the correct version of the tool: 32- or 64-bit.

  2. Click "Start" and choose "All Programs".

  3. Locate the "Debugging Tools for Windows" folder.

  4. Double-click the "WinDBG" icon to launch the debugging tool.

  5. Click "File" and choose "Symbol File Path". A window with a text box will open.

  6. Type "SRV*c:\symbols*http://msdl.microsoft.com/download/symbols" in the text box and press the "OK" button.

  7. Close the WinDBG tool and click "Yes" when the tool prompts you to save the workspace.

  8. Launch the WinDBG tool from the "Start" menu again. It should now be ready to debug your memory dump.

  9. Click "File" and choose "Open Crash Dump" from the drop-down menu.

  10. Browse to find the folder where your memory dump file is saved, click on it and press the "Open" button. Memory dumps are saved in the "C:\WINDOWS\" folder by default.

  11. Click the "! analyze -v" link under "Bugcheck Analysis".

  12. Allow the debugger to analyze the memory dump. It will gather information from the memory dump and provide troubleshooting feedback on the screen.


Read more: How to Gather Information After a Memory Dump in Windows XP | eHow.com http://www.ehow.com/how_7238421_gather-memory-dump-windows-xp.html#ixzz1GZhkmmBZ
Posted by Bartosz Kosarzycki at 1:08 PM

No comments:

Post a Comment

If you like this post, please leave a comment :)

Subscribe to: Post Comments (Atom)