160 likes | 258 Vues
Learn how to use Debugging Tools for Windows to analyze minidump files from blue screen errors, determine root causes, and troubleshoot issues efficiently. Understand the importance of symbols for in-depth analysis and follow the step-by-step guide to utilize WinDBG effectively.
 
                
                E N D
What are the Debugging Tools for Windows? Debugging Tools for Windows or WinDBG is used to analyze the minidump files that are created during a Windows Blue Screen Error. The Debugging Tools for Windows help determine the faulting file that caused the blue screen error. What is a minidump? A minidump is a file containing the most important parts of a crashed application. The minidump is created in the latter part of the Windows Blue Screen. Have you noticed the last thing displayed in the blue screen error? If you recall it states “Beginning dump of physical memory, Memory dump complete.” Contact you system administrator… The default directory of where the minidump is written is “%systemroot%\minidump”
What causes a blue screen? The majority of blue screens are causedby device drivers. However they can also be caused by various software applications and even failing hardware. In the case of a driver caused blue screen, the driver has to know when it has mishandled data, put itself into an infinite loop, or other situations, and then inform the kernel about what happened. Once the blue screen is displayed Windows writes a dump file to the hard drive. Microsoft's analysis of crash root causes indicates: 70% caused by third-party driver code 15% caused by unknown (memory is too corrupted to tell) 10% caused by hardware issues 5% caused by Microsoft code
How do we obtain these tools? So now we know what a minidump is, how can we use it and the Debugging Tools for Windows to determine what caused the crash? We have two methods available to use the tool to analyze the minidump: Use DellConnect to connect to the customer’s system, and install the tool: http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx Capture the minidump files by email attachment and run the tool on another system. We will choose positive responses such as next, continue, ok etc during the installation of the debugging tools for windows …
Before we can analyze a minidump Once we have installed the Debugging Tools for Windows We must first specify the symbols to be used in analyzing the minidump file. WinDBG has a generic symbols built into the application however to get the most detailed and correct information about the blue screen we will need to specify the symbol path. The symbols are instructions that tell WinDBG how to analyze the particular dump file that is being analyzed. There are two ways we can get the symbols: Download and install the symbols from Microsoft. This file is huge, about 300mb in size! OR Specify the online symbol path. This uses an online resource and must be able to connect to the internet to access the symbols. The second option is the preferred method as it saves time for the agent and customer.
How to specify the symbol path Open WinDbg, go to “File” then choose “Symbol File Path”. This opens up a window like the one below, We need to enter in the information listed in the box below. srv*c:\symbols*http://msdl.microsoft.com/download/symbols Once you have entered the symbol path click ok.
WinDBG Lab: WinDbg is already installed on this system, so let’s open it up. (Start -> Programs -> Debugging Tools for Windows -> WinDbg) We’ve got a nice blank screen in front of us. Let’s click on “File” -> “Open Crash Dump”. File Attachment
!analyze –v Type in ‘ !analyze –v ’ in the kd> command line and press ‘Enter’
Resulting file The faulting file will be listed under ‘Image Name’
The Search Search the name of the file in Google to determine what application that caused the crash.
Additional information This is an additional tool to help aid in the blue screen troubleshooting process. This is not a replacement for standard DSN troubleshooting. Always ask probing questions about the issue. The questions may include but are not limited to: What is the exact error? Get the error message verbatim. When did the problem begin? Has any new hardware or software been added? Always search DSN for an answer before using WinDBG. When capturing minidumps always capture the entire contents of the minidump folder. You will compare the dumpfiles to see if the same application is causing the crash or if random files are associated to the minidumps.
Example: A customer calls in and states that the system has crashed 3 times a day for the past week. After asking probing questions and exhausting DSN you capture the dump files. WinDBG reveals the errors are caused by generic.sys. Searching Google reveals generic.sys is part of generic application that is a third party application. You would then refer customer to the support of the application for resolution. What if each minidump revealed a different file as the root cause of the crash? What could possibly cause this?