Debugging Bluescreens using WinDebug

When Windows stops with a “Bluescreen of Death” (short: BSOD), there may be the chance that just a single driver causing that issue. Maybe if you just installed an update or something new.

If a BSOD occours, Windows writes either a Minidump file to c:\windows\minidump.dmp or creates a full memory dump to c:\windows\memory.dmp (replace c:\windows\ by your %systemroot%). This file can be read-in using Microsoft’s debugging tool, included in the Windows SDK here:

Debugging Tools
http://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx

This SDK contains a set of Tools, but you only need to select the Debugging Tools during Setup. After Setup, you’ll find “Debugging Tools x64” in your Startmenu, hidden under “Windows Kits”. If you start WinDbg, you may think you’ve started a 16-bit application, but it only does look like.

Configure Symbol Path

Before opening a Crash Dump, the symbol sources have to be set. Instead of downloading several gigabytes of Symbol Data, you can put in a http address to online symbol files.

  • File -> Symbol File Path
  • Enter the following:

SRV*http://msdl.microsoft.com/download/symbols

Open a Crash Dump

Now, open the Crash Dump file

  • File -> Open Crash Dump

A new windows opens. If you fly over the first 50 lines of text, you’ll see you have to enter a command to start an analysis. At the bottom of the new windows, there’s a “kd>” prompt, enter now:

!analyze -v

First output after the command will be the STOP Error, some pages lower you get an “IMAGE_NAME” and other details about driver name and so on.

Advertisements