Mini / analyze DUMP file

To open the DUMP file you will need a corresponding debugging tool, which you can download from Microsoft:

Download (11,3 MB): http://msdl.microsoft.com/download/symbols/debuggers/dbg_x86_6.4.7.2.exe

After you install the program, you can use the debugger “Start” -> “Programme” -> “Debugging Tools for Windows” -> “WinDbg” start.

In order to really make sense to work with the debugger, are also the so-called. Symbol files needed. Since the full but with ca. 170 beat MByte to book, they but certainly want to evaluate such dump files not daily, should you choose to prefer, that WinDbg itself the necessary files from the Internet brings.

To Make for a:

in the menu “File” -> “Sybol File Path” enter them in the input box:

SRV*C:Symbols*http://msdl.microsoft.com/download/symbols

Then open the program the dump file from the directory “%SystemRoot%Minidump” about “File” -> “Open Crash Dump”

Now the file is loaded and the information displayed. Two windows are opened “Command” and “Disassembly”. The window “Disassembly” you can quietly close again, because their evaluation but already presupposes considerable programming skills.

The “Command”-usually already quite window contains valuable information on the other hand. The interesting information, see:

***************************

* Bugcheck Analysis *

***************************

Find e.g.: Behind “BugCheck” an error code. This error code you can then also search the Microsoft Knowledge Base (http://support.microsoft.com/search/) use. If the error code known, You find here most accurate information to, which driver caused this problem and often appropriate solutions.

but you can also in the debugger already more determined about this error code. Enter it in the command window, type the command “!analyze -v” on.

Then a lot of information is output; Here is the first line in the written word Capitals, representing the type of error.

If you still need further information in the help, enter in the Command window “.hh [The Word in uppercase]” on.

Furthermore, you can find the line “Probably caused by” (= Error caused by:). This indicates, which file has probably caused the error. With this file you can also restart a relevant search on the Internet.

If you have a file name, itself can also be in the Command window can display more information to. The command “lm v m[filename]” get more info. Here, the file name must be entered without extension. The file name is directly, right behind the parameter m (without space) entered.

The command “!devnode 0 1” can you can still print a list of all loaded drivers.

Come therefore not, If you would like the command “!thread” in the Command window, Show more information. Find in the output line “IRP List”, then you should seek out more information about the addresses. For this purpose call the command “!irp [Addresse]” on. In the collection you find driver name, were involved in the error.

For information about errors and debugging can be found at:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ddtools/hh/ddtools/TOC_Debugging_b61a3911-d5dc-42de-96af-deb0d7df233b.xml.asp?frame=true

If you get stuck by you and such requests in forums, etc.. want to make, You should always see everything from section “Bugcheck Analysis” to pass on information as.

(Those) winfaq

Leave a Reply

Your email address will not be published. Required fields are marked *