Page 1 of 4 123 ... LastLast
    WinDBG - Install & Configure

    WinDBG - Install & Configure

    How to Install and Configure WinDBG for BSOD Analysis
    Published by
    2014-10-03
    Designer Media Ltd

    Published by


    Golden's Avatar
    TenForums Pasta

    Location: South Australia
    Posts: 425

    Show Printable Version 


    How to Install and Configure WinDBG for BSOD Analysis

    information   Information
    WinDBG (Windows DeBuGger) is a Microsoft software tool that is needed to load and analyse the .dmp files that are created when a system BSOD's. The latest version of WinDBG allows debugging of Windows 10, Windows 8.x, Windows 7, and Windows Vista.

    This tutorial will show you how to download, install, configure and test WinDBG in preparation for analysing BSOD's.

    Note   Note

    WinDBG requires .NET Framework 4.6 in order to run. If it's not installed, download it from this location, and install it before downloading and installing WinDBG.





    WinDBG - Install & Configure Step 1 WinDBG - Install & Configure
    Downloading and Installing WinDBG

    1. Download the WinDBG sdksetup.exe setup file.

    2. Run sdksetup.exe, and specify the installation location (this example uses the default location):

    Click image for larger version. 

Name:	sdksetup-1.png 
Views:	299 
Size:	26.1 KB 
ID:	86493


    3. Once you have accepted the licence agreement, you will be prompted to select the features to install. Select only the Debugging Tools for Windows option, as shown. Proceed with installation.

    Click image for larger version. 

Name:	sdksetup-2.png 
Views:	248 
Size:	27.9 KB 
ID:	86494

    4. The debugging tools will be downloaded and installed.

    Click image for larger version. 

Name:	sdksetup-3.png 
Views:	126 
Size:	12.4 KB 
ID:	86495





    WinDBG - Install & Configure Step 2 WinDBG - Install & Configure
    Associate .dmp files with WinDBG

    If configured correctly, Windows will write information to a .dmp file when the host system BSOD's. In order to read the information within the .dmp file, it needs to be associated with WinDBG.

    1. Open an elevated command prompt by right-clicking on the Windows Start Button and selecting Command Prompt (Admin).

    Name:  7.png
Views: 29227
Size:  40.9 KB

    2. Copy the highlighted text below, and paste it into the command prompt window using Ctrl+V and hit enter to change directory to the installation location path.


    cd\Program Files (x86)\Windows Kits\10\Debuggers\x64\

    3. Now copy this highlighted text, paste it into the command prompt window, and hit enter to make the association.

    windbg.exe -IA

    4. This is how it looks when executed in the command prompt window.

    Click image for larger version. 

Name:	command.png 
Views:	176 
Size:	22.2 KB 
ID:	86496

    If done correctly, a new blank instance of WinDBG will open with a confirmation box. WinDBG can now be closed.
    Click image for larger version. 

Name:	sdk.png 
Views:	388 
Size:	24.4 KB 
ID:	86497





    WinDBG - Install & Configure Step 3 WinDBG - Install & Configure
    Configuring the WinDBG Symbol Path

    The symbol path is the location in which WinDBG searches for symbols each time it reads a binary in the BSOD .dmp file. It is critical to get this step correct.

    You can specify any location to create a cache/store of downloaded symbols, but I recommend using the default location (as used in this tutorial).

    To create and set a symbol path, do the following.

    1. Start a blank instance of WinDBG by going to:
    Start > All apps > Windows Kits > WinDbg (x64)

    2. In the WinDBG panel, go to:
    File > Symbol File Path
    3. Copy the highlighted text below and paste it into the Symbol Search Path box, and click OK - there is no confirmation.

    Name:  5.PNG
Views: 29090
Size:  21.4 KB

    What that line means is :
    • Create a folder called C:\SymCache
    • Download new symbols from the msdl site and save them to C:\SymCache

    You can specify any path you like, for example SRV*E:\My_Symbols*http://msdl.microsoft.com/download/symbols will also work.

    4. Save the symbol path by going to:
    File > Save WorkSpace
    5. Close WinDBG.




    WinDBG - Install & Configure Step 4 WinDBG - Install & Configure
    Testing the WinDBG Installation

    1. Download this small zip file.
    2. Open it, and double click the .dmp file.

    3 WinDBG should open automatically and you should see some text appearing in the workspace. Since this is the first .dmp file being read on your system, WinDBG appears to be slow do not interrupt it. What is happening is:

    • A folder called Symcache is being created on C:
    • Symbols are being downloaded and saved to C:\Symcache

    The next time a .dmp is opened, it will be quicker since it already has some symbols. Over time the C:\Symcache folder will grow in size as more symbols are added. My current Symcache folder is 1.07GB in size.

    You will know the reading of the .dmp file is complete when our output looks like this. Note the breakpoint that I have highlighted in bold text red - that means the .dmp file has been completely read.

    Code:
    Microsoft (R) Windows Debugger Version 6.3.9600.17029 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [F:\TEMP\7zO89606264\050114-17253-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response Time (ms) Location
    Deferred SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
    Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
    Machine Name:
    Kernel base = 0xfffff800`02a53000 PsLoadedModuleList = 0xfffff800`02c966d0
    Debug session time: Fri May 2 11:37:27.580 2014 (UTC + 9:30)
    System Uptime: 0 days 0:04:04.718
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ................................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 24, {1904fb, fffff88008f94c48, fffff88008f944a0, fffff80002ddde2e}
    
    Probably caused by : ntkrnlmp.exe ( nt!FsRtlNotifyFilterReportChange+122 )
    
    Followup: MachineOwner
    ---------
    To close WinDBG go to File > Exit

    You are done. WinDBG has been installed, .dmp file associations created, and symbol path correctly setup.



  1. Joined : Oct 2013
    Texas
    Posts : 7,537
    Windows 10 Pro X64
       2014-10-04 #1

    I get this error when I download the test file to verify

    Click image for larger version. 

Name:	test file error.PNG 
Views:	520 
Size:	39.8 KB 
ID:	5917

    Edit, downloaded 7 zip and all is good. Thanks Golden
    Last edited by Dude; 2014-10-04 at 10:32.
      My System SpecsSystem Spec

  2.    2014-10-04 #2

    Dude said: View Post

    Edit, downloaded 7 zip and all is good. Thanks Golden
    That's part of the test Doug, you passed.
      My System SpecsSystem Spec


  3. Joined : Oct 2013
    Texas
    Posts : 7,537
    Windows 10 Pro X64
       2014-10-07 #3

    derekimo said: View Post
    That's part of the test Doug, you passed.
    Thanks Derek
      My System SpecsSystem Spec


  4. Joined : Nov 2015
    Posts : 4
    Windows 10
       2015-11-01 #4

    I'm getting this error when trying to view a Windows 10 crash dump file:

    Failure when opening dump file <path>, NTSTATUS 0xC000011E
    It may be corrupt or in a format not understood by the debugger.

    An attempt was made to map a file of size zero with the maximum size
    specified as zero.

    Currently researching, hoping I didn't miss anything.
      My System SpecsSystem Spec

  5.    2015-11-01 #5

    css1323 said: View Post
    I'm getting this error when trying to view a Windows 10 crash dump file:

    Failure when opening dump file <path>, NTSTATUS 0xC000011E
    It may be corrupt or in a format not understood by the debugger.

    An attempt was made to map a file of size zero with the maximum size
    specified as zero.

    Currently researching, hoping I didn't miss anything.
    Sounds like a zero byte dump file, (Corrupt) what size is it listed as?

    Normally they run about 25-35 KB.
      My System SpecsSystem Spec


  6. Joined : Nov 2015
    Posts : 4
    Windows 10
       2015-11-01 #6

    derekimo said: View Post
    Sounds like a zero byte dump file, (Corrupt) what size is it listed as?

    Normally they run about 25-35 KB.
    Ah, I overlooked that! Several are 0 bytes.

    I finally found a recent one clocked in at 276 KB in size. This time I got a different error:
    WinDbg: 10.0.10240.9 AMD64
    Could not find the <path> Dump File, Win32 error 0n87

    The parameter is incorrect.

    I am using the Windows 10 WinDbg kit as well (used 8.1 earlier). I was also able to view the sample dump file in above instructions just fine, so it can't be a bad install/setup I assume.

    I'm probably going to end up backing up files and doing a system reset instead of fighting with it. Probably malware. Of course it irks me not being able to see if there really is anything of worth in the generated Windows dump files. Thanks!
      My System SpecsSystem Spec

  7.    2015-11-01 #7

    Zip that one up and attach it in your next post. Let's see if I get the same error.

    Since you are in this tutorial I assume you followed all the steps to set associations?
      My System SpecsSystem Spec


  8. Joined : Nov 2015
    Posts : 4
    Windows 10
       2015-11-01 #8

    derekimo said: View Post
    Zip that one up and attach it in your next post. Let's see if I get the same error.

    Since you are in this tutorial I assume you followed all the steps to set associations?

    110115-26921-01.zip

    Correct, I set the association in Step 2. Would be interesting to see if you can check it out.
      My System SpecsSystem Spec

  9.    2015-11-01 #9

    Click image for larger version. 

Name:	2015-11-01_20h21_48.png 
Views:	391 
Size:	27.0 KB 
ID:	45944

    It's corrupt, I get the same thing,
      My System SpecsSystem Spec


 
Page 1 of 4 123 ... LastLast


Similar Threads
Tutorial Category
Solved configure Server Ports in Outlook e-mail app
Is it possible to configure the Server Ports in the outlook e-mail app? I use AT&T for e-mail, and my mail account requires that I use server port 995 (incoming) and 465 (outgoing). I can create a new POP3 service for AT&T and setup everything up...
Browsers and Email
Solved Need Help with setting up Windbg
I seem to be suffering from a severe lack of knowledge and experience in this area. I am trying to read dump file created by Windows 10 but keep seeing errors about ntoskrnl.exe and symbol errors. I have gone through the tutorial by Golden. I...
BSOD Crashes and Debugging
Solved Configure Win 7 using AIK/ADK on WIn 10?
Working on several projects at one time, and using primarily laptops with not that great support for virtualization, so I am loathe to install a basic Win 7 in virt jsut to be able to use hte Win 7 AIK. In a past tutorial, Kari mentioned that the...
Virtualization
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:22.
Find Us
Twitter Facebook Google+



Windows 10 Forums