Link to home
Start Free TrialLog in
Avatar of Christopher Schene
Christopher ScheneFlag for United States of America

asked on

Need help using WinDbg to analyze crash dumps

I have several crash dumps where the entire PC crashed BSOD.

How do I

1) Determine which task were actually active
2) For suspended tasks waiting on IO, etc, how do I find out which threads are active and where they suspended if not currently running
3) Find out where Which module or driver my crash is actually in.
4) Track back an address in memory to a process

Thanks
Avatar of Mal Osborne
Mal Osborne
Flag of Australia image

First thing I would do is throw a mini dump at the site below, and see what it comes back with. Results vary, but sometimes it nails the issue.

http://www.osronline.com/page.cfm?name=analyze
Can you zip all the minidumps and upload it here
<<edit link by Mr Wolfe>>

After post the link for us.
Once you have minidump files you could analyze them online from the website below:
http://www.osronline.com/page.cfm?name=Analyze

You could also use software like whocrashed if you don't know how to work with WinDbg.
http://www.resplendence.com/whocrashed

Sudeep
Avatar of Christopher Schene

ASKER

Thanks for the possible solutions.

I am not comfortable uploading my dump to a web site since it contains the internal memory of my PC.


I really need to learn how to use WinDbg: this problem is deep enough that I will have to probe the memory at crash time.
>>  I am not comfortable uploading my dump to a web site since it contains the internal memory of my PC.   << wrong - it only contaisn software data

hundreds of people did it before - why not you?
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
bluescreenview from nirsoft is a shortcut that brings you to what was shown on blue screen.
you are not microsoft to debug much more.
Yeap, NirSoft's tool is sufficient in almost all cases.
>>  I have marked the question neglected (by Experts, not you)  <<  i don't agree - i did not get an answer on my post !
It depends... If it is 16GB full dump i'd say nobody will have courage to trust it to internet, especially with some pgp running. If it is the 64/128k version there is no big harm.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hey experts: Need some  time examine each WinDbg set of information you offered.

I can only do this in the evening as it is not my regular job
make 1 minute try at nirsoft.
"make 1 minute try at nirsoft."

Ok, I'll try it this evening
i found bluescreenview does often not give enough info - or evn some wrong info
that's why i don't use it anymore
Thanks for the WInDBg information Experts.

Sorry I took so long to respond.
Experts, Thank you very much for the help and sorry I took long to respond.
cschene--
Glad to have helped.