Christopher Schene
asked on
Need help using WinDbg to analyze crash dumps
I have several crash dumps where the entire PC crashed BSOD.
How do I
1) Determine which task were actually active
2) For suspended tasks waiting on IO, etc, how do I find out which threads are active and where they suspended if not currently running
3) Find out where Which module or driver my crash is actually in.
4) Track back an address in memory to a process
Thanks
How do I
1) Determine which task were actually active
2) For suspended tasks waiting on IO, etc, how do I find out which threads are active and where they suspended if not currently running
3) Find out where Which module or driver my crash is actually in.
4) Track back an address in memory to a process
Thanks
Can you zip all the minidumps and upload it here
<<edit link by Mr Wolfe>>
After post the link for us.
<<edit link by Mr Wolfe>>
After post the link for us.
Once you have minidump files you could analyze them online from the website below:
http://www.osronline.com/page.cfm?name=Analyze
You could also use software like whocrashed if you don't know how to work with WinDbg.
http://www.resplendence.com/whocrashed
Sudeep
http://www.osronline.com/page.cfm?name=Analyze
You could also use software like whocrashed if you don't know how to work with WinDbg.
http://www.resplendence.com/whocrashed
Sudeep
ASKER
Thanks for the possible solutions.
I am not comfortable uploading my dump to a web site since it contains the internal memory of my PC.
I really need to learn how to use WinDbg: this problem is deep enough that I will have to probe the memory at crash time.
I am not comfortable uploading my dump to a web site since it contains the internal memory of my PC.
I really need to learn how to use WinDbg: this problem is deep enough that I will have to probe the memory at crash time.
>> I am not comfortable uploading my dump to a web site since it contains the internal memory of my PC. << wrong - it only contaisn software data
hundreds of people did it before - why not you?
hundreds of people did it before - why not you?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
bluescreenview from nirsoft is a shortcut that brings you to what was shown on blue screen.
you are not microsoft to debug much more.
you are not microsoft to debug much more.
Yeap, NirSoft's tool is sufficient in almost all cases.
>> I have marked the question neglected (by Experts, not you) << i don't agree - i did not get an answer on my post !
It depends... If it is 16GB full dump i'd say nobody will have courage to trust it to internet, especially with some pgp running. If it is the 64/128k version there is no big harm.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey experts: Need some time examine each WinDbg set of information you offered.
I can only do this in the evening as it is not my regular job
I can only do this in the evening as it is not my regular job
make 1 minute try at nirsoft.
ASKER
"make 1 minute try at nirsoft."
Ok, I'll try it this evening
Ok, I'll try it this evening
i found bluescreenview does often not give enough info - or evn some wrong info
that's why i don't use it anymore
that's why i don't use it anymore
ASKER
Thanks for the WInDBg information Experts.
Sorry I took so long to respond.
Sorry I took so long to respond.
ASKER
Experts, Thank you very much for the help and sorry I took long to respond.
cschene--
Glad to have helped.
Glad to have helped.
http://www.osronline.com/page.cfm?name=analyze