Need help using WinDbg to analyze crash dumps

Christopher Schene
Christopher Schene used Ask the Experts™
on
I have several crash dumps where the entire PC crashed BSOD.

How do I

1) Determine which task were actually active
2) For suspended tasks waiting on IO, etc, how do I find out which threads are active and where they suspended if not currently running
3) Find out where Which module or driver my crash is actually in.
4) Track back an address in memory to a process

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
First thing I would do is throw a mini dump at the site below, and see what it comes back with. Results vary, but sometimes it nails the issue.

http://www.osronline.com/page.cfm?name=analyze
*** Hopeleonie ***IT Manager

Commented:
Can you zip all the minidumps and upload it here
<<edit link by Mr Wolfe>>

After post the link for us.
Sudeep SharmaTechnical Designer

Commented:
Once you have minidump files you could analyze them online from the website below:
http://www.osronline.com/page.cfm?name=Analyze

You could also use software like whocrashed if you don't know how to work with WinDbg.
http://www.resplendence.com/whocrashed

Sudeep
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Christopher ScheneSystem Engineer/Software Engineer

Author

Commented:
Thanks for the possible solutions.

I am not comfortable uploading my dump to a web site since it contains the internal memory of my PC.


I really need to learn how to use WinDbg: this problem is deep enough that I will have to probe the memory at crash time.
Top Expert 2013

Commented:
>>  I am not comfortable uploading my dump to a web site since it contains the internal memory of my PC.   << wrong - it only contaisn software data

hundreds of people did it before - why not you?
"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Using WinDbg for that purpose is easy. Just start it, set up a symbol server path (best to use something like srv*c:\Windows\Symbols*http://msdl.microsoft.com/download/symbols), and then open the crash dump. Both can be done using the first menu.
As soon as you have opened the dump, a short analysis will run, and then suggest !analyze -v, which you should do (just click on the text - it is in fact a link). This then will tell which process is supposed to have caused the crash, with some stack dump and registry info. The first analysis will last same time, as the OS symbol files need to get downloaded from the MS symbol server, but those are retained in the folder you provided in that path description, and next time will be much faster.
Top Expert 2015

Commented:
bluescreenview from nirsoft is a shortcut that brings you to what was shown on blue screen.
you are not microsoft to debug much more.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Yeap, NirSoft's tool is sufficient in almost all cases.
Top Expert 2013

Commented:
>>  I have marked the question neglected (by Experts, not you)  <<  i don't agree - i did not get an answer on my post !
Top Expert 2015

Commented:
It depends... If it is 16GB full dump i'd say nobody will have courage to trust it to internet, especially with some pgp running. If it is the 64/128k version there is no big harm.
Top Expert 2013
Commented:
Christopher ScheneSystem Engineer/Software Engineer

Author

Commented:
Hey experts: Need some  time examine each WinDbg set of information you offered.

I can only do this in the evening as it is not my regular job
Top Expert 2015

Commented:
make 1 minute try at nirsoft.
Christopher ScheneSystem Engineer/Software Engineer

Author

Commented:
"make 1 minute try at nirsoft."

Ok, I'll try it this evening
Top Expert 2013

Commented:
i found bluescreenview does often not give enough info - or evn some wrong info
that's why i don't use it anymore
Christopher ScheneSystem Engineer/Software Engineer

Author

Commented:
Thanks for the WInDBg information Experts.

Sorry I took so long to respond.
Christopher ScheneSystem Engineer/Software Engineer

Author

Commented:
Experts, Thank you very much for the help and sorry I took long to respond.
Top Expert 2013

Commented:
cschene--
Glad to have helped.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial