I had to analyze a memory dump from a server that blue screened. This blog is a reference how I used WinDBG to analyze the dump. I don’t claim to be an expert in WinDBG, but these few steps can be done in minutes to determine a issue if you have the memory dump available.
Capture either a kernel or complete memory dump.
Install WinDBG on a system that will analyze the file, it doesn’t have to be on the production server. (Search the web for the proper version of WinDBG you need)
Open WinDBG and open the dump file.
Add the symbol location srv*c:symbols*http://msdl.microsoft.com/download/symbols
Run !analyze -v or !analyze
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {3ad0720, 2, 1, f80fe1e4}
Probably caused by : XYZ.sys ( dc21x4+21e4 )
Followup: MachineOwner
———
I recommend watching this webcast by Mark Russinovich – Mark is the co-founder of Sysinternals and could make a case for him being the #1 guru on the Internet. This was recorded at Teched 2006. Without the tools he has provided, it would make every Windows Administrator’s job a lot harder.
