WinDBG refresher

I had to analyze a memory dump from a server that blue screened.  This blog is a reference how I used WinDBG to analyze the dump.  I don’t claim to be an expert in WinDBG, but these few steps can be done in minutes to determine a issue if you have the memory dump available. 

  • Capture either a kernel or complete memory dump.

  • Install WinDBG on a system that will analyze the file, it doesn’t have to be on the production server. (Search the web for the proper version of WinDBG you need)

  • Open WinDBG and open the dump file.

  • Add the symbol location srv*c:symbols*

  • Run !analyze -v or !analyze

*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck D1, {3ad0720, 2, 1, f80fe1e4}

Probably caused by : XYZ.sys ( dc21x4+21e4 )

Followup: MachineOwner

I recommend watching this webcast by Mark Russinovich – Mark is the co-founder of Sysinternals and could make a case for him being the #1 guru on the Internet.  This was recorded at Teched 2006.  Without the tools he has provided, it would make every Windows Administrator’s job a lot harder.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: