Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD)


Occasionally, my Windows XP SP2 laptop has had the Blue Screen of Death appear unexpectedly. It doesn’t occur when any particular application is running, and nothing ever is written to the event logs. Of course I’m never at the computer when this happens, so I haven’t been able to see what messages and parameters are shown on the BSOD. I have debugging information written to a small memory dump (aka mini dump), but without special tools, these dump files are indecipherable.

I decided to try using the Windows Debugging Tools to figure out the cause of these errors. I needed to make sure I downloaded the proper version for both my processor (32 or 64-bit) and operating system. I also needed a copy of the i386 directory from my Windows XP SP2 install CD, which I copied to my hard drive as c:\i386\. I could have downloaded the appropriate symbol files for my OS and processor, but I chose to use the symbols on Microsoft’s web site instead.

Once I had the tools installed, I launched a command prompt and switched to the debugging tool installation directory, which for me was c:\Program Files\Debugging Tools for Windows\. Next, I lauched the graphical debugger my entering the following command (as all one line):

windbg -y srv*C;\symbols*http://msdl.microsoft.com/download/symbols -i c:\i386 -z c:\windows\minidump\mini012808-01.dmp

What this command did was:

  • launch the windbg debugger
  • Used the symbols files found at http://msdl.microsoft.com/download/symbols
  • Used the Windows XP installation files I copied to my hard drive at c:\i386
  • Analyzed the mini dump file located at c:\windows\minidump\mini012808-01.dmp

This lauched the debugger gui, which loaded the following screen

debugger

As you can see, the analysis states that the problem was likely caused by hsfhwazl.sys. I had no idea what that file was, but it’s .sys extension led to believe it was a device driver. A quick search found the file was a part of the Conexant Softk56 modem driver. I don’t think I’ve ever used the modem in this laptop, and the modem surely wasn’t in use when the most recent blue screens occurred.

I’ve now updated to the most recent version of the modem driver, and I hope I won’t be seeing the BSOD anytime in the near future. I figure it took me all of about twenty minutes to download the debugger, analyze the mini dump files, and resolve the problem.

For more information on how to read the small memory dump files that Windows creates for debugging, see KB 315263.

12 Responses to “Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD)”

  1. CypherBit Says:

    Any idea why one needs to copy (use) the i386 folder when running the debugger? What happens if one omits it?

  2. Jon’s Geek Stuff … & Stuff » Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD) Says:

    [...] Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD) [...]

  3. Vista-Installation endet im Bluescreen - Seite 3 - drvista.de Says:

    [...] system hm, versuch mal mit WinDBG das Crashdump zu analysieren. Hierfr gibt es eine Hilfreiche Anleitung in Englischer sprache! bentigt wird WinDBP und Symbols __________________ Mein System Wer [...]

  4. Kay the PC doctor Says:

    The Microsoft debugging tool is quite useful when trying to understand a BSOD or a Windows crash. However, too often it generates false negatives which impacts the tool’s effectiveness. Many time have I used the tool to diagnoze computer problems, only to be led an endless road of driver updates and configurations changes, to make a PC happy again

  5. dev Says:

    can any one tell me ……that how to use this tool on windows vista….are all thesteps same ???

    Kindly help.

  6. TR/Agent, Stndiger neustart, thread #2, Dringend! - Forum Fachinformatiker.de Says:

    [...] herausfindest, welcher Treiber/Problem im System hngt. Eines der Tools ist WinDbg von Microsoft. Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD) the back room tech How to solve Windows system crashes in minutes – Network World Bei den Links is leider Werbung [...]

  7. eddie Says:

    what exactly windows debugging tools do . what is the basic idea behind it ..explain me as if i am 12yr old kid with steps in detail .how to use them and when to use them

  8. Sundip Says:

    Simply wonderful. I fixed my long time enemy using your guide in 30 minutes! thank you so much. lets hope i never get the BSOD on my comp again.

    • Brian Katz Says:

      In the event of a crash, the Windows Debugging Tools may be your only correct approach. However, in many situations, we jump in without thinking rationally about the error.

      Programmers are “funny” that way when it comes to the way we react to programming problems.

      What kind of debugger are you? – check out http://blog.vkistudios.com/index.cfm/2009/5/6/Tips-Tricks-Traps-and-Tools–3b-of-many-The-Art-of-Troubleshooting-almost-Anything
      Debugging: Most of it is all in the mind … (Yogi Berra? :)
      Brian Katz – VKI Studios

  9. Why am I getting Random BSOD? - Page 2 - Hardware Canucks Says:

    [...] i would consult this guide just to be sure and post the results of the crash dump analysis. Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD) the back room tech it does not take long to do __________________ Phenom II 920 :: ASUS M3N72-D (750a) :: ASUS 8800 [...]

  10. Henrik Møller Jørgensen Says:

    There is a bug in the command line

    windbg -y srv*C;\symbols…
    Shoould read
    windbg -y srv*C:\symbols…
    (colon in stead of semicolon.

    The full command line becomes
    windbg -y srv*C:\symbols*http://msdl.microsoft.com/download/symbols -i c:\i386 -z c:\windows\minidump\mini012808-01.dmp

    Best regards

  11. Application Crash Dump Location Says:

    [...] Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD) – How to use the Windows Debugging Tools to analyze a crash dump [...]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 32 other followers

%d bloggers like this: