Part 1, Setting up your Debugging Tools
In this part, you'll learn how to setup a free debugging tool to help diagnose a Windows 'blue screen of death' and how to use an automatic method for the symbol and file version process.
1. The Windows Debugging Tools
Download the Windows Debugging Tools
2. Getting the Symbol files
Once the Debugging Tools are Downloaded and Installed, you need to setup your symbol file retrieval.
Click Start, All Programs/Programs, Debugging Tools. Run WinDBG.
On the Debugger Menu bar, Click File then Symbol Path.
In the Symbol Search Path dialog enter: SRV*C:\custompath*http://msdl.microsoft.com/download/symbols
Part 2, Crash debugging and Analysis
In this part, you'll learn how to use the debugging tools key commands to learn more about why the OS crashed.
Once you've opened a Crash Dump file the debugger will retrieve relevant symbols and file versions automatically, the debugger will then debug the dump file.
1. Analysing the crash.
At the bottom of the screen there will be a line for text input, lets call this the console.
Type into the console !Analyze -v
then press Enter.
Don't panic or repeat the command if it seems like nothings happening, the debug result time will vary by certain factors; your Internet connection speed, crash dump size (mini, kernel only or full memory), system specifications, and file system conditions.
In time results will enumerate so please be patient, the extra time the debugger takes to open the crash file is actually a good indication that your tools are configured correctly, If the file opened instantly, you should review the displayed information to ensure your debugging tools are configured properly.
You should now have a probable cause given by the analysis of the debugger, this cause is likely to indicate if the BSOD was caused due specifically by a driver or by hardware factors affecting kernel memory.
Other areas of the Analysis to take note of is the image_name and module_name entry under the debugging details, these fields will indicate a specific file if your BSOD is driver related.
2. Additional File Analysis (LMV):
The LMV command allows you to quickly obtain detailed file information from within the debugger. The LMV command will give you an indication of what the file does or whom the vendor of the file is, this information gives you an avenue for, updating, repair or further investigation.
After the debug analysis is performed, In the console use the LMV command to learn more about the faulting file (module_name or image_name)
Remember, If your minidump folder is not saving your crash-dumps, check your settings: Win+Pause,Advanced, in Start up and Recovery click the Settings button, under the Write debugging information field, choose kernel memory dump.
Useful debugging resources:
Windows crash debugging @ thomaskoetzing.de - Handy knowledge base section amungst other usefull debugging information
Analysing Windows Crash Dump Files - A more comprehensive guide to debugging
Microsoft Advanced Windows Debugging and Troubleshooting - Advanced debugging blogsite, best to begin