How To Read Windows Crash dmp Files
Recently had to figure out why a Windows 2008 R2 server was crashing. Which meant reading crash dump files and to read crash dump files you need the Debugging Tools for Windows.
Download and install Windows 8 SDK Debugging Tools Windows. The install will require and Internet connection to download the packages it needs.
All you need to install is the “Install Debugging Tools for Windows as a Standalone Component (from Windows SDK)” and during the install only select “Debugging Tools for Windows“.
Everything else is used for more advanced troubleshooting or development, and isn’t needed here.
Next, from an elevated command prompt navigate to the debugging folder. For me with the latest tools on Windows 7 it was at C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\.
Type the following:
c:\> cd "C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\"
c:\> kd –z C:\Temp\memory.dmp (or the path to your .dmp file)
Type the following:kd> .logopen c:\temp\debuglog.txt
opened log fil `c:\temp\debuglog.txt`
Now we need to tell it where the symbols live at, type the following:kd > .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Now reload it and update the debuglog.txt, type the following:kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Review the results by opening c:\temp\debuglog.txt in your favorite
text editor. Searching for PROCESS_NAME: will show which process had the fault. You can use the process name and other information from the dump to find clues and find answers in a web search.
No comments:
Post a Comment