Analyze Dump Files by Using WinDbg (Compact 7)
3/12/2014
You can analyze dump files by using Windows Debugger (WinDbg), which is available as part of the Debugging Tools for Windows that you can install from Download and Install Debugging Tools for Windows. You can install the Debugging Tools for Windows as part of the Windows Driver Kit (WDK), part of the Windows SDK, or as a stand-alone component.
To obtain the most information from a dump file, a debugger needs access to the executable files (EXE and DLL), symbol files (PDB), and the source code of the OS and applications that were running on the device at the time of the dump file capture. For more information about PDB files, see Associate Source Code with PDB Files. The EXE, DLL, and PDB files are created during the OS build process and are typically saved on the development computer in the flat release directory of the associated OS design. However, you may have archived these files elsewhere after you built the OS. In the following procedure, you specify the path to these files on your development computer.
To analyze a dump file by using WinDbg
On your development computer, install WinDbg from Download and Install Debugging Tools for Windows if you haven’t already.
Start WinDbg. The way you start WinDbg depends on how you installed it. If you installed it as a stand-alone component, for example, click Start, click All Programs, click Windows Kits, click Debugging Tools for Windows, and then click WinDbg.
In WinDbg, on the File menu, click Symbol File Path.
In the Symbol Search Path dialog box, type or browse to the path of the symbol files (PDB) of the OS and applications that were running on the device at the time of the dump file capture. If you enter multiple paths, separate them with semicolons.
Click OK.
On the File menu, click Source File Path.
In the Source Search Path dialog box, type or browse to the path of the source code of the OS and applications that were running on the device at the time of the dump file capture, if you have them. If you enter multiple paths, separate them with semicolons.
Click OK.
On the File menu, click Image File Path.
In the Executable Image Search Path dialog box, type or browse to the path of the binary executable files (EXE and DLL) of the OS and applications that were running on the device at the time of the dump file capture, if you have them. If you enter multiple paths, separate them with semicolons.
Click OK.
On the File menu, click Open Crash Dump, browse to a dump file (*.kdmp), and then click Open.
In the Workspace ‘base’ dialog box that appears, in answer to Save information for workspace?, click Yes if you would like to save the workspace.
The Command window displays information about the crash. If the debugger can find the source code on your development computer, the source file appears in a source window with the source code line that generated the exception highlighted.
Use the View menu to display various windows that contain information about the device at the time of the dump file capture:
- Click Locals to view information about the local variables in scope.
- Click Registers to view the value of each register.
- Click Memory to view the contents of memory.
- Click Call Stack to view the function calls on the stack.
- Click Disassembly to see the assembly code.
- Click Processes and Threads to view information about the processes and threads.
To learn more about how to use WinDbg, you can refer to the WinDbg documentation. To view the WinDbg Help file, click Help, and then click Contents.