Windows System Crash Analysis (BSOD)

You are all probably aware of the MEMORY.DMP files in the windows directory. You may also be aware of the Windows\MiniDump directory. These files are created when there is a critical system error usually resulting in an automated reboot or BSOD.

The Memory.DMP file contains debugging information plus the contents of your system’s RAM. This file is overwritten each time a crash occurs. The MiniDump directory contains the same debugging information as MEMORY.DMP but does not include the RAM contents. The MiniDumps are not overwritten so they can be used as a historical reference for identifying crash events.

So the question is how do you use these file???? There is a tool from Microsoft designed to do just that! It is called WinDbg and is part of the Debugging Tools for Windows. (http://www.microsoft.com/whdc/devtools/debugging/)

Download and install this tool. There is an x86 and an x64 version. Once the program is installed open it and choose the file menu then Symbol File Path.

Enter the following: http://msdl.microsoft.com/download/symbols/

This will download the necessary symbols as needed. Symbols are a link between the binary application code and programming language which generated the code.

Once this is done you can choose File – Open Crash Dump. This will open both Memory.DMP and MiniDumps. Once opened the program will begin some analysis.

Click on the !analyze –v link to do a verbose analysis. This may give more information as to the reason for the crash. The faulting application code is listed in the default analysis.

Enjoy!