In this Blog Post I am going to be walking you through the install of WinDBG and how to read and Analyse DMP files, usually produced from Blue Screens.
Firstly to be able to read DMP files you will need to have a Microsoft Diagnostic tool named WinDBG which is included in the package. This package can be downloaded from http://go.microsoft.com/fwlink/p?LinkID=271979, during the installation, select the Debugging Tools for Windows box and clear all the other boxes.
Now to open the DMP files so that we may read them you will firstly need to run a command from CMD Prompt, to do this open a new command prompt as an administrator, Once it has opened navigate to the install location for example “cd C:Program Files (x86)Windows Kits8.1Debuggersx64”
Once you have done that you can run the command to start WinDBG, the command to do this is “windbg -y srv*c:symbols*http://msdl.microsoft.com/download/symbols -z <Location of DMP file here>”
Once the command above has been entered it will open WinDBG and will begin to load the DMP file. Once it has finished you will see a hyperlink that reads “!Analyze –V” if you click this it will begin to present a lot more information as shown below.
Once it has finished loading the output you will be presented with a screen that could seem very confusing as shown below.
Usually the best places to look would be in the sections title, “SYMBOL_NAME” and “IMAGE_NAME” from this you can grasp an understanding of the reason for the blue screen. But if not there is still one more thing you can do. If you type the command “!Analyze –Show” it will show you the STOP code for the blue screen and usually a probable cause, please see the screen shot below.
Hopefully now you will understand more on how to open and interpret a DMP file.