Debugging with Windbg

Posted on May 15th, 2009

If you have crash dump files, the only real way to debug them is by using windbg. This can be installed as part of the Windows debugging tools for 32 bit or 64 bit.

The symbols paths need to be set correctly to correctly identify the relevant information. This can be done for Microsoft and Citrix symbols as their symbols paths are in the public domain. Other associated companies, such as Appsense, do not publicly release their symbols so you are unable to link to them. The entry in windbg needs to be set for the following to set the MS and Citrix symbols paths:

SRV*c:\symbols*http://ctxsym.citrix.com/symbols;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

To open a crash dump file, select file | open crash dump

Select the file in question

After a few seconds the dump loads and the entry bar at the bottom of the window will become active. The following commands may be useful:

!analyze -v

Will show a verbose analysis of the dump file. The important information is at the end of the text that appears. The process that caused the fault will be listed along with the errors.

To get more information about the module use the following command:

lmv m “module name”

It is also possible to use windbg to force a dump of a running / crashing process.

File | Attach to process & Select the process

Chose to save the workspace

A white dialog box is then generated

In the command window of the debugger, enter the following:

.dump /ma c:\mydump.dmp

If I find any more public symbol paths, I will update this entry.

Tags: analyze, debug, debugger, dmp, dump, symbols, windbg, windows
Filed under Windows 2003 | No Comments »