Tuesday, June 5, 2012

Part 1: Setup WinDBG as a server to solve BSOD


Setup WinDBG as a server


Part 1: Setup WinDBG as a server to solve BSOD -- What is WinDBG?
Part 2: Setup WinDBG as a server to solve BSOD -- Download and install WinDBG.
Part 3: Setup WinDBG as a server to solve BSOD -- Configuring WinDBG
Part 4: Setup WinDBG as a server to solve BSOD -- Troubleshooting if dump file is not generating
Part 5: Setup WinDBG as a server to solve BSOD -- Setting up as WinDBG as a Server

Have you ever faced BSOD (Blue screen of death) problem on your system and ever want a root cause why it is happening, well I will try here to solve the problem.

Note: for your information, I will not suggest you  to use your daily using systems or production environment, Her I have done all tests and labs on my virtual environment. I won't be responsible for any damage.

In this demo I am using 2 windows 2008 64 bit VM and 1 windows 7 VM which is set up on vmware workstation.

Part1:  What is WinDBG?

What is BSOD?
System OS crashed or halted by unrecoverable error.

What are these errors?
This could be (Faulty/incompatible) Hardware, outdated BIOS & firmware, (buggy) softwares, (could include (buggy/out dated) Drivers, incompatible patch).


How can I determine what is causing error? And what softwares are used?
WinDBG is a free debugger tool, which reads dump file.

What is dump file?
Whenever system is crashed it create dump file, and this dump file has all the answer. It contains data, (Memory Map) that was in the memory when system crashed, you can use it as a point in time to see what was in memory when system crashed.
 
 There are 3 types of dump files which are used for analyses:  
  • Complete memory dump saved in %SystemRoot%\MEMORY.DMP,
  • Kernel memory dump saved in %SystemRoot%\MEMORY.DMP
  • Small memory dump (64 KB) saved  %SystemRoot%\Minidump
* %systemroot% is path equal to "C:\windows" for windows 2003 and later operating system.
Read Microsoft KB on for detailed information about memory dump files http://support.microsoft.com/kb/254649

You can configure windows settings which dump file you want to generate
Simply Go to start, right click computer, choose properties
Click "Advance system settings"
 Click on setting  under Startup and Recovery.
 Create a "Dump" folder under C drive, Here I am changing the path of each memory dump file path to C:\Dump, for better management and easy portability of dump files Rather than keeping default.

If you have more than 2 GB of ram you will not able to see complete memory dump in drop down list. By default system will create Kernel memory dump file, you can use drop down list and select which dump file you want to create.  

Select small memory dump (256 KB) and set dump file location to c:\dump\minidump.

Download  full PDF of this article from http://kunaludapi.weebly.com.
Posted by at
Subscribe to: Post Comments (Atom)