How do I use WinDBG?

Discussion in 'other software & services' started by xMarkx, Mar 27, 2009.

Thread Status:
Not open for further replies.
  1. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Hello,

    How do I use WinDBG? I keep getting random Blue Screen crashes at boot-up or when I finish logging in on my Dell Dimension 8400 running Windows XP SP3 32-bit. The last one that happened in February didn't record anything in Event Viewer or leave a file in C:\WINDOWS\Minidump but todays BSOD did so I want to analyze it to figure out what's wrong with my computer. My guess is still Google Earth.

    Is it a safe install? Is it easy to understand? Is this the correct link for it: http://www.microsoft.com/whdc/devtoo...tallx86.mspx#a? I'm not on a server though and what about the "symbols" and "analyze-v" (from Wikipedia).
    ---------------------------------------------------------------------------------------------------------------------
    UPDATE:

    I successfully downloaded, installed, and ran WinDbg. This is what I got from it. I'm not sure if this should go in a new thread or not though...

    1st BSOD which happened while iTunes 8 was installing (December 2008 ) :
    Probably caused by : eamon.sys ( eamon+3111 )
    ->It's NOD32. This occured before upgrading to the latest build of v3 (3.0.684.0) so I think it's fine.

    However the 2nd one has me puzzled..

    2nd BSOD which happened after I finished logging in (Today):

    For the first time I debugged the same file (I think I made a mistake): Probably caused by: ntoskrnl.exe ( nt+e522d )
    For the second time I debugged the same file (and the rest of the times): Probably caused by: ntkrpamp.exe ( nt!ObpCloseHandleTableEntry+3b )
    ->I'm not sure what this is, or what it means. Does anybody know?

    I haven't noticed any strange behaviour (other than STOP messages of course) except that the GoogleUpdaterService.exe disappeared from the processes tab in Task Manager. Used to show GoogleUpdate.exe and GoogleUpdaterService.exe but now just shows GoogleUpdate.exe. Does this signify anything, or relate to ntoskrnl.exe or ntkrpamp.exe?

    Thanks!

    Regards,

    Mark.
     
    Last edited: Mar 28, 2009
  2. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Does anyone know the basics on how to use WinDBG?
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I think their is a program for translating Event Viewer. May have been mentioned in wilders.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  5. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Thank you for your link and prompt reply!

    So basically after downloading and installing WinDbg, I just open the .dmp file in C:\WINDOWS\Minidump?

    Do I need to type this in the Symbol Search Path?:
    SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols

    because the article said this:
    What is meant by "local system"?

    Thanks,

    Mark.
     
  6. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,556
  7. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    I want to analyze the minidumps.
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  9. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Thanks.

    But do I need to type this in the Symbol Search Path?:
    SRV*c:\windows\symbols*http://msdl.microsoft.com/download/symbols

    because the article said this:

    What is meant by "local system"?

    Regards,

    Mark.

    PS: When downloading the .msi file, should I Run or Save it?
     
  10. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,556
    Just install whocrashed and point it to the windows debugger folder and the minidump. It will automatically download the symbols, analyse the minidump and give you a report.

    Panagiotis
     
  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes the symbol file path therefore :

    (whocrashed is a good suggestion)
     

    Attached Files:

  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
     
  13. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Thanks to everyone who replied in this thread - very helpful answers. And thank you Brian for your answers to my questions. I will be installing WinDbg hopefully either later tonight if I have time/not too sleepy or tomorrow afternoon.

    I will post an update as to what I got from the WinDbg analysis (and if I have any problems). And if anyone has any further recommendations, feel free to post:)

    Regards,

    Mark.
     
    Last edited: Mar 27, 2009
  14. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Hello,

    I successfully downloaded, installed, and ran WinDbg. This is what I got from it. I'm not sure if this should go in a new thread or not though...

    1st BSOD which happened while iTunes 8 was installing (December 2008 ) :
    Probably caused by : eamon.sys ( eamon+3111 )
    ->It's NOD32. This occured before upgrading to the latest build of v3 (3.0.684.0) so I think it's fine.

    2nd BSOD which happened after I finished logging in (Today):

    For the first time I debugged the same file (I think I made a mistake): Probably caused by: ntoskrnl.exe ( nt+e522d )
    For the second time I debugged the same file (and the rest of the times): Probably caused by: ntkrpamp.exe ( nt!ObpCloseHandleTableEntry+3b )
    ->I'm not sure what this is, or what it means. Does anybody know?

    Thanks,

    Mark.

    I haven't noticed any strange behaviour (other than STOP messages of course) except that the GoogleUpdaterService.exe disappeared from the processes tab in Task Manager. Used to show GoogleUpdate.exe and GoogleUpdaterService.exe but now just shows GoogleUpdate.exe. Does this signify anything, or relate to ntoskrnl.exe or ntkrpamp.exe
     
    Last edited: Mar 28, 2009
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Did you install a new device around the time you started having these problems? You can do a search for 'ntoskrnl bsod' in google (without the quotes) and you will get some other advice.
     
  16. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Hello Brian,

    I think that it's actually ntkrpamp.exe instead of ntoskrnl.exe. I've had Google Earth on my computer since the summer, but recently upgraded to v5 of it in February. The new version of Google Earth could be it because it started the day I installed it (one STOP message the day I installed it, one STOP message a week later but then all of a sudden I stopped getting the STOP message until this weekend.. strange). I did try to look up ntkrpamp.exe on the weekend, and I believe it is part of the Windows Kernel that is essential for the computer's boot-up process. Could Google Earth and ntkrpamp.exe be related somehow?

    Regards,

    Mark.
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I would think it's a driver issue, and I don't think that Google Earth installs a driver. You can do a search for ntkrpamp in Google, and you will get lots of advice. One that has some advice you might follow is http://www.techspot.com/vb/all/windows/t-45116-I-need-someone-to-interpret-a-few-mini-dumps.html:

    Also, you might try checking your memory with MemTest86 or MemTest86+.
     
  18. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
Loading...
Thread Status:
Not open for further replies.