Analysing Memory Dump Files with WinDbg

WinDBG which is a part of the Microsoft Windows SDK is a great tool for analysing Blue Screen Of Death memory dumps to find out what was the cause of a crash.

Typically if there is a BSOD the memory dump will be saved in C:\Windows\Minidump. Copy this file from the faulty computer (you may need to go in via safe mode to obtain the file if it crashes so often you cant even login) onto a computer that you will be installing / running WinDbg on.

On a working computer install WinDBG from the Microsoft Windows SDK

When installed start WinDbg but before we open up the memory dump we need to first specify the symbol search path. To do this simply goto File > Symbol File Path and specify the following

 SRV*c:\temp*http://msdl.microsoft.com/download/symbols

Now simply goto File > Open Crash Dump and browse to where the memory.dmp is saved. To obtain more verbose infomation on the problem run the command

 !analyze -v

In this instance I had a laptop that would blue screen every 20 minutes. This was due to a Driver Power State Failure on usbccpg.sys. The resolution in my case was simply to boot into safe mode and remove the drivers for the USB subsystem since there was not any updated drivers availible. After rebooting normally into windows the laptop reinstalled fresh drivers.

After this I left the laptop running. With 24 hours of continuous uptime I was then able to hand the laptop back to the user confident the problem was resolved.