Howto: Use the Windows Debugging Tools to analyze a crash dump (BSOD)

Occasionally, my Windows XP SP2 laptop has had the Blue Screen of Death appear unexpectedly. It doesn’t occur when any particular application is running, and nothing ever is written to the event logs. Of course I’m never at the computer when this happens, so I haven’t been able to see what messages and parameters are shown on the BSOD. I have debugging information written to a small memory dump (aka mini dump), but without special tools, these dump files are indecipherable.

I decided to try using the Windows Debugging Tools to figure out the cause of these errors. I needed to make sure I downloaded the proper version for both my processor (32 or 64-bit) and operating system. I also needed a copy of the i386 directory from my Windows XP SP2 install CD, which I copied to my hard drive as c:\i386\. I could have downloaded the appropriate symbol files for my OS and processor, but I chose to use the symbols on Microsoft’s web site instead.

Once I had the tools installed, I launched a command prompt and switched to the debugging tool installation directory, which for me was c:\Program Files\Debugging Tools for Windows\. Next, I lauched the graphical debugger my entering the following command (as all one line):

windbg -y srv*C;\symbols*http://msdl.microsoft.com/download/symbols -i c:\i386 -z c:\windows\minidump\mini012808-01.dmp

What this command did was:

  • launch the windbg debugger
  • Used the symbols files found at http://msdl.microsoft.com/download/symbols
  • Used the Windows XP installation files I copied to my hard drive at c:\i386
  • Analyzed the mini dump file located at c:\windows\minidump\mini012808-01.dmp

This lauched the debugger gui, which loaded the following screen

debugger

As you can see, the analysis states that the problem was likely caused by hsfhwazl.sys. I had no idea what that file was, but it’s .sys extension led to believe it was a device driver. A quick search found the file was a part of the Conexant Softk56 modem driver. I don’t think I’ve ever used the modem in this laptop, and the modem surely wasn’t in use when the most recent blue screens occurred.

I’ve now updated to the most recent version of the modem driver, and I hope I won’t be seeing the BSOD anytime in the near future. I figure it took me all of about twenty minutes to download the debugger, analyze the mini dump files, and resolve the problem.

For more information on how to read the small memory dump files that Windows creates for debugging, see KB 315263.

Comments [13]

  1. Any idea why one needs to copy (use) the i386 folder when running the debugger? What happens if one omits it?

  2. The Microsoft debugging tool is quite useful when trying to understand a BSOD or a Windows crash. However, too often it generates false negatives which impacts the tool’s effectiveness. Many time have I used the tool to diagnoze computer problems, only to be led an endless road of driver updates and configurations changes, to make a PC happy again

  3. can any one tell me ……that how to use this tool on windows vista….are all thesteps same ???

    Kindly help.

  4. what exactly windows debugging tools do . what is the basic idea behind it ..explain me as if i am 12yr old kid with steps in detail .how to use them and when to use them

  5. Simply wonderful. I fixed my long time enemy using your guide in 30 minutes! thank you so much. lets hope i never get the BSOD on my comp again.

    1. In the event of a crash, the Windows Debugging Tools may be your only correct approach. However, in many situations, we jump in without thinking rationally about the error.

      Programmers are “funny” that way when it comes to the way we react to programming problems.

      What kind of debugger are you? – check out http://blog.vkistudios.com/index.cfm/2009/5/6/Tips-Tricks-Traps-and-Tools–3b-of-many-The-Art-of-Troubleshooting-almost-Anything
      Debugging: Most of it is all in the mind … (Yogi Berra? 🙂
      Brian Katz – VKI Studios

  6. There is a bug in the command line

    windbg -y srv*C;\symbols…
    Shoould read
    windbg -y srv*C:\symbols…
    (colon in stead of semicolon.

    The full command line becomes
    windbg -y srv*C:\symbols*http://msdl.microsoft.com/download/symbols -i c:\i386 -z c:\windows\minidump\mini012808-01.dmp

    Best regards

Leave a Reply

Your email address will not be published. Required fields are marked *