Simplest Windbg minidump tutorial
Vložit
- čas přidán 22. 08. 2024
- Simplest Windbg minidump tutorial to get you started using windbg to debug minidumps.
Comment below.
if you would like me to help you debug a minidump, write a comment here or send me a message via my social media links below.
Additional information can be found here.
docs.microsoft...
docs.microsoft...
docs.microsoft...
Source code = github.com/hig...
Attributions
-----------------
www.bensounds.com
Links
------
/ highvoice.man.5
/ highvoiceman
Very nicely explained. Thank you
Very useful sir. Memory dump analysis very challanging for me in production
great video, thanks, master!
Good job
nice voice,nice accent
@High Voice Computing Could you
share the ConsoleApplication1 used in this tutorial and the steps how you collect the dump? Thanks
Hi , thanks for requesting . I think the source is here github.com/highvoiceman/nullptrexception1. Sorry for not uploading it earlier :)
Can you please explain the Stack Text section? thanks
do you have any tips on how to load the source code in WinDebug?
My computer wont permit access to the internet for downloading the symbols. The bsod remains. I have r use command prompt to get anything done. Since I cant access the internet, there is no point in viewing a dump file. Since. It says the symbols r Unknown. Do u know a work around. My mom computer does not fully i boot.
Hi hi, I am sorry to hear that, but without microsoft symbols, there is no simple way to read a memory dump :(
@@HighVoiceComputing fortunately, i got the symbols, but I dont know what to do with what it says the problem is. Will u help me plz?
I am not sure if you can help, my issue when I try to load the memory dump, I received this error, The debugging session could not be started: Access to the path C:\\Windows\minidump" is denied. I am using different software to read a memory dump, but when I try to read it with WinDbg it never work. can you help
Copy the memory dump, to another path. Windbg, does not need to access C:\windows\minidump at all. Windbg, cannot elevate its permissions, so when it encounters an error, it stops. You can open minidumps from any folder by selecting open minidump in the windbg menu,
Thanks
How to track double free crash of ccombstr
CComBSTR contains a BSTR which is free by SysFreeString. This function, intentionally does not throw any error when freeing because it uses a pool of memory which caches the string.
Let me dig up some really old windows documentation which can disable the pool which will then cause the double free to trigger an exception. I am not sure at the moment if its possible, but I would give it a try.
If the CComBSTR itself is crashing in the destructor, it could be something unrelated to the BSTR inside. Do you have a memory dump of the crash ?
Hi, could you help me?
My pc dont usually crashes but , when playing games, they suht down or crash a lot... Like I cant play nor even 5 minutes...
Thank you for any clue of what to do.
And I've got this when tryed .symfix:
0:020> .symfix
DBGHELP: Symbol Search Path: cache*;SRV*msdl.microsoft.com/download/symbols
DBGHELP: Module is not fully loaded into memory.
DBGHELP: Searching for symbols using debugger-provided data.
SYMSRV: BYINDEX: 0x5
C:\ProgramData\Dbg\sym
ntdll.pdb
DF65754E73EDDA4805AD5C4CB549BD021
SYMSRV: PATH: C:\ProgramData\Dbg\sym
tdll.pdb\DF65754E73EDDA4805AD5C4CB549BD021
tdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: C:\ProgramData\Dbg\sym
tdll.pdb\DF65754E73EDDA4805AD5C4CB549BD021
tdll.pdb - file system or network error reading pdb
DBGHELP: cache*
tdll.pdb - file not found
DBGHELP: cache*\dll
tdll.pdb - file not found
DBGHELP: cache*\symbols\dll
tdll.pdb - file not found
SYMSRV: BYINDEX: 0x6
C:\ProgramData\Dbg\sym*msdl.microsoft.com/download/symbols
ntdll.pdb
DF65754E73EDDA4805AD5C4CB549BD021
SYMSRV: PATH: C:\ProgramData\Dbg\sym
tdll.pdb\DF65754E73EDDA4805AD5C4CB549BD021
tdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: Failed copying the file 'C:\ProgramData\Dbg\sym
tdll.pdb\DF65754E73EDDA4805AD5C4CB549BD021
tdll.pdb' to the cache
DBGHELP: C:\ProgramData\Dbg\sym
tdll.pdb\DF65754E73EDDA4805AD5C4CB549BD021
tdll.pdb - file system or network error reading pdb
DBGHELP: ntdll.pdb - file not found
DBGHELP: ntdll - export symbols
Sure , not a problem. Copy and paste the entire text that !analyze -v is writing. You can email me at highvoiceman@gmail.com
@@HighVoiceComputing That's very kind from you! Just sent you an email!
Thanks a lot!
hi
MODULE_NAME: hardware
IMAGE_NAME: hardware_ram
STACK_COMMAND: .cxr; .ecxr ; kb
FAILURE_BUCKET_ID: 0x1a_61941_PAGE_TABLE_RESERVED_BITS_SET_IMAGE_hardware_ram
does this mean that one of my RAM sticks are bad??