BSOD Analysis - Getting Started

Deejay100six said:
Ok, I'm launching myself into learning about all this BSOD thing so I'm here to ask for guidance.

I see that Jonathon King hasn't been active here for a while so if someone wants to suggest another thread for me to post in, fire away.

I'll start from the beginning, downloading Windbg. I have always found this a little confusing, which link to click for the download? I did a reinstall of Windows 7 a few weeks ago so had to download Windbg again but I think I somehow ended up with the Windows 8 version. I've removed it with Revo so now I should be starting from scratch.

I downloaded from this link; Download Microsoft Windows SDK 7.1 from Official Microsoft Download Center

So far, so good. Now, when I try to install it, I get this message;

View attachment 2947

Do I need to install .net framework 4 or is it already installed? The wording of the message seems somewhat contradictory.
Click to expand...

Hello :)

The Windows 8 version is fine. The fact that it is the Windows 8 version means that it is newer than the Windows 7 version you found. It effectively means "Windows 8 and below" vs "Windows 7 and below". Therefore, the "Windows 8 and below" is newer, and potentially better. Windows Software Development Kit (SDK) for Windows 8

The FAQ supports this:

The installation of the Windows SDK is supported on the following operating systems:

  • Windows 8
  • Windows Server 2012
  • Windows 7
  • Windows Server 2008 R2
Click to expand...

So, surprisingly, not Vista. But anyway, you have Windows 7.

That is the one you want. Make sure to check "Debugging Tools for Windows" when you install it, as it isn't checked by default. In addition, unless you are a programmer, you are unlikely to need any of the other stuff. It will just take up space on your hard disk unnecessarily. You can always come back later to install the extra bits it if needs be.

Finally, the .net Framework error is saying that you have the Client Profile copy of .net 4, but not the Full version of .net 4. The Client Profile is a stripped down version of .net, so you *do* have .net 4, but you don't have ALL of .net 4. I think you are unlikely to meet this error again if you choose just Debugging Tools for Windows, but if you do, download and install this first: Download Microsoft .NET Framework 4 (Web Installer) from Official Microsoft Download Center

Good luck!

Richard
 
Thanks Richard. I may have another question as I had problems with the associating .dmp's with Windbg but I'll let you know if thats the case after I have reinstalled.
 
Deejay100six said:
Thanks Richard. I may have another question as I had problems with the associating .dmp's with Windbg but I'll let you know if thats the case after I have reinstalled.
Click to expand...

No problem :) Ask as many questions as you need to.
 
These are the things that helped me get windbg working correctly:

Download the necessary Windows Symbol packages: Download Windows Symbol Packages

Create a new environment variable as follows:
Code: 
[SIZE=-1][B]_NT_SYMBOL_PATH[/B]=G:\Symbols\[/SIZE]Win8X64;[SIZE=-1]G:\Symbols\Win7X64;G:\Symbols\Win7X86;G:\Symbols\WinXPSP3;[/SIZE][SIZE=-1]http://msdl.microsoft.com/download/symbols[/SIZE]
(I put mine on my G: drive thus the above, change to match your own setup)

To associate .dmp files with windbg, Run 'C:\Program Files\Debugging Tools for Windows (x64)\windbg -IA' from a command line. Then you can double click on a .dmp to process it.
Note: The path to windbg may be different for you if you have a 32 bit system.
 
Ztruker said:
Code: 
[NO-PARSE] _NT_SYMBOL_PATH=G:\Symbols\Win8X64;G:\Symbols\Win7X64;G:\Symbols\Win7X86;G:\Symbols\WinXPSP3;http://msdl.microsoft.com/download/symbols[/NO-PARSE]
Click to expand...
Does that cache symbol files missing from the symbol packages? Or does it download Windows-Updated driver symbol files each time?

You don't have to download symbol packages ahead of time. You can set symbol path to MSDL SYM site + single cache folder -

Code: 
 [NO-PARSE]SRV*a:\symbols*http://msdl.microsoft.com/download/symbols[/NO-PARSE]

My a:\symbols cache = 3.7 GB and contains symbol files for various versions of Windows, Server and SPs.

I'm not saying my way is better -- use whatever works for you.
 
Thanks for the input Ztruker and John, of course.

Success! Took my time today, downloaded and installed the full .Net framework thing, just in case. Reinstalled Windbg and successfully made the file association so that .dmp's now open in Windbg on double click.

Spotted that Norton was the problem in this thread https://www.sysnative.com/forums/bs...4-blue-screen-death-new-laptop.html#post37045 before John replied to it. :dance:

It doesn't look quite so daunting anymore but obviously I know theres lots more to it.
 
Deejay100six said:
Thanks for the input Ztruker and John, of course.

Success! Took my time today, downloaded and installed the full .Net framework thing, just in case. Reinstalled Windbg and successfully made the file association so that .dmp's now open in Windbg on double click.

Spotted that Norton was the problem in this thread https://www.sysnative.com/forums/bs...4-blue-screen-death-new-laptop.html#post37045 before John replied to it. :dance:

It doesn't look quite so daunting anymore but obviously I know theres lots more to it.
Click to expand...

Very well done :) But yes... there is a lot, lot, lot more to it! Keep up the practicing, read the more advanced tutorials here when you are reading for them, and you will learn about the advanced stuff in no time.

Good luck!

Richard
 
I think the h t t p://msdl.microsoft.com/download/symbols gets any missing from the symbol packages I downloaded.

How does SRV*a:\symbols*h t t p://msdl.microsoft.com/download/symbols work? If i made mine

SRV*a:\symbols*h t t p://msdl.microsoft.com/download/symbols


would the symbols used be cached in G:\Symbols over time as I looked at dumps?

(had to add spaces to prevent them being converted to links)
 
you mean A:\Symbols? And yes, it would. Upon any module listed in the dump file it will call the symbol server on and determine if existing symbols are present on the server and will download on a need-to-basis. If there's any difficulties or any hiccups with symbols using .reload command and the correct switches usually does the trick. Consult the Windbg help manual on it.

If there are alerts about symbols in Windbg, read them carefully. Sometimes it may be stating that symbols are present but are not full or are public versions when the action Windbg is attempting may be requesting private symbols. A prime example are the USB-based bugchecks. Doing an !analyze -v on them will smother you in symbol alerts because you might only have access to the public USB symbols, which are sparse. Getting private symbols would require MSDN access. There are also some Windbg extensions and commands that require access to private symbols for the module you're pointing them too.
 
Last edited:
Back
Top