You can also analyze memory dump files by using a kernel debugger. Kernel debuggers are primarily intended to be used by developers for in-depth analysis of application behavior. However, kernel debuggers are also useful tools for administrators troubleshooting Stop errors. In particular, kernel debuggers can be used to analyze memory dump files after a Stop error has occurred.
A debugger is a program that users with the Debug Programs user right (by default, only the Administrators group) can use to step through software instructions, examine data, and check for certain conditions. The following two examples of kernel debuggers are installed by installing Debugging Tools For Windows:
• Kernel Debugger. Kernel Debugger (Kd.exe) is a command-line debugging tool that you can use to analyze a memory dump file written to disk when a Stop message occurs. Kernel Debugger requires that you install symbol files on your system.
• WinDbg Debugger. WinDbg Debugger (WinDbg.exe) provides functionality similar to Kernel Debugger, but it uses a graphical user interface (GUI).
Both tools allow users with the Debug Programs user right to analyze the contents of a memory dump file and debug kernel-mode and user-mode programs and drivers. Kernel Debugger and WinDbg Debugger are just a few of the many tools included in the Debugging Tools For Windows installation. For more information about these and other debugging tools included with Debugging Tools For Windows, see Help in Debugging Tools For Windows.
To use WinDbg to analyze a crash dump, first install the debugging tools available at http://www.microsoft.com/whdc/devtools/debugging/.
To gather the most information from a memory dump file, provide the debugger access to symbol files. The debugger uses symbol files to match memory addresses to human friendly module and function names. The simplest way to provide the debugger access to symbol files is to configure the debugger to access the Microsoft Internet-connected symbol server.
To configure the debugger to use the Microsoft symbol server, follow these steps:
1. Click Start, point to All Programs, point to Debugging Tools For Windows, right-click WinDbg, and then click Run As Administrator.
2. Select Symbol File Path from the File menu.
3. In the Symbol Path box, type
SRV*localpath*http://msdl.microsoft.com/download/symbols
where localpath is a path on the hard disk that the debugger will use to store the downloaded symbol files. The debugger will automatically create localpath when you analyze a dump file.
For example, to store the symbol files in C:\Websymbols, set the symbol file path to
“SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols”.
4. Click OK.
Debuggers do not require access to symbol files to extract the Stop error number and parameters from a memory dump file. Often, the debugger can also identify the source of the Stop error without access to symbols.
To analyze a memory dump file, follow these steps:
1. Click Start, point to All Programs, point to Debugging Tools For Windows, right-click WinDbg, and then click Run As Administrator.
2. Select Open Crash Dump from the File menu.
3. Type the location of the memory dump file and then click Open. By default, this location is %SystemRoot%\Memory.dmp.
4. In the Save Workspace Information dialog box, click No.
5. Select the Command window.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
Monday, 18 October 2010
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment