WinDbg Analysis dump File

WinDbg is a free source code level debugging tool developed by Microsoft. WinDbg can be used for kernel mode debugging and user-mode debugging, as well as for debugging dump files. This article is discussed in the context of the installation of debugging Tools for Windows, and the download address can refer to my previous article. WinDbg for dump file debugging you can set symbol File path, Source file path, and multiple paths through the menu.

1, open the dump format file

Open WinDbg, through the menu [file]à[open Crash Dump] Select the dump file open, you can also open the DOS command window via cmd, switch to WinDbg directory, use the command:

Windbg–z "D:/lines2009-7-25-22-20-33-900.dmp"

-Z indicates path

Figure 1.1 Opening the dump file with WinDbg

This paper has written a simple program to generate a divisor of 0 exceptions, let it run, produce crashes, generate DMP files through DRWTSN, and then WinDbg analyze DMP files to locate program bugs. Objective: To learn WinDbg basic skills. Program Source code: void Crash (void) { int i = 1; int j = 0; I/= J; } void Main (void) { Crash (); } Compilation Environment: vc++6.0 Compiler settings: This step is to require that the release version not be optimized, and if optimized, the crash (void) function in the source code above will not be compiled. This step setting produces debug symbol tables for release versions and prepares for subsequent positioning errors. Steps: 1. Installation DrWtsn32 Users can see where the DMP files will be saved through the DRWTSN32 command. 2, installation windbg,windbg download address: Http://www.microsoft.com/whdc/devtools/debugging/default.mspx 3, set WinDbg A, Symbol table path settings Where the purpose of the Srv*d:/symbolslocal*http://msdl.microsoft.com/download/symbols setting is to download the symbolic table of the operating system-related library functions that the program uses to local. B, source code path settings C, DMP file Import

The load dump file appears as shown in figure:

Figure 1.2 WinDbg interface

2, analysis dump file

If the generated dump file is in this machine, the dump file will contain the PDB file and source code path required for debugging, and if not, you can go through the WinDbg menu [file]à[symbol file path] and [source file path] Set the PDB file path and source code path, respectively. If your program involves DLLs, you need to include the EXE, all the PDB involved in the DLL, and the source code path. To use the command:

!analyze–v

The dump file is parsed and the line of code that the program crash is in is displayed:

Figure 1.3 Analyzing the dump file