The Windows Driver Kit (WDK) 5






Starting WinDbg


To analyze a dump file, start WinDbg with the -z command-line option:


windbg -y SymbolPath -i ImagePath -z DumpFileName


The -v option (verbose mode) is also useful. If WinDbg is already running and is in dormant mode, you can open a crash dump by selecting the File Open Crash Dump menu command or pressing the CTRL+D shortcut key.


WinDbg, Windows debugger: Opening the Windows Crash Dump file


Opening the Windows Crash Dump file


When the Open Crash Dump dialog box appears, enter the full path and name of the crash dump file in the File name text box, or use the dialog box to select the proper path and file name. When the proper file has been chosen, click Open.


WinDbg, Windows debugger: Selecting the Windows mini Crush Dump file


Selecting the Windows mini Crush Dump file


WinDbg, Windows debugger: Viewing the Crash Dump file


You can also open a dump file after the debugger is running by using the .opendump (Open Dump File) command, followed with g (Go).

Dump files generally end with the extension .dmp or .mdmp. You can use network shares or Universal Naming Convention (UNC) file names for the memory dump file. Well, it will take a long story to provide examples on how to debug either the user mode or kernel mode and why not you try the following links by Windows device driver developer for more information.


  1. A Crash Dump analysis tutorials.
  2. Windbg basic tutorials.
  3. Tips on how to analyze strange Crash Dumps and uninstall the Windows hidden drivers.





< Windows Driver Kit (WDK) 4 | Windows Driver Kit (WDK) Programming | Win32 Programming | Windows Driver Kit (WDK) 6 >