I had to analyze a memory dump from a server that blue screened. This blog is a reference how I used WinDBG to analyze the dump. I don't claim to be an expert in WinDBG, but these few steps can be done in minutes to determine a issue if you have the memory dump available.
-
Capture either a kernel or complete memory dump.
-
Install WinDBG on a system that will analyze the file, it doesn't have to be on the production server. (Search the web for the proper version of WinDBG you need)
-
Open WinDBG and open the dump file.
-
Add the symbol location srv*c:\symbols*http://msdl.microsoft.com/download/symbols
-
Run !analyze -v or !analyze
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {3ad0720, 2, 1, f80fe1e4}
Probably caused by : XYZ.sys ( dc21x4+21e4 )
Followup: MachineOwner
---------
I recommend watching this webcast by Mark Russinovich - Mark is the co-founder of Sysinternals and could make a case for him being the #1 guru on the Internet. This was recorded at Teched 2006. Without the tools he has provided, it would make every Windows Administrator's job a lot harder.
RSS