如何使用Debugging Tools for Windows (windebug)简单的使用心得

1.安装debug工具

下载页面地址：http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

选择合适的版本安装

2.安装Symbols（特征库）

建议可以多安装以免出现分析不出来的情况

下载地址：http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx

推荐使用VISTA的symbol packages,解析的更详细

3.添加Symbols

把Symbols的安装路径添加进去

4.运行解析

找到dump文件添加进去

5.以下是一个例子

当时的蓝屏代码是0X0000000A,操作系统是XP SP2，是一个QQ引起蓝屏的问题

Loading Dump File [e:\!minidump\Mini032707-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: F:\WINDOWS\Symbols
Executable search path is: 
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d8000 PsLoadedModuleList = 0x805543a0
Debug session time: Tue Mar 27 08:12:47.390 2007 (GMT+8)
System Uptime: 0 days 0:18:24.941
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
*                                                                                *
*                           Bugcheck Analysis                                       *
*                                                                                *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {e1821a40, 2, 0, 805cf120}

Unable to load image npkcusb.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for npkcusb.sys
*** ERROR: Module load completed but symbols could not be loaded for npkcusb.sys
Unable to load image hidusb.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for hidusb.sys
*** WARNING: Unable to verify timestamp for HIDCLASS.SYS
Unable to load image USBPORT.SYS, Win32 error 2
*** WARNING: Unable to verify timestamp for USBPORT.SYS
Probably caused by : npkcusb.sys ( npkcusb+384 )

Followup: MachineOwner
---------

由于npkcusb.sys不是系统文件可以选择删除他来解决

6.也有分析不出来的情况

这个时候就需要多个minidump分析了

如果出现如下的情况，则为symbols文件不足以分析这个dump文件；需要重新添加，或是寻找新的updata文件