Analyze Memory Dump File Using Debugging Tools For Windows

Tuesday, August 16, 2011

If you has read this article, I hope you has no restriction to understand the BSOD error’s message generated by computer. Today, I want to add a little explanation about this matter. Look at the picture below : 

Capture

Sometimes, when computer generate BSOD, it also create the memory dump file (.dmp) which is very useful to be analyzed by computer technician, in order to know more deeply about what type of critical error encountered by Windows.

The steps of creating memory dump file usually shown at the bottom of BSOD error message (label no. Capture). So, when you see that part of message, you will know that a memory dump file had been created and saved in the C:\Windows\Minidump. The label no. Capture indicate the file (image) which you will need when start analyzing the memory dump file.

Now, based on the BSOD error message above, I will show you how to analyze the memory dump file. For your information this error occur in notebook with Windows 7 (x86) installed


What You Need

  1. Debugging Tools for Windows. Download here. Please read this carefully before you download the tools.

  2. The file, iaStor.sys which you need to know its location (file path). In this case, its file path is C:\Windows\System32\drivers



Before The Procedures

I assume that you want to analyze this memory dump file using the known good computer. So, you need to do the following

  1. Create the folder named image inside the C:\ drive of known good computer.

    Capture

  2. Copy the file iaStor.sys (from the Windows 7’s notebook that encounter the BSOD error) and paste it into the folder C:\image that you created before.

    Capture

  3. Copy the memory dump file (from the Windows 7’s notebook that encounter the BSOD error) and paste it into C:\Windows\Minidump folder reside in a known good computer
     
  4. Install the Debugging Tools for Windows

    Capture



The Procedures

  1. Click images --> click All Programs –-> click Debugging Tools for Windows (x86) –-> click WinDbg –-> the WinDbg’s window like below appears.

    Capture

  2. Based on the picture above, click File –-> click Symbol File Path… –-> the Symbol Search Path’s window like below appears.

    Capture

  3. Inside the text area under Symbol path, type SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols –-> click OK.

  4. Now, on the WinDbg’s window AGAIN, click File –-> click Image File Path…

    Capture

  5. The Executable Image Search Path’s window like below appears. Inside the text area under Image path, type c:\image --> click OK.

    Capture 

    Note:

    The c:\image is the folder reside in C: drive which you created at step 2 under section Before The Procedures. The content of this folder is the file iaStor.sys

  6. Now, it is the time to open the memory dump file for deep analysis. Click File –-> click Open Crash Dump…

    Capture

  7. Then, you will be re-directed to C:\Windows\Minidump –-> highlight the memory dump file –-> click Open –-> click Yes and you will get the result like below.  

    Capture

  8. If you want to get more details debugging information, click !analyze -v. Then you will get the detail information as below

    Capture

  9. Based on the picture above, if you scroll down a little bit more, you will see the information like the picture below

    Capture

  10. Click the iaStor and you will be presented with the details information about the file iaStor.sys. See below

    Capture

Conclusion

The another name for analyze memory dump file is debugging process. Actually the debugging process is a technique that need time to be learned and be mastered. Besides, the debugging process also time consuming to be done. What you learned in this article is the basic concept that you need to know in debugging process.

If you are interested to learn more about debugging process, here I give you the links which you can refer

  1. How to Analyze Memory Dump (.dmp) File

  2. How to read the small memory dump files that Windows creates for debugging

  3. If your computer had been installed with Debugging Tools for Windows, you can retrieve the complete documentation about debugging process at C:\Program Files\Debugging Tools for Windows\Debugger.chm

7 comments:

{ MUHAMMAD MURSYID } at: August 16, 2011 at 10:46 AM said...

Thanx 4 da tutorial..boleh guna utk masa akan datang..

{ mR.sAm } at: August 17, 2011 at 2:35 AM said...

this is best bro..tq2..

{ Mike } at: January 13, 2012 at 8:17 PM said...

There is application Digeus Registry Fixer I recommend to use it when there are problems with system. I also recommend to use Windows Tune Up Suite form Windsty. It restores system to a healthy state.

{ Hemant Balde } at: June 6, 2012 at 4:56 PM said...

thanks bro..it is the best

{ Tech-Geek } at: July 15, 2012 at 8:06 PM said...

Great tutorial.

Anonymous at: November 7, 2012 at 6:22 PM said...

Thank you for the good tutorial

{ Паничище } at: January 15, 2013 at 7:52 PM said...

Really Great tutorial. I will bookmark this page for tuture use and tell my friends also.

Post a Comment

Related Posts Plugin for WordPress, Blogger...