How to Install and Configure Debugging Tools

Post in Progress

In order to be able to analyse .dmp files, you need to install and configure the debugger package from Microsoft.

Installation

Download it from Windows Software Development Kit (SDK) for Windows 8 Consumer Preview (click on Download under Quick Details and then click Run).

You are now asked to specify the installation location. Accept the default of either C:\Program Files (x86)\Windows Kits\8.0\ (for x64 systems) or C:\Program Files\Windows Kits\8.0\ (for x86 systems) depending on whether you are using a 32-bit or 64-bit version of W8 and click on Next.

The next question is optional, it pertains to the Customer Experience Improvement Program, so click either Yes or No as appropriate and then click Next.

Accept the License Agreement by clicking Accept.

Here you can choose the feature(s) that you wish to install. We are only interested in Debugging Tools for Windows so deselect the other options and then click Install. This may take some time, so be patient. Provide Administrative Credentials to continue if the UAC prompt appears.

When the message Welcome to the Windows Software Development Kit! appears, the selected option(s) has/have been installed. Click on Close.

Configuration

Now that the tool has been downloaded and installed, it needs to be configured. Open an http://www.eightforums.com/tutorials/2754-elevated-command-prompt-open-windows-8-a.html and change to the installation folder by entering the following at the prompt:

chdir /d C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\ (for 64-bit systems)
chdir /d C:\Program Files\Windows Kits\8.0\Debuggers\x86\ (for 32-bit systems)

At the prompt, enter windbg -IA in order to register it as the default handler for the common dump file types (.DMP, .HDMP, .MDMP, .KDMP, and .WEW). Click OK on the confirmation window. This will enable the Debugger to automatically run when you click/double-click on a dump file. You can, of course, choose the manual option of clicking on File and Open Crash Dump... (or use the Ctrl+D shortcut) and then browsing to the required file.

For the tool to run correctly, it needs to be able to access certain symbols. These can be downloaded as a standalone package from Microsoft. Choose the appropriate link below in order to download them.

32-bit http://download.microsoft.com/downl...Winmain.8250.0.120217-1520.X86FRE.Symbols.msi
64-bit http://download.microsoft.com/downl...Winmain.8250.0.120217-1520.x64FRE.Symbols.msi

Once downloaded, run the installer. When it has finished computing space requirements (this may take a while), click on Next. Check the option I accept the terms in the License Agreement and then click Next. The next screen allows you to change the storage location for the symbols, or you can accept the default location that has been chosen by the installer. I recommend that you change it by clicking on Browse and then setting the destination folder to C:\Symbols\ (create this folder if it doesn't exist). Click Next and then Install to continue. The symbols will now be installed in the chosen directory. Please be patient, as this will take some time. Click Finish when prompted.

The Debugger now needs configuring in order to access these symbols, so at the command prompt enter windbg. The main program will open. Click on File and Symbol File Path … (or use the Ctrl+S shortcut). In the dialogue box that appears, enter SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols and then click OK. Close and reopen the debugger to confirm the program update. You will be prompted to Save information for workspace? when closing the Debugger, choose Yes to continue (choose this option if prompted by this prompt in the future). The program will now consult the local folder for any required symbols, and automatically contact the Symbol Server for any that aren't present locally.

This is really good for people wanting to get into doing bsod analysis on the long term. For the short term, I recommend against it. Here's why -

Say there are crashes pointing to the video driver. Now almost all people are going to say "hey, let me roll back my video driver to this version or that" and in the meanwhile, just because it said the video driver is at fault, the truth is in may cases it is very likely not to be. Only really, really old ones are usually clearly to blame.

Even experienced bsod analysts very often say "update DirectX" or similar. That's not going to help.

Then there are network cases. Take for instance Zone Alarm and its notorious 0x7f netio.sys failures (because of poor config by end user). If he/she read the dump, they would then go and revert to old network drivers instead. Not good.

Same for AVG and the like. These are just some cases out of the hundreds an experienced bsod analyst will know right away while an amateur would be running around doing all the wrong things and ending up with an even bigger problem.

lol I've seen people say things like "Microsoft expletive here" because a kernal driver keeps crashing on them and Microsoft made it.

All that being said, anyone interested in learning for the long term more so than just analyzing "his/her dump" - p.m. are welcome.

And anyone going to jump in and start analyzing 8 crash dumps, you'll need to manually download and install the symbols. Things may have changed by now, but my debugger would not access 8 symbols at all on Microsoft's server:

Download Windows Symbol Packages

Symbol server has been intermittent for about 12 hours. Seems ok now.

Nice post/tutorial, this should be a Sticky.

Good information for those that want to start BSoD analysis.

Great post / tutorial, thanks!