Learning BSOD Analysis: Getting Started
This is part 1 of the learning path “Learning BSOD Analysis” in this post we will cover all the tools you need and how to set them up, so you can start analyzing BSODs.
Getting the tools
To debug Windows Crash Dumps (BSOD dumps) you’ll need the right tools. We will use Windows Debugging Tools in this learning path.
You’ll first need to download and install it, you can download it here:
Windows 7 and below
Windows 8 and up
Installing the tools
After you’ve downloaded the correct debugging tools, you’ll need to install them. In this post I will use Windows 8 to install them, so if you downloaded the Windows 7 version things could look different.
- Start the installation process
- Set the installation path, I will use the default installation location, then click on Next
- Choose if you wish to join CEIP (it does not matter for the software) and then click on Next
- Read and accept the Software License
- Deselect all options, and only select Debugging tools for Windows.
- Click the Install button, then wait for the installation to complete.
Configuring the tools
Before you will be able to analyze crash dumps, you’ll need to set up the software, we will cover that part now.
- Open WinDbg (x64 or x86, I normally use x64)
- Click on File
- Click on Symbol File Path…
- Set the following file path:
- Click on OK
WinDbg is now installed and configured to be able to read dmp files created by a BSOD.
Opening a BSOD (dmp) file.
Another important thing to learn, is how to actually open a BSOD file created on your system and where to find them!
Finding the BSOD files.
Windows should normally automatically create a dmp file after the system has crashed, this dmp file includes all the information the system was doing at the moment of the crash. A sort of blackbox airplanes have.
The default location is: X:\Windows\MiniDumps\ (replace X with your operating system drive, C in most cases)
Opening the BSOD File.
WinDbg can only open one dmp file at a time, to open your dmp files within the program follow these steps:
- Click on File
- Click on Open Crash Dump
- Open the DMP file
This was part one of learning BSOD analysis, you should now be able to:
- Install Windbg
- Configure Windbg
- Finding a DMP File
- Opening a DMP File.
To continue read “Learning BSOD Analysis: Your first analysis in WinDbg”. Don’t forget to share it on your social media, other people might be interested in learning BSOD Analysis as well!