The WinDbg (Windows Debugger) device has been round and supporting customers diagnose their BSODs and person software crashes on account that the days of Windows 7 and Windows Server 2008 R2. But getting to know WinDbg requires hiking a gaining knowledge of curve, and it takes a little whilst to determine out how matters work. Ditto for getting to know to force its command-heavy interface. However, Microsoft has supplied an alternate model based totally on UWP that is extra computerized and much, a good deal less difficult to examine and use.
UWP WinDbg will assist you with all of the distinct dump file sorts that Windows creates to seize error information, and it makes visualizing and analyzing their contents easy and straightforward. Before I give an explanation for the place and how to snatch WinDbg Preview, let me provide an explanation for a bit extra about what it does, beginning with dump files.
An Anatomy of Memory Dump File Types
You can examine extra deeply on this subject in the MS Docs object “Overview of reminiscence dump file choices for Windows.” According to that reference, Windows can create any of these reminiscence dump file kinds when a frightening error happens (quoted verbatim):
Complete reminiscence dump: captures the complete contents of machine reminiscence when a give up error (BSOD) occurs. It consists of statistics from techniques strolling when the dump used to be collected. To use the whole reminiscence dump option, your paging file ought to be configured on the boot quantity to be 1MB large than bodily RAM set up (on my PC, for example, with sixteen GB or 16,384 MB, that potential 16,385 MB). I seldom trouble with this form of dump file due to the fact it takes up copious area on the boot/system drive, and my computer doesn’t do that plenty paging recreation anyway. Conventional knowledge is that you can set this up if you want a entire reminiscence dump must Microsoft or a third-party seller ask you for you. Otherwise, they eat too a lot space.
Kernel reminiscence dump: information solely kernel memory, which is reminiscence that’s allotted to the OS kernel and the hardware abstraction layer (HAL), and to kernel-mode drivers and different kernel-mode programs. As MS itself says “this dump file is the most useful.”
Small reminiscence dump (64 KB): Captures minimal data about an error. For quit errors, for example, it grabs the cease message plus its parameters and related data. It additionally grabs a listing of loaded drivers, the processor content material block for the processor that stopped, records and kernel context for each the stopped procedure (EPROCESS) and the stopped execution thread (ETHREAD). Finally, it additionally grabs the kernel-mode name stack for the thread that stopped. By default small reminiscence dump archives stay in the %SystemRoot%\Minidump folder.
Automatic reminiscence dump: carries the identical data as a kernel reminiscence dump, however is created when Windows manages web page file dimension (that is, paging file is set to System managed size). Windows can monkey with the paging file measurement if a crash takes place and the paging file can’t seize all the data wished to gain a entire kernel reminiscence dump snapshot. See this Docs object for extra details: Automatic Memory Dump.
The 10,000-foot view of what WinDbg and WinDbg Preview do is to open Windows documents that cease in the dumpfile .dmp extension. Both equipment will let you discover these documents in vast depth. WinDbg Preview is preferable due to the fact it makes the job of exploration a lot easier. But first, here’s how to take hold of and installation a replica of WinDbg Preview.