WinDbg: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Windows Software Development Kit == | |||
Windows SDK and emulator archive | Microsoft Developer | |||
https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/ | |||
Windows 10 SDK, version 10.0.17763.7010 Released in August 2025. Includes servicing update for CVE-2024-29187 | |||
Download:Install SDK | |||
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" | |||
<img src="https://i.imgur.com/eBTfj4E.png" width="400" /> | |||
<img src="https://i.imgur.com/VLZ5DsI.png" width="400" /> | |||
== WinDbg == | == WinDbg == | ||
Line 53: | Line 68: | ||
Note there may also be a C:\Windows\Minidump\xxxxx-xxxx-xx.dmp | Note there may also be a C:\Windows\Minidump\xxxxx-xxxx-xx.dmp | ||
== Debug Crash Dump == | |||
https://i.imgur.com/wA4BZ5N.png | |||
Sample: (caused by FTDI driver hang on system shutdown -- "IMAGE_NAME: ftdibus.sys") | |||
<pre> | |||
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64 | |||
Copyright (c) Microsoft Corporation. All rights reserved. | |||
Loading Dump File [C:\ci\windump\1307\MEMORY.DMP] | |||
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. | |||
Symbol search path is: srv* | |||
Executable search path is: | |||
Windows 10 Kernel Version 19041 MP (12 procs) Free x64 | |||
Product: WinNt, suite: TerminalServer SingleUserTS | |||
Built by: 19041.1.amd64fre.vb_release.191206-1406 | |||
Machine Name: | |||
Kernel base = 0xfffff803`7fe00000 PsLoadedModuleList = 0xfffff803`80a2a3b0 | |||
Debug session time: Tue Jul 22 09:24:54.965 2025 (UTC - 7:00) | |||
System Uptime: 0 days 13:33:05.547 | |||
Loading Kernel Symbols | |||
............................................................... | |||
................................................................ | |||
.................................................. | |||
Loading User Symbols | |||
Loading unloaded module list | |||
........... | |||
For analysis of this file, run !analyze -v | |||
4: kd> !analyze -v | |||
******************************************************************************* | |||
* * | |||
* Bugcheck Analysis * | |||
* * | |||
******************************************************************************* | |||
DRIVER_POWER_STATE_FAILURE (9f) | |||
A driver has failed to complete a power IRP within a specific time. | |||
Arguments: | |||
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp | |||
subsystem. | |||
Arg2: 000000000000012c, Timeout in seconds. | |||
Arg3: ffffc881c4ba0080, The thread currently holding on to the Pnp lock. | |||
Arg4: ffff9a05b085f840, nt!TRIAGE_9F_PNP on Win7 and higher | |||
Debugging Details: | |||
------------------ | |||
Implicit thread is now ffffc881`c4ba0080 | |||
KEY_VALUES_STRING: 1 | |||
Key : Analysis.CPU.Sec | |||
Value: 3 | |||
Key : Analysis.DebugAnalysisProvider.CPP | |||
Value: Create: 8007007e on MYDEBUGSYSTEM | |||
Key : Analysis.DebugData | |||
Value: CreateObject | |||
Key : Analysis.DebugModel | |||
Value: CreateObject | |||
Key : Analysis.Elapsed.Sec | |||
Value: 5 | |||
Key : Analysis.Memory.CommitPeak.Mb | |||
Value: 71 | |||
Key : Analysis.System | |||
Value: CreateObject | |||
BUGCHECK_CODE: 9f | |||
BUGCHECK_P1: 4 | |||
BUGCHECK_P2: 12c | |||
BUGCHECK_P3: ffffc881c4ba0080 | |||
BUGCHECK_P4: ffff9a05b085f840 | |||
DRVPOWERSTATE_SUBCODE: 4 | |||
IMAGE_NAME: ftdibus.sys | |||
MODULE_NAME: ftdibus | |||
FAULTING_MODULE: fffff80389170000 ftdibus | |||
BLACKBOXBSD: 1 (!blackboxbsd) | |||
BLACKBOXNTFS: 1 (!blackboxntfs) | |||
BLACKBOXPNP: 1 (!blackboxpnp) | |||
BLACKBOXWINLOGON: 1 | |||
PROCESS_NAME: System | |||
STACK_TEXT: | |||
ffff9a05`b085f808 fffff803`8030e256 : 00000000`0000009f 00000000`00000004 00000000`0000012c ffffc881`c4ba0080 : nt!KeBugCheckEx | |||
ffff9a05`b085f810 fffff803`807b5726 : 00000000`00000000 00000000`00000001 00000000`00000080 ffff9e01`6ec82180 : nt!PnpBugcheckPowerTimeout+0x76 | |||
ffff9a05`b085f870 fffff803`8001fb32 : ffff9a05`b13d72f0 ffff9e01`6ec82180 ffff9a05`b085fad8 00000000`00000000 : nt!PopBuildDeviceNotifyListWatchdog+0x16 | |||
ffff9a05`b085f8a0 fffff803`8001ebad : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001c65b4 : nt!KiProcessExpiredTimerList+0x172 | |||
ffff9a05`b085f990 fffff803`802028fe : ffffffff`00000000 ffff9e01`6ec82180 ffff9e01`6ec8d340 ffffc881`bfda60c0 : nt!KiRetireDpcList+0x5dd | |||
ffff9a05`b085fc20 00000000`00000000 : ffff9a05`b0860000 ffff9a05`b0859000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e | |||
STACK_COMMAND: .thread ; .cxr ; kb | |||
FAILURE_BUCKET_ID: 0x9F_4_ftser2k_IMAGE_ftdibus.sys | |||
OS_VERSION: 10.0.19041.1 | |||
BUILDLAB_STR: vb_release | |||
OSPLATFORM_TYPE: x64 | |||
OSNAME: Windows 10 | |||
FAILURE_ID_HASH: {fb837d18-3623-9a52-7b65-9432338fa06c} | |||
Followup: MachineOwner | |||
--------- | |||
</pre> | |||
== keywords == | == keywords == |
Latest revision as of 09:02, 2 October 2025
Windows Software Development Kit
Windows SDK and emulator archive | Microsoft Developer https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/
Windows 10 SDK, version 10.0.17763.7010 Released in August 2025. Includes servicing update for CVE-2024-29187 Download:Install SDK
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe"
WinDbg
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/
WinGet
See WinGet
winget install Microsoft.WinDbg
Choco
WinDBG part of SDK now.
https://community.chocolatey.org/packages/windows-sdk-10-version-2004-windbg
choco install windows-sdk-10-version-2004-windbg
--
Obsolete - https://community.chocolatey.org/packages/windbg
- This package is unlisted and hidden from package listings.
- https://disq.us/url?url=https%3A%2F%2Fgithub.com%2Fpauby%2FChocoPackages%2Fblob%2Fmaster%2Funlisted%2Fwindbg%2FREADME.md%3APs42oYwEa_QThBLMO4cqVwlJETU&cuid=2163236
Memory Dump Options
System failure:
- [X] Write an event to the system log
- [ ] Automatically restart
Write debugging information:
- (none)
- Small memory dump (256 KB)
- Kernel memory dump
- Complete memory dump <-- much more details
- Automatic memory dump <-- default
- Active memory dump
Dump file:
%SystemRoot%\MEMORY.DMP
Others:
- [ ] Overwrite any existing file
- [ ] Disable automatic deletion of memroy dumps when disk space is...
-
Note there may also be a C:\Windows\Minidump\xxxxx-xxxx-xx.dmp
Debug Crash Dump
Sample: (caused by FTDI driver hang on system shutdown -- "IMAGE_NAME: ftdibus.sys")
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\ci\windump\1307\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (12 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff803`7fe00000 PsLoadedModuleList = 0xfffff803`80a2a3b0 Debug session time: Tue Jul 22 09:24:54.965 2025 (UTC - 7:00) System Uptime: 0 days 13:33:05.547 Loading Kernel Symbols ............................................................... ................................................................ .................................................. Loading User Symbols Loading unloaded module list ........... For analysis of this file, run !analyze -v 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_POWER_STATE_FAILURE (9f) A driver has failed to complete a power IRP within a specific time. Arguments: Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp subsystem. Arg2: 000000000000012c, Timeout in seconds. Arg3: ffffc881c4ba0080, The thread currently holding on to the Pnp lock. Arg4: ffff9a05b085f840, nt!TRIAGE_9F_PNP on Win7 and higher Debugging Details: ------------------ Implicit thread is now ffffc881`c4ba0080 KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 3 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on MYDEBUGSYSTEM Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 5 Key : Analysis.Memory.CommitPeak.Mb Value: 71 Key : Analysis.System Value: CreateObject BUGCHECK_CODE: 9f BUGCHECK_P1: 4 BUGCHECK_P2: 12c BUGCHECK_P3: ffffc881c4ba0080 BUGCHECK_P4: ffff9a05b085f840 DRVPOWERSTATE_SUBCODE: 4 IMAGE_NAME: ftdibus.sys MODULE_NAME: ftdibus FAULTING_MODULE: fffff80389170000 ftdibus BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 PROCESS_NAME: System STACK_TEXT: ffff9a05`b085f808 fffff803`8030e256 : 00000000`0000009f 00000000`00000004 00000000`0000012c ffffc881`c4ba0080 : nt!KeBugCheckEx ffff9a05`b085f810 fffff803`807b5726 : 00000000`00000000 00000000`00000001 00000000`00000080 ffff9e01`6ec82180 : nt!PnpBugcheckPowerTimeout+0x76 ffff9a05`b085f870 fffff803`8001fb32 : ffff9a05`b13d72f0 ffff9e01`6ec82180 ffff9a05`b085fad8 00000000`00000000 : nt!PopBuildDeviceNotifyListWatchdog+0x16 ffff9a05`b085f8a0 fffff803`8001ebad : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001c65b4 : nt!KiProcessExpiredTimerList+0x172 ffff9a05`b085f990 fffff803`802028fe : ffffffff`00000000 ffff9e01`6ec82180 ffff9e01`6ec8d340 ffffc881`bfda60c0 : nt!KiRetireDpcList+0x5dd ffff9a05`b085fc20 00000000`00000000 : ffff9a05`b0860000 ffff9a05`b0859000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e STACK_COMMAND: .thread ; .cxr ; kb FAILURE_BUCKET_ID: 0x9F_4_ftser2k_IMAGE_ftdibus.sys OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {fb837d18-3623-9a52-7b65-9432338fa06c} Followup: MachineOwner ---------