WinDbg: Difference between revisions

From Omnia
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Windows Software Development Kit ==
Windows SDK and emulator archive | Microsoft Developer
https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/
Windows 10 SDK, version 10.0.17763.7010 Released in August 2025. Includes servicing update for CVE-2024-29187
Download:Install SDK
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe"
<img src="https://i.imgur.com/eBTfj4E.png" width="400" />
<img src="https://i.imgur.com/VLZ5DsI.png" width="400" />
== WinDbg ==
== WinDbg ==


Line 53: Line 68:


Note there may also be a C:\Windows\Minidump\xxxxx-xxxx-xx.dmp
Note there may also be a C:\Windows\Minidump\xxxxx-xxxx-xx.dmp
== Debug Crash Dump ==
https://i.imgur.com/wA4BZ5N.png
Sample: (caused by FTDI driver hang on system shutdown -- "IMAGE_NAME:  ftdibus.sys")
<pre>
Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\ci\windump\1307\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`7fe00000 PsLoadedModuleList = 0xfffff803`80a2a3b0
Debug session time: Tue Jul 22 09:24:54.965 2025 (UTC - 7:00)
System Uptime: 0 days 13:33:05.547
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
...........
For analysis of this file, run !analyze -v
4: kd> !analyze -v
*******************************************************************************
*                                                                            *
*                        Bugcheck Analysis                                    *
*                                                                            *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time.
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
subsystem.
Arg2: 000000000000012c, Timeout in seconds.
Arg3: ffffc881c4ba0080, The thread currently holding on to the Pnp lock.
Arg4: ffff9a05b085f840, nt!TRIAGE_9F_PNP on Win7 and higher
Debugging Details:
------------------
Implicit thread is now ffffc881`c4ba0080
KEY_VALUES_STRING: 1
    Key  : Analysis.CPU.Sec
    Value: 3
    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on MYDEBUGSYSTEM
    Key  : Analysis.DebugData
    Value: CreateObject
    Key  : Analysis.DebugModel
    Value: CreateObject
    Key  : Analysis.Elapsed.Sec
    Value: 5
    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 71
    Key  : Analysis.System
    Value: CreateObject
BUGCHECK_CODE:  9f
BUGCHECK_P1: 4
BUGCHECK_P2: 12c
BUGCHECK_P3: ffffc881c4ba0080
BUGCHECK_P4: ffff9a05b085f840
DRVPOWERSTATE_SUBCODE:  4
IMAGE_NAME:  ftdibus.sys
MODULE_NAME: ftdibus
FAULTING_MODULE: fffff80389170000 ftdibus
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME:  System
STACK_TEXT: 
ffff9a05`b085f808 fffff803`8030e256 : 00000000`0000009f 00000000`00000004 00000000`0000012c ffffc881`c4ba0080 : nt!KeBugCheckEx
ffff9a05`b085f810 fffff803`807b5726 : 00000000`00000000 00000000`00000001 00000000`00000080 ffff9e01`6ec82180 : nt!PnpBugcheckPowerTimeout+0x76
ffff9a05`b085f870 fffff803`8001fb32 : ffff9a05`b13d72f0 ffff9e01`6ec82180 ffff9a05`b085fad8 00000000`00000000 : nt!PopBuildDeviceNotifyListWatchdog+0x16
ffff9a05`b085f8a0 fffff803`8001ebad : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001c65b4 : nt!KiProcessExpiredTimerList+0x172
ffff9a05`b085f990 fffff803`802028fe : ffffffff`00000000 ffff9e01`6ec82180 ffff9e01`6ec8d340 ffffc881`bfda60c0 : nt!KiRetireDpcList+0x5dd
ffff9a05`b085fc20 00000000`00000000 : ffff9a05`b0860000 ffff9a05`b0859000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
STACK_COMMAND:  .thread ; .cxr ; kb
FAILURE_BUCKET_ID:  0x9F_4_ftser2k_IMAGE_ftdibus.sys
OS_VERSION:  10.0.19041.1
BUILDLAB_STR:  vb_release
OSPLATFORM_TYPE:  x64
OSNAME:  Windows 10
FAILURE_ID_HASH:  {fb837d18-3623-9a52-7b65-9432338fa06c}
Followup:    MachineOwner
---------
</pre>


== keywords ==
== keywords ==

Latest revision as of 09:02, 2 October 2025

Windows Software Development Kit

Windows SDK and emulator archive | Microsoft Developer
https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/
Windows 10 SDK, version 10.0.17763.7010	Released in August 2025. Includes servicing update for CVE-2024-29187
Download:Install SDK


"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe"

WinDbg

https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/

WinGet

See WinGet

winget install Microsoft.WinDbg

Choco

WinDBG part of SDK now.

https://community.chocolatey.org/packages/windows-sdk-10-version-2004-windbg
choco install windows-sdk-10-version-2004-windbg

--

Obsolete - https://community.chocolatey.org/packages/windbg

Memory Dump Options

System failure:

  • [X] Write an event to the system log
  • [ ] Automatically restart

Write debugging information:

  • (none)
  • Small memory dump (256 KB)
  • Kernel memory dump
  • Complete memory dump <-- much more details
  • Automatic memory dump <-- default
  • Active memory dump

Dump file:

%SystemRoot%\MEMORY.DMP

Others:

  • [ ] Overwrite any existing file
  • [ ] Disable automatic deletion of memroy dumps when disk space is...

u2xGuUh.png

aNiLtEX.png

IhRs5pW.png

-

Note there may also be a C:\Windows\Minidump\xxxxx-xxxx-xx.dmp

Debug Crash Dump

wA4BZ5N.png

Sample: (caused by FTDI driver hang on system shutdown -- "IMAGE_NAME: ftdibus.sys")


Microsoft (R) Windows Debugger Version 10.0.19041.685 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\ci\windump\1307\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`7fe00000 PsLoadedModuleList = 0xfffff803`80a2a3b0
Debug session time: Tue Jul 22 09:24:54.965 2025 (UTC - 7:00)
System Uptime: 0 days 13:33:05.547
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols

Loading unloaded module list
...........
For analysis of this file, run !analyze -v
4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time.
Arguments:
Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp
	subsystem.
Arg2: 000000000000012c, Timeout in seconds.
Arg3: ffffc881c4ba0080, The thread currently holding on to the Pnp lock.
Arg4: ffff9a05b085f840, nt!TRIAGE_9F_PNP on Win7 and higher

Debugging Details:
------------------

Implicit thread is now ffffc881`c4ba0080

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 3

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on MYDEBUGSYSTEM

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 5

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 71

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  9f

BUGCHECK_P1: 4

BUGCHECK_P2: 12c

BUGCHECK_P3: ffffc881c4ba0080

BUGCHECK_P4: ffff9a05b085f840

DRVPOWERSTATE_SUBCODE:  4

IMAGE_NAME:  ftdibus.sys

MODULE_NAME: ftdibus

FAULTING_MODULE: fffff80389170000 ftdibus

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  System

STACK_TEXT:  
ffff9a05`b085f808 fffff803`8030e256 : 00000000`0000009f 00000000`00000004 00000000`0000012c ffffc881`c4ba0080 : nt!KeBugCheckEx
ffff9a05`b085f810 fffff803`807b5726 : 00000000`00000000 00000000`00000001 00000000`00000080 ffff9e01`6ec82180 : nt!PnpBugcheckPowerTimeout+0x76
ffff9a05`b085f870 fffff803`8001fb32 : ffff9a05`b13d72f0 ffff9e01`6ec82180 ffff9a05`b085fad8 00000000`00000000 : nt!PopBuildDeviceNotifyListWatchdog+0x16
ffff9a05`b085f8a0 fffff803`8001ebad : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001c65b4 : nt!KiProcessExpiredTimerList+0x172
ffff9a05`b085f990 fffff803`802028fe : ffffffff`00000000 ffff9e01`6ec82180 ffff9e01`6ec8d340 ffffc881`bfda60c0 : nt!KiRetireDpcList+0x5dd
ffff9a05`b085fc20 00000000`00000000 : ffff9a05`b0860000 ffff9a05`b0859000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e


STACK_COMMAND:  .thread ; .cxr ; kb

FAILURE_BUCKET_ID:  0x9F_4_ftser2k_IMAGE_ftdibus.sys

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {fb837d18-3623-9a52-7b65-9432338fa06c}

Followup:     MachineOwner
---------

keywords