Friday, December 16, 2011

How to set WinDbg as your Default Postmortem Debugger

In one of my my earlier post related to Microsoft Useful Apps and Powertoys for Windows, I already talked about WinDbg. WinDbg is a tool for debugging any Crash in a program. This tool automatically syncs up the required pdb files ie. The symols file from the MSDN and enables your machine to debug the problems. Refer http://http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx You can have a dump of your crash and investigate, or contact your administrator. In addition, you can also log a radar (defect/bug) on the Microsoft. (Also See http://en.wikipedia.org/wiki/WinDbg)

This time I m gonna xplain how to set WinDbg as a Default Windows Postmortem Debugger.

Usually Windows system has Dr. Watson as the default debugger. But undoubtedly, Windbg has upper hands.

So what you can do is as follows:
1. Try to Install the latest Windbg Debugging Tools for Windows:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
2. You can Set WinDbg as a default debugger by issuing the following command:
WinDbg -I
It is very important to note that the letter 'I' must be capitalized.



3. Create some folder where the dump will. Give it full read/write permissions.
4. Open Registry editor (Run->regedit at command line)
Go to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
It has the following value:
"C:\Program Files\Debugging Tools for Windows\windbg.exe" -p %ld -e %ld -g
Append this with following string:
-c '.dump /o /f C:\DMP\dmp1.dmp; q' -Q -QS -QY -QSY
The new key will have something like this :
"C:\Program Files\Debugging Tools for Windows\windbg.exe" -p %ld -e %ld -g -c '.dump /o /f C:\DMP\dmp1.dmp; q' -Q -QS -QY -QSY
[Lets assume here C:\DMP is the folder u wanna make dump creation folder]
5. Important to note the address of WinDbg, since it may vary depending on or OS being x86 or 64 bit.
6. Now it is set as postmortem debugger. In case of any crash now, windbg will pop-up saying the error is encounterd. Dump is stored in the folder allocated earlier.

You must remember the following:
a) Dump is not appended, so if there is some old dump, then that will be over-written
b) On some OS like Win Server 2k3, Win-XP XP and later, you can use the /ma switch instead of /f to save additional debugging information.

Readers can email me personally, as many regularly do, if they found the article helpful and wanna share how this helped them in their roles. Finding my email address is not at all any deal ;)
Cheers!!!
-Mohd Anwar Jamal Faiz

4 comments: