What is windbg?
windbg (formally name is Debugging Tools for Windows).
The Windows Debugger (WinDbg) can be used to debug kernel-mode and user-mode code, analyze crash dumps, and examine the CPU registers while the code executes.
You can get it from https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools
WinDbg是Microsoft Windows上的多用途调试器,可从微软网站上免费下载安装使用。可用于调试用户态下的应用程序、驱动程序,以及核心态下的操作系统自身。该软件是GUI界面,但与更为著名但功能稍弱的Visual Studio Debugger几乎完全不同。
WinDbg看调试核心态或用户态下的内存卸载文件。
WinDbg能从服务器自动装载匹配的调试符号文件,如PDB文件。调试符号文件在源代码文件与二进制可执行程序之间创建对应。Microsoft的公开的符号服务器提供了Windows 2000以后各版本操作系统及服务包的绝大部分符号。
WinDbg较新版本作为免费的Debugging Tools for Windows包的组成部分被发行,在WinDbg与命令行调试器前端如KD,CDB,NTSD之间共享了同一个调试器后端。
Setup symbols search path
Open File -> Symble File Path, fill up with:
C:\myProgramPDB;C:\Windows\symbols;srvD:\localsymbolshttp://msdl.microsoft.com/download/symbols
This includes your app symbols path and system symbols path.
srvE:\mysymbolshttp://msdl.microsoft.com/download/symbols
Analyze the core dump file
Open File -> Open Crash Dump, browser the dmp file you wish to analyze:
C:\Windows\LiveKernelReports\WATCHDOG\WD-20210702-0011.dmp
C:\Windows\LiveKernelReports\WATCHDOG\WD-20210629-2245.dmp
then wait some minutes(windbg will download symbols from the internet).
When windbgt is ready, run “!analyze -v” commmand to let windbg do some auto analyze job…
kb : Displays the first three parameters that are passed to each function in the stack trace
kc : Displays a clean stack trace. Each display line includes only the module name and the function name
.ecxr : displays the context record that is associated with the current exception
~ : 查看系统当前线程,使用*s命令切换线程,如需要切换到8号线程,可以使用命令:8s
Learn more
Windbg使用简明指南 https://www.cnblogs.com/daoyuly/p/3570037.html