Windows Crash Dump Analysis with the WinDbg Tool


Perform Crash Dump Analysis for Cisco Jabber for Windows

Use the WinDbg tool in order to perform crash dump analysis. Download the tool from the WinDbg website.

WinDbg Symbols Configuration

  1. In order to change the symbol path, navigate to File > Symbol File Path > Symbol Path.
  1. Paste this text into the window:
    SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
  1. Click OK.

Crash Dump Analysis in WinDbg

  1. Start WinDbg.
  1. From the File menu, click Open Crash Dump.
  2. Choose the .dmp (memory.dmp, user.dmp etc.) file, and click Open or drag and drop the .dmp file into WinDbg. This example uses the fulldump file.
  1. In the command window at the bottom, enter !analyze – v, and press Enter.
  1. You can see the progress of the analysis on the bottom-left of the screen. In this image, the status is “BUSY.”

    This command performs an analysis with a fully verbose display of data and is useful in order to obtain more information.
  1. In order to quit, enter q in the command window, and press Enter.

Here is an example of dump analyzer output:

> !analyze -v

<snip>

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be wrong.
02f4e80c 01457967 7ffdac00 00000104 02f4e86c 0x0
02f4e848 0145637d 00000001 02f4e86c 02f4ed58 wxvault+0x7967
02f4ea88 7c8138b7 7ffdac00 00000000 02f4eac8 wxvault+0x637d
02f4ed1c 009a436f 00b413b4 02f4ed58 00000000 
kernel32!FindFirstFileA+0x3a
02f4edb8 00000000 00000000 00000000 00000000 CUPCK9+0x5a436f

STACK_COMMAND: ~8s; .ecxr ; kb

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: wxvault+7967

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: wxvault

IMAGE_NAME: wxvault.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 450162c1

FAILURE_BUCKET_ID:
NULL_INSTRUCTION_PTR_c0000005_wxvault.dll!Unknown

BUCKET_ID:
APPLICATION_FAULT_NULL_INSTRUCTION_PTR_NULL_POINTER_READ_DETOURED_NULL_IP_
wxvault+7967

Examine the MODULE_NAME and the IMAGE_NAME. The information these provide, like wxvault.dll or CiscoJabber.exe, indicate what application caused the crash. In this case, the crash occurred because of issues with the Cisco Jabber.exe application and not with the user?s machine. A Google search shows that wxvault.dll is related to the DELL Embassy Trust Suite.

Source:

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/jabber-windows/116333-technote-windbg-00.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: