How to Debug Crash Dumps using WinDbg in Windows 10

Whether you’ve encountered a performance slowdown or worse, the dreaded Blue Screen of Death (BSOD), a handy tool like Windows Debugger can prove its worth. Windows Debugger, also known as WinDbg, is a free diagnostic tool for the Windows operating system. This tool helps Windows users analyze crash dump files and determine which system component or driver has caused the failure.

WinDbg is essential for Windows users, especially IT professionals, system administrators, developers, and technically inclined users. The tool helps them discover why their PCs have crashed and what caused it, addressing issues while mitigating potential ones that may affect the computer in the future.

In this guide, we’ll explain the essentials of WinDbg, how to install it, set it up, and use Windows Debugger to troubleshoot crash dumps in Windows 10.

Prerequisites before using WinDbg

Before you’re able to leverage the benefits of WinDbg, here are a few requirements your system needs to meet:

• A Windows 10 PC with administrator rights
• One or more crash dump files:
  1. Mini dumps: Located at C:\Windows\Minidump\
  2. Full dumps: Located at C:\Windows\MEMORY.DMP
• Internet access (for downloading symbol files)
• WinDBG, available via Microsoft Store or the SDK installer

Installing WinDbg

There are two main ways to install Windows Debugger on your PC:

Option 1: Microsoft Store

Downloading and installing the WinDbg tool from the Microsoft Store is the more straightforward and user-friendly option. Here’s how:

1. Open the Microsoft Store.
2. Search for “WinDbg Preview”.
3. Click Install to download and install the latest version.

Option 2: Windows SDK Installer

WinDbg installation is also available through the Windows SDK installer. This method is preferred by more IT professionals and developers who want granular control over SDK components. Here’s how to do it:

1. Download the Windows 10 SDK from Microsoft.
2. Run the installer.
3. During setup, select only Debugging Tools for Windows to minimize installation size.

Setting up WinDbg

After installing WinDBG, follow these steps to set it up correctly:

1. Launch WinDBG as an administrator: Right-click the shortcut and choose “Run as administrator.”
2. Set the symbol path: This enables WinDBG to translate memory addresses into readable function names and filenames.

• • Go to File > Symbol File Path
  • Enter this path: SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols
  • Click OK to save.

Opening a crash dump

With WinDBG set up, you’re ready to analyze your first crash dump:

1. Go to File > Open Crash Dump
2. Navigate to one of the following:
   • C:\Windows\Minidump\ – for mini dumps (usually under 1MB)
   • C:\Windows\MEMORY.DMP – for full dumps (can be several GBs)
3. Select the desired .dmp file and click Open.

Analyzing the dump

Once the dump loads into the main window after doing the step above, proceed to these steps to analyze the dump:

1. In the command input at the bottom, type !analyze -v
2. Press Enter.
3. WinDBG will process the file and display a detailed analysis. This information is your starting point for understanding what triggered the crash. This includes:

• • Bug Check Code (e.g., 0x00000050 – PAGE_FAULT_IN_NONPAGED_AREA)
  • Faulting module or driver (e.g., dxgmms2.sys)
  • Call stack trace
  • Probable root cause

Interpreting results

After running !analyze -v, look for the following key sections:

• BUGCHECK_STR: Human-readable BSOD error name
• Probably caused by: The most likely offending driver or module
• IMAGE_NAME: The filename that triggered the crash
• Stack text: A stack trace showing the sequence of function calls before the crash

WinDbg cheat sheet/command reference

Here are some of the most commonly run commands when using Windows Debugger:

Command	Description
!analyze -v	Verbose analysis of the crash
lm	Lists all loaded modules/drivers
!thread	Displays current thread details
!process	Shows process context
!drivers	Lists loaded drivers*
kv	Shows stack trace with function parameters
.reload	Reloads symbol files
.symfix	Resets symbol path to default

*Note: !drivers may only be available in certain environments or with LiveKD.

💡 Tip: After opening a crash dump, always run `!analyze -v` first.

Common follow-up commands:

• Use lmvm DRIVERNAME (e.g., lmvm nvlddmkm) to get details about a specific driver.
• Use !sysinfo cpuspeed or !sysinfo smbios to check hardware info.

Troubleshooting tips

• Symbols not loading: If symbols don’t load, double-check your internet connection and symbol path.
• Mini dumps vs. full dumps: Full dumps provide more context than mini dumps, but are much larger.
• A simpler tool is needed: Use BlueScreenView for a quick, lightweight GUI alternative.
• Keeping system drivers up-to-date: Always update drivers and Windows after identifying a problematic component.

Windows Debugger: A useful tool for debugging crashes

WinDbg is an invaluable tool for diagnosing BSODs and crash dumps that may take time to resolve without the debugging tool. It allows users to trace errors back to specific drivers or processes. A few essential commands are enough to uncover most crash causes, helping IT professionals and technically inclined users to troubleshoot critical crash issues.

With a properly configured symbol path, WinDbg can show fast and accurate results. Combining it with regular system maintenance can help prevent future crashes, reducing PC users’ time and productivity loss.