Anyone experienced with WinDbg and BLUESCREENVIEW?

Discussion in 'Software for Windows' started by vegoen, Nov 2, 2012.

  1. vegoen

    vegoen Junior Member

    Joined:
    May 14, 2010
    Messages:
    17
    Likes Received:
    0
    I'm trying to discern which one is more beneficial? Which is better for what use? Essentially, both show me which .sys has crashed. Bluescreenview is easier to use, but does WinDbg offer any advantages? It claims to go "deeper" but can anyone quantify that in anyway? I've read a lot about it, but I haven't found where it really shines and brings solutions to solving BSOD.
     
  2. Nothinman

    Nothinman Elite Member

    Joined:
    Sep 14, 2001
    Messages:
    30,672
    Likes Received:
    0
    WinDbg is designed for people developing their own kernel mode drivers. Unless you're interested in trying to track down which function caused the BSOD, you shouldn't need to 'go deeper' than which driver crashed.
     
  3. vegoen

    vegoen Junior Member

    Joined:
    May 14, 2010
    Messages:
    17
    Likes Received:
    0
    Thank you for your reply.

    This is precisely what I want to do, try to re-create the driver scenario that caused the crash, "Force BSOD".

    For instance, I'm dealing with the ambiguous ""ntkrnlmp.exe" BSOD. This can be any hardware or software issue. In the WinDbg it shows the call stack as:

    STACK_TEXT:
    fffff880`0a06c888 fffff800`032f7b40 : 00000000`0000001a 00000000`00041790 fffffa80`0092cf10 00000000`0000ffff : nt!KeBugCheckEx
    fffff880`0a06c890 fffff800`0325d405 : ffffffff`00000000 00000000`0789ffff fffffa80`00000000 fffffa80`08291060 : nt! ?? ::FNODOBFM::`string'+0x355e4
    fffff880`0a06ca50 fffff800`0355d6da : fffff8a0`017f3050 00000000`00000001 00000000`00000000 fffffa80`08291060 : nt!MmCleanProcessAddressSpace+0x679
    fffff880`0a06caa0 fffff800`0353efb8 : 00000000`00000000 00000000`00000001 00000000`fffdb000 00000000`00000000 : nt!PspExitThread+0x56a
    fffff880`0a06cba0 fffff800`0328b453 : fffffa80`07977060 00000000`00000000 fffffa80`08291060 00000000`05595110 : nt!NtTerminateProcess+0x138
    fffff880`0a06cc20 00000000`771215da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0018dfc8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771215da

    This is the last memory transfers before the BSOD. I'm trying to figure out if I can discern exactly when, what and where caused the BSOD. Is it hardware, or is it software?

    In the case of the ntkrnl crashes, I DO need to track down the functions :)
     
  4. Bubbaleone

    Bubbaleone Golden Member

    Joined:
    Nov 20, 2011
    Messages:
    1,792
    Likes Received:
    2
    Posting just the call stack gives no insight to the problem you're having. Upload your latest small memory dump to a free file hosting site e.g., MediaFire, and post the download link. I'll analyze it for you with WinDbg.
     
  5. reallyscrued

    reallyscrued Platinum Member

    Joined:
    Jul 28, 2004
    Messages:
    2,604
    Likes Received:
    0
    This thread is about to get sexy.