Getting Started with WinDbg Preview

philc43

BSOD Forum Moderator, BSOD Academy Instructor, BSOD Kernel Dump Expert
Staff member
Joined
Jul 7, 2017
Posts
1,963
Location
Cambridge, UK
Info

In 2017 Microsoft announced a preview version of a brand new WinDbg. It has more modern visuals, faster windows and uses the same underlying engine as WinDbg today, so all the commands extensions and workflows you’re used to will still work just as they did before. There are a lot of major changes, some of them under the hood and some of them really obvious. The menus are easier and more intuitive, setting up is easier, there is a dark theme and the layout can be adjusted to suit the way you work.



Danger

Please note that this version is still a preview, so there are some things that you should be aware of. At this point in the preview, WinDbg Preview is only available through the Windows Store. That means only devices running Windows 10 Anniversary Update or newer can install it. There might be some errors or bugs that are not yet fixed. However, from my experience it has worked perfectly for crash dump debugging and does have some improved automated analysis features that have given more accurate indications of the reason for the crash.



Contents


Installation
Settings
Command Line Startup
Crashdump example

Installation


The WinDbg Preview debugger is available in the Microsoft Store. It requires Windows 10 Anniversary Update to install. To install it, open the Microsoft Store and search for "WinDbg Preview", or click here.

Once the app is located, click on it to download and install.

The WinDbg Preview coexists with the classic WinDbg debugger on the same machine, so you can work with both versions at the same time.

When you double-click on a dump file the WinDbg Preview will automatically start and load the crash dump file. If you want to open it using the old WinDbg you would need to right click and use the Open with... option to select the classic WinDbg

Settings


WinDbg Preview will work without any further setup but it is better to adjust some of the default settings. After launching WinDbgPreview navigate via File -> Settings to set the source and symbol path as well as choose the light or dark theme for the debugger.

1568728102560.png



1568728219053.png


Set up your symbol path to point to your local cache and the Microsoft server.

This is how I set mine, you can copy and paste to do the same:
Code:
SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols

For more information see Symbol Path for WinDbg

Command Line Start-up


After WinDbg Preview is installed, WinDbgX.exe is available to run from any directory location.
For further command line options please goto: WinDbg Preview - Command Line Options

Worked Example


I have provided a test file View attachment test.zip which I had from when an old Dell laptop was having BSODs. Download this and open the zip file, double-clicking on the included dump file. If everything has been done correctly the file should open in WinDbg Preview and you will see the following (showing with the dark theme):

2019-04-01-3-png.45607

View attachment 45607

That's it! You can then continue with the tutorials that explain how to interpret the results. In this case click the link to !analyze -v and the automated analysis will begin. The following line towards the end of the analysis has the clue:

FAILURE_ID_HASH_STRING: km:av_code_av_paged_ip_e1i63x64!interrupt_e1q_based::inthandlemnginterrupt

It was a network driver that needed further attention.
 

Attachments

  • 2019-04-01.png
    2019-04-01.png
    9.8 KB · Views: 278
  • 2019-04-01 (1).png
    2019-04-01 (1).png
    16.7 KB · Views: 300
  • 2019-04-01 (3).png
    2019-04-01 (3).png
    58.3 KB · Views: 300
Last edited by a moderator:
For those students and instructors who have tried Preview please note that with the latest update released 11 Mar 2021 (App identified as V1.2103.1004) there have been improvements that result in the !sysinfo command working correctly and also the !pte command. There may be other fixes as well so it is well worth trying it out again.
 
Please note that this is still Preview software and prone to having bugs. The current version (Microsoft (R) Windows Debugger Version 10.0.22473.1003 AMD64) also listed as WinDBG 1.2110.27001.0 seems to have a problem and is best avoided. The basic !analyze command does not work.
 
I've been avoiding the Preview version for some time now because of issues like that. Do you know how long beta is meant to last for?
 
I've been avoiding the Preview version for some time now because of issues like that. Do you know how long beta is meant to last for?
I have no inside information on that but I suspect that the need to work with Windows 11 has caused the timeline for Preview to be extended.
 
Good news! The update today for WinDBG Preview has fixed the problem that I reported a few days ago. That's quite a rapid response and fix!

The current working version is 1.2111.9001.0
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top