Info
In 2017 Microsoft announced a preview version of a brand new WinDbg. It has more modern visuals, faster windows and uses the same underlying engine as WinDbg today, so all the commands extensions and workflows you’re used to will still work just as they did before. There are a lot of major changes, some of them under the hood and some of them really obvious. The menus are easier and more intuitive, setting up is easier, there is a dark theme and the layout can be adjusted to suit the way you work.
Danger
Please note that this version is still a preview, so there are some things that you should be aware of. At this point in the preview, WinDbg Preview is only available through the Windows Store. That means only devices running Windows 10 Anniversary Update or newer can install it. There might be some errors or bugs that are not yet fixed. However, from my experience it has worked perfectly for crash dump debugging and does have some improved automated analysis features that have given more accurate indications of the reason for the crash.
Contents
Installation
Settings
Command Line Startup
Crashdump example
Installation
The WinDbg Preview debugger is available in the Microsoft Store. It requires Windows 10 Anniversary Update to install. To install it, open the Microsoft Store and search for "WinDbg Preview", or click
here.
Once the app is located, click on it to download and install.
The WinDbg Preview coexists with the classic WinDbg debugger on the same machine, so you can work with both versions at the same time.
When you double-click on a dump file the WinDbg Preview will automatically start and load the crash dump file. If you want to open it using the old WinDbg you would need to right click and use the Open with... option to select the classic WinDbg
Settings
WinDbg Preview will work without any further setup but it is better to adjust some of the default settings. After launching WinDbgPreview navigate via File -> Settings to set the source and symbol path as well as choose the light or dark theme for the debugger.
Set up your symbol path to point to your local cache and the Microsoft server.
This is how I set mine, you can copy and paste to do the same:
Code:
SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
For more information see
Symbol Path for WinDbg
Command Line Start-up
After WinDbg Preview is installed, WinDbgX.exe is available to run from any directory location.
For further command line options please goto:
WinDbg Preview - Command Line Options
Worked Example
I have provided a test file
View attachment test.zip which I had from when an old Dell laptop was having BSODs. Download this and open the zip file, double-clicking on the included dump file. If everything has been done correctly the file should open in WinDbg Preview and you will see the following (showing with the dark theme):
View attachment 45607
That's it! You can then continue with the
tutorials that explain how to interpret the results. In this case click the link to !analyze -v and the automated analysis will begin. The following line towards the end of the analysis has the clue:
FAILURE_ID_HASH_STRING: km:av_code_av_paged_ip_
e1i63x64!interrupt_e1q_based::inthandlemnginterrupt
It was a network driver that needed further attention.