Often when you're looking at a dump file, you will need to get information about the hardware as well for different reasons. This can be because you need to check if the latest BIOS is installed, if the latest driver you spotted is installed, if there may be a compatibility problem, etc.
Fortunately, the logs from the Sysnative BSOD Collector app provide lots of hardware information in different files. You can use dxdiag, msinfo32, systeminfo, and sometimes even the event logs to name a few to get information on the hardware. There is, however, a limit to what these files can show. Sure, those files have a lot of information about what is there, but do you know at what speed some hardware was running at the time of the crash or what voltage was being used? This is where !sysinfo comes in.
It is a pity to see that not that many use !sysinfo with its varying parameters. If you would be able to use the files provided accordingly then you would not need to ask if there is a BIOS update available, what speed the CPU is running, or how the RAM is seated. You would not need to ask what RAM was installed and at what speed it was running.
Note that there is a lot of technical information accessible about a computer with !sysinfo, this guide will show what it means and where to find it. This guide is not going to cover all the details, as you will find out shortly, there is simply too much to cover.
!sysinfo has quite a few parameters you can use to get hardware related information. As you can see, there are 2 square brackets surrounding different options. While they're all parameters, any with a minus (-) in front of them allows you to manipulate the data, let's call those flags. Although there are more of such flags (-devices, -memory, ...), only -csv and -noheaders are applicable to all parameters. Other flags are applicable to smbios only.
Cpuinfo - as you can expect from its parameter name - shows information about the CPU. The lines which you are likely going to need a lot are the ~MHz and ProcessorNameString. The first one shows at what speed the processor ran at the time of a crash. The latter is the make and model of the CPU and its base speed. Other potential interesting lines may be VendorIdentifier: a string that is used to identify a CPU vendor that you may see frequently in the verbose analysis (depending on the version of Windbg you have) and Identifier which shows some technical data about the CPU, the CPU family and microarchitecture.
Cpuspeed, according to the official documentation shows the maximum speed along with the current speed at which the processor ran at the time of a crash. This does not make much sense because the maximum speed always shows the base speed. Regardless, if you want to quickly see the current speed, this parameter will be more interesting. When you know the speed at which the processor ran and the model (or CPUID) of the processor you could do a quick look-up (if needed) and check if the current speed exceeds the max boost clock (AMD) or the max turbo frequency (Intel), are the maximum frequencies at which a specific processor is designed to run without any overclocking. Do note that an overclock is still possible even if the current speed does not exceed the max turbo frequency or the max boost clock.
Gbl: unless you're going to be dealing with a lot of ACPI (Advanced Configuration and Power Interface) related crashes this may or may not be interesting. Gbl shows the BIOS list of ACPI tables from the system that crashed. Only a few fields are shown below. You may have noticed DBGP is mentioned every time; DBGP stands for debug port. Microsoft requires debug ports to be available on all systems; the link below provides a download for a document that describes the meaning of the fields. Note that this document is version 2 (DBGP2), version 1 (DBGP) can be found here if you're interested, but be aware that version 1 is archived and may not be accurate. One table describes the configuration of one or more independent debugging ports. According to version 2, there are three such tables of which one is partially shown implying that a particular debug port has been configured with these fields. If you use this command with this parameter and see something like this, it simply indicates that the system includes a debug port, not that we can use it or anything.
Microsoft Debug Port Table 2 (DBG2) - Windows 10 hardware dev
Machineid: with this parameter Windbg will show you information from the SMBIOS, BIOS, firmware, system, and motherboard (baseboard). This is one of two parameters that shows information about the motherboard, the next parameter will also show information about the motherboard, but it's not easy to find with all the information the next parameter shows in its base. That's why I prefer this parameter when I want to see what BIOS and motherboard are installed.
From the above output, you can see BIOS related information about the version and release date, System related information and BaseBoard related information. For those curious, the System entries (SystemFamily, SystemVersion, SystemSKU) will be present whenever the computer is an OEM. In case, the motherboard did not come from the OEM. This usually happens with custom built laptops that were custom built by a company.
Smbios: with this parameter you get a lot of information from the SMBIOS table. You will find BIOS information, motherboard information, CPU information, speed, voltage, RAM model amongst other things.
Lots of information; let's break it up.
These few lines could be considered as header data, regardless of which flag you use to filter data from smbios, as you will see below. It displays the version of the SMBIOS table; the version of the DMI (Desktop Management Interface); the version of Calling Convention and whether it's enabled, and the size of the SMBIOS table in bytes. DMI is a framework for managing and tracking components in a computer. Calling Convention is specific for ARM processors that describes a prefined way of using registers and making subroutine calls.
The following portion is system-related data. What you see in this portion is subject to change, as not every computer will have the same system-related data, which means that for some computers this portion may be longer or shorter with different data. What you see here is BIOS related information like the version and release date, as well as, what the BIOS supports, information about the vendor of the motherboard or laptop and some cache information about the CPU. Again, this is subject to change and in some dumps you may not see data like the below.
The following portion is about the CPU. You can use this information to see whether the voltage of the CPU has been adjusted - a trick for potentially detecting overclocking - labeled as Processor Voltage. Other information about the CPU that is shown is mostly duplicate with other !sysinfo options. Note, that this is the only place in !sysinfo where you can find the voltage of the CPU.
This is the final, but largest portion of SMBIOS and shows information about the installed RAM. There is some technical information on memory error handling, but thereafter, if you look carefully, you can notice that it is possible to detect where RAM modules are installed. What I like to do to do this quickly, is go to the last parts of this portion and go up searching for Part Number which may have something or nothing. If there is something, then in that slot a RAM module is installed. Part Number is the last line of a subportion identifying one RAM module, and a few lines above it you can find the speed at which the RAM module was operating. This in turn can be used to detect if XMP is used.
There is one parameter left: !sysinfo registers. I expect you won't use this parameter all that much so I won't explain it. You can find a brief explanation about it in Help > Index in WinDbg, but it basically shows machine-specific registers.
I strongly encourage everyone to play with this extension, the above is merely basics on !sysinfo, and if you noticed I actually skipped some parameters which allow for specifying what and how you want to display things. Most of these parameters are applicable for the SMBIOS parameter, an example below shows all processor related information from the SMBIOS.
WinDbg would not be quite as powerful as it is if you would not be able to combine them. As such, you can combine processor and power information from the SMBIOS.
While this is incredibly useful at times, there is a drawback. As you may have noticed, quite a bit of information is retrieved from different sources: ACPI, SMBIOS, the firmware, the system and the motherboard. ACPI may be disabled in the BIOS, for instance, making parts of !sysinfo parameters useless. For quick reference, ACPI is a standard specification on how to efficiently handle power consumption by desktop and laptop. The most common drawback is related to the SMBIOS. SMBIOS, System Management BIOS, is another standard that defines structures and methods to access management information from the BIOS. Microsoft developed a driver called mssmbios.sys that implements this standard. Drivers can load and unload at any given moment theoretically, therefore it is possible that the SMBIOS information will not be available in a dump which happens when the mssmbios.sys driver is not loaded during the crash. When that happens, you see the following in the dump
Quite a few parameters of !sysinfo rely on mssmbios.sys driver being loaded, including cpuinfo, cpuspeed, machineid and smbios. Every time you try to run any of the commands that need mssmbios.sys to be loaded you will see this message again and again for each command that is run.
The information !sysinfo provides is a lot and can be daunting, the key here is to give yourself time and go over it slowly. I often still need to go slowly over things so that I don't miss what I am looking for, which is usually the RAM information. Remember that you do not need to understand everything, you just need to pick the relevant portions that you are looking for and use it.
A tip I would encourage everyone to do, add !sysinfo commands to automatically run every time you open dump files. I have a few !sysinfo commands running by default, smbios, machineid and cpuspeed, in that order. That way I can almost instantly detect overclocking with the CPU as that's done most often. It also shows me the motherboard and BIOS information that I can use to see if the BIOS is updated or not if needed. Lastly, I can check whether the RAM is seated in slots that the motherboard manual recommends, if XMP is used and the RAM make/model. In the SMBIOS RAM part, you can see the following
If Part Number is not specified I know that slot is not used. If you're going to check the 2, 4, or more of these slots you could easily see which ones are used. Usually, the slots used should be 1 and 3 or 2 and 4. If I see there's no slot in between the used slots that is empty, I can check the motherboard manual and look at what the recommended seating is. This is necessary to support dual-channel or quad-channel configurations.
As you can tell by now, !sysinfo not only provides a lot of information, if you learn to use it accordingly then there's no need for questions such as at what speed is the CPU or RAM running, how is the RAM seated, is XMP used and more.
Fortunately, the logs from the Sysnative BSOD Collector app provide lots of hardware information in different files. You can use dxdiag, msinfo32, systeminfo, and sometimes even the event logs to name a few to get information on the hardware. There is, however, a limit to what these files can show. Sure, those files have a lot of information about what is there, but do you know at what speed some hardware was running at the time of the crash or what voltage was being used? This is where !sysinfo comes in.
It is a pity to see that not that many use !sysinfo with its varying parameters. If you would be able to use the files provided accordingly then you would not need to ask if there is a BIOS update available, what speed the CPU is running, or how the RAM is seated. You would not need to ask what RAM was installed and at what speed it was running.
Note that there is a lot of technical information accessible about a computer with !sysinfo, this guide will show what it means and where to find it. This guide is not going to cover all the details, as you will find out shortly, there is simply too much to cover.
!sysinfo has quite a few parameters you can use to get hardware related information. As you can see, there are 2 square brackets surrounding different options. While they're all parameters, any with a minus (-) in front of them allows you to manipulate the data, let's call those flags. Although there are more of such flags (-devices, -memory, ...), only -csv and -noheaders are applicable to all parameters. Other flags are applicable to smbios only.
Code:
2: kd> !sysinfo
!sysinfo [ cpuinfo | cpumicrocode | cpuspeed | gbl | machineid | registers | smbios ] [-csv | -noheaders]Cpuinfo - as you can expect from its parameter name - shows information about the CPU. The lines which you are likely going to need a lot are the ~MHz and ProcessorNameString. The first one shows at what speed the processor ran at the time of a crash. The latter is the make and model of the CPU and its base speed. Other potential interesting lines may be VendorIdentifier: a string that is used to identify a CPU vendor that you may see frequently in the verbose analysis (depending on the version of Windbg you have) and Identifier which shows some technical data about the CPU, the CPU family and microarchitecture.
Rich (BB code):
2: kd> !sysinfo cpuinfo
[CPU Information]
~MHz = REG_DWORD 4008
Component Information = REG_BINARY 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
Configuration Data = REG_FULL_RESOURCE_DESCRIPTOR ff,ff,ff,ff,ff,ff,ff,ff,0,0,0,0,0,0,0,0
Identifier = REG_SZ Intel64 Family 6 Model 94 Stepping 3
ProcessorNameString = REG_SZ Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Update Status = REG_DWORD 2
VendorIdentifier = REG_SZ GenuineIntel
MSR8B = REG_QWORD 7c00000000Cpuspeed, according to the official documentation shows the maximum speed along with the current speed at which the processor ran at the time of a crash. This does not make much sense because the maximum speed always shows the base speed. Regardless, if you want to quickly see the current speed, this parameter will be more interesting. When you know the speed at which the processor ran and the model (or CPUID) of the processor you could do a quick look-up (if needed) and check if the current speed exceeds the max boost clock (AMD) or the max turbo frequency (Intel), are the maximum frequencies at which a specific processor is designed to run without any overclocking. Do note that an overclock is still possible even if the current speed does not exceed the max turbo frequency or the max boost clock.
Code:
2: kd> !sysinfo cpuspeed
CPUID: "Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz"
MaxSpeed: 4000
CurrentSpeed: 4008Gbl: unless you're going to be dealing with a lot of ACPI (Advanced Configuration and Power Interface) related crashes this may or may not be interesting. Gbl shows the BIOS list of ACPI tables from the system that crashed. Only a few fields are shown below. You may have noticed DBGP is mentioned every time; DBGP stands for debug port. Microsoft requires debug ports to be available on all systems; the link below provides a download for a document that describes the meaning of the fields. Note that this document is version 2 (DBGP2), version 1 (DBGP) can be found here if you're interested, but be aware that version 1 is archived and may not be accurate. One table describes the configuration of one or more independent debugging ports. According to version 2, there are three such tables of which one is partially shown implying that a particular debug port has been configured with these fields. If you use this command with this parameter and see something like this, it simply indicates that the system includes a debug port, not that we can use it or anything.
Microsoft Debug Port Table 2 (DBG2) - Windows 10 hardware dev
Code:
2: kd> !sysinfo gbl
[ACPI Good Bios List]
[DBGP - 1346847300 bytes]
AcpiOemID="DBGP","DBGP4"
AcpiOemTableId="DBGP","DBGP4"
AcpiOemRevision=">=","DBGP",1346847300
AcpiRevision=">=","DBGP",68
AcpiCreatorRevision=">=","DBGP",1346847300Machineid: with this parameter Windbg will show you information from the SMBIOS, BIOS, firmware, system, and motherboard (baseboard). This is one of two parameters that shows information about the motherboard, the next parameter will also show information about the motherboard, but it's not easy to find with all the information the next parameter shows in its base. That's why I prefer this parameter when I want to see what BIOS and motherboard are installed.
Code:
2: kd> !sysinfo machineid
Machine ID Information [From Smbios 3.0, DMIVersion 0, Size=3314]
BiosMajorRelease = 5
BiosMinorRelease = 11
BiosVendor = EVOC
BiosVersion = 1.05.03EVOC v1.5
BiosReleaseDate = 03/27/2016
SystemManufacturer = EVOC
SystemProductName = P870DM-G
SystemFamily = Not Applicable
SystemVersion = Not Applicable
SystemSKU = Not Applicable
BaseBoardManufacturer = EVOC
BaseBoardProduct = P870DM-G powered by premamod.com
BaseBoardVersion =Smbios: with this parameter you get a lot of information from the SMBIOS table. You will find BIOS information, motherboard information, CPU information, speed, voltage, RAM model amongst other things.
Code:
2: kd> !sysinfo smbios
[SMBIOS Data Tables v3.0]
[DMI Version - 0]
[2.0 Calling Convention - No]
[Table Size - 3314 bytes]
[BIOS Information (Type 0) - Length 24 - Handle 0000h]
Vendor EVOC
BIOS Version 1.05.03EVOC v1.5
BIOS Starting Address Segment f000
BIOS Release Date 03/27/2016
BIOS ROM Size 500000
BIOS Characteristics
07: - PCI Supported
11: - Upgradeable FLASH BIOS
12: - BIOS Shadowing Supported
15: - CD-Boot Supported
16: - Selectable Boot Supported
17: - BIOS ROM Socketed
19: - EDD Supported
26: - Print Screen Device Supported
27: - Keyboard Services Supported
29: - Printer Services Supported
32: - BIOS Vendor Reserved
BIOS Characteristic Extensions
00: - ACPI Supported
01: - USB Legacy Supported
08: - BIOS Boot Specification Supported
10: - Enable Targeted Content Distribution
11: - UEFI Specification Supported
BIOS Major Revision 5
BIOS Minor Revision 11
EC Firmware Major Revision 255
EC Firmware Minor Revision 255
[System Information (Type 1) - Length 27 - Handle 0001h]
Manufacturer EVOC
Product Name P870DM-G
Version Not Applicable
Serial Number Not Applicable
UUID 00000000-0000-0000-0000-000000000000
Wakeup Type Power Switch
SKUNumber Not Applicable
Family Not Applicable
[BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
Manufacturer EVOC
Product P870DM-G powered by premamod.com
Version
Serial Number Not Applicable
Asset Tag
Feature Flags 09h
00: - Motherboard
03: - Replaceable
Location Not Applicable
Chassis Handle 0003h
Board Type 0ah - Processor/Memory Module
Number of Child Handles 0
[System Enclosure (Type 3) - Length 22 - Handle 0003h]
Manufacturer EVOC
Chassis Type Notebook
Version N/A
Serial Number
Asset Tag Number
Bootup State Safe
Power Supply State Safe
Thermal State Safe
Security Status None
OEM Defined 0
Height 0U
Number of Power Cords 1
Number of Contained Elements 0
Contained Element Size 0
[Onboard Devices Information (Type 10) - Length 8 - Handle 0014h]
Number of Devices 2
01: Type Sound [enabled]
01: Description HD-Audio
02: Type Ethernet [enabled]
02: Description Giga Lan
[OEM Strings (Type 11) - Length 5 - Handle 0015h]
Number of Strings 5
1 Brand: EVOC
2 Model: P870DM-G
3 Website: hidevolution.com
4 Contact: suppport@hidevolution.com
5 BIOS:1.05.03EVOC v1.5
[System Configuration Options (Type 12) - Length 5 - Handle 0016h]
[Cache Information (Type 7) - Length 19 - Handle 0018h]
Socket Designation L1 Cache
Cache Configuration 0180h - WB Enabled Int NonSocketed L1
Maximum Cache Size 0080h - 128K
Installed Size 0080h - 128K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type ParitySingle-Bit ECC
System Cache Type Data
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 0019h]
Socket Designation L1 Cache
Cache Configuration 0180h - WB Enabled Int NonSocketed L1
Maximum Cache Size 0080h - 128K
Installed Size 0080h - 128K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type ParitySingle-Bit ECC
System Cache Type Instruction
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 001ah]
Socket Designation L2 Cache
Cache Configuration 0181h - WB Enabled Int NonSocketed L2
Maximum Cache Size 0400h - 1024K
Installed Size 0400h - 1024K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type Multi-Bit ECC
System Cache Type Unified
Associativity 4-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 001bh]
Socket Designation L3 Cache
Cache Configuration 0182h - WB Enabled Int NonSocketed L3
Maximum Cache Size 2000h - 8192K
Installed Size 2000h - 8192K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type Specification Reserved
System Cache Type Unified
Associativity 16-way Set-Associative
[Processor Information (Type 4) - Length 48 - Handle 001ch]
Socket Designation U3E1
Processor Type Central Processor
Processor Family c6h - Specification Reserved
Processor Manufacturer Intel(R) Corporation
Processor ID e3060500fffbebbf
Processor Version Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Processor Voltage 8dh - 1.3V
External Clock 100MHz
Max Speed 8300MHz
Current Speed 4000MHz
Status Enabled Populated
Processor Upgrade Other
L1 Cache Handle 0019h
L2 Cache Handle 001ah
L3 Cache Handle 001bh
Serial Number
Asset Tag Number
Part Number To Be Filled By O.E.M.
[Physical Memory Array (Type 16) - Length 23 - Handle 001dh]
Location 03h - SystemBoard/Motherboard
Use 03h - System Memory
Memory Error Correction 03h - None
Maximum Capacity 67108864KB
Memory Error Inf Handle [Not Provided]
Number of Memory Devices 4
[Memory Device (Type 17) - Length 40 - Handle 001eh]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 0 bits
Data Width 0 bits
Size [Not Populated]
Form Factor 02h - Unknown
Device Set [None]
Device Locator ChannelA-DIMM0
Bank Locator BANK 0
Memory Type 02h - Unknown
Type Detail 0000h -
Speed 0MHz
Manufacturer [String Not Specified]
Serial Number [String Not Specified]
Asset Tag Number [String Not Specified]
Part Number [String Not Specified]
[Memory Device (Type 17) - Length 40 - Handle 001fh]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 16384MB
Form Factor 0dh - SODIMM
Device Set [None]
Device Locator ChannelA-DIMM1
Bank Locator BANK 1
Memory Type 1ah - Specification Reserved
Type Detail 0080h - Synchronous
Speed 2667MHz
Manufacturer 0420
Serial Number
Asset Tag Number
Part Number F4-2666C18-16GRS
[Memory Device (Type 17) - Length 40 - Handle 0020h]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 0 bits
Data Width 0 bits
Size [Not Populated]
Form Factor 02h - Unknown
Device Set [None]
Device Locator ChannelB-DIMM0
Bank Locator BANK 2
Memory Type 02h - Unknown
Type Detail 0000h -
Speed 0MHz
Manufacturer [String Not Specified]
Serial Number [String Not Specified]
Asset Tag Number [String Not Specified]
Part Number [String Not Specified]
[Memory Device (Type 17) - Length 40 - Handle 0021h]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 16384MB
Form Factor 0dh - SODIMM
Device Set [None]
Device Locator ChannelB-DIMM1
Bank Locator BANK 3
Memory Type 1ah - Specification Reserved
Type Detail 0080h - Synchronous
Speed 2667MHz
Manufacturer 0420
Serial Number
Asset Tag Number
Part Number F4-2666C18-16GRS
[Memory Array Mapped Address (Type 19) - Length 31 - Handle 0022h]
Starting Address 00000000h
Ending Address 01ffffffh
Memory Array Handle 001dh
Partition Width 02
Extended Starting Address 0000000000000000h
Extended Ending Address 0000000000000000h
[Memory Device Mapped Address (Type 20) - Length 35 - Handle 0024h]
Starting Address 00000000h
Ending Address 00ffffffh
Memory Device Handle 001fh
Mem Array Mapped Adr Handle 0022h
Partition Row Position [Unknown]
Interleave Position 01
Interleave Data Depth 02
Extended Starting Address 0000000000000000h
Extended Ending Address 0000000000000000h
[Memory Device Mapped Address (Type 20) - Length 35 - Handle 0025h]
Starting Address 01000000h
Ending Address 01ffffffh
Memory Device Handle 0021h
Mem Array Mapped Adr Handle 0022h
Partition Row Position [Unknown]
Interleave Position 02
Interleave Data Depth 02
Extended Starting Address 0000000000000000h
Extended Ending Address 0000000000000000hThese few lines could be considered as header data, regardless of which flag you use to filter data from smbios, as you will see below. It displays the version of the SMBIOS table; the version of the DMI (Desktop Management Interface); the version of Calling Convention and whether it's enabled, and the size of the SMBIOS table in bytes. DMI is a framework for managing and tracking components in a computer. Calling Convention is specific for ARM processors that describes a prefined way of using registers and making subroutine calls.
Code:
[SMBIOS Data Tables v3.0]
[DMI Version - 0]
[2.0 Calling Convention - No]
[Table Size - 3314 bytes]The following portion is system-related data. What you see in this portion is subject to change, as not every computer will have the same system-related data, which means that for some computers this portion may be longer or shorter with different data. What you see here is BIOS related information like the version and release date, as well as, what the BIOS supports, information about the vendor of the motherboard or laptop and some cache information about the CPU. Again, this is subject to change and in some dumps you may not see data like the below.
Code:
[BIOS Information (Type 0) - Length 24 - Handle 0000h]
Vendor EVOC
BIOS Version 1.05.03EVOC v1.5
BIOS Starting Address Segment f000
BIOS Release Date 03/27/2016
BIOS ROM Size 500000
BIOS Characteristics
07: - PCI Supported
11: - Upgradeable FLASH BIOS
12: - BIOS Shadowing Supported
15: - CD-Boot Supported
16: - Selectable Boot Supported
17: - BIOS ROM Socketed
19: - EDD Supported
26: - Print Screen Device Supported
27: - Keyboard Services Supported
29: - Printer Services Supported
32: - BIOS Vendor Reserved
BIOS Characteristic Extensions
00: - ACPI Supported
01: - USB Legacy Supported
08: - BIOS Boot Specification Supported
10: - Enable Targeted Content Distribution
11: - UEFI Specification Supported
BIOS Major Revision 5
BIOS Minor Revision 11
EC Firmware Major Revision 255
EC Firmware Minor Revision 255
[System Information (Type 1) - Length 27 - Handle 0001h]
Manufacturer EVOC
Product Name P870DM-G
Version Not Applicable
Serial Number Not Applicable
UUID 00000000-0000-0000-0000-000000000000
Wakeup Type Power Switch
SKUNumber Not Applicable
Family Not Applicable
[BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
Manufacturer EVOC
Product P870DM-G powered by premamod.com
Version
Serial Number Not Applicable
Asset Tag
Feature Flags 09h
00: - Motherboard
03: - Replaceable
Location Not Applicable
Chassis Handle 0003h
Board Type 0ah - Processor/Memory Module
Number of Child Handles 0
[System Enclosure (Type 3) - Length 22 - Handle 0003h]
Manufacturer EVOC
Chassis Type Notebook
Version N/A
Serial Number
Asset Tag Number
Bootup State Safe
Power Supply State Safe
Thermal State Safe
Security Status None
OEM Defined 0
Height 0U
Number of Power Cords 1
Number of Contained Elements 0
Contained Element Size 0
[Onboard Devices Information (Type 10) - Length 8 - Handle 0014h]
Number of Devices 2
01: Type Sound [enabled]
01: Description HD-Audio
02: Type Ethernet [enabled]
02: Description Giga Lan
[OEM Strings (Type 11) - Length 5 - Handle 0015h]
Number of Strings 5
1 Brand: EVOC
2 Model: P870DM-G
3 Website: hidevolution.com
4 Contact: suppport@hidevolution.com
5 BIOS:1.05.03EVOC v1.5
[System Configuration Options (Type 12) - Length 5 - Handle 0016h]
[Cache Information (Type 7) - Length 19 - Handle 0018h]
Socket Designation L1 Cache
Cache Configuration 0180h - WB Enabled Int NonSocketed L1
Maximum Cache Size 0080h - 128K
Installed Size 0080h - 128K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type ParitySingle-Bit ECC
System Cache Type Data
Associativity 8-way Set-AssociativeThe following portion is about the CPU. You can use this information to see whether the voltage of the CPU has been adjusted - a trick for potentially detecting overclocking - labeled as Processor Voltage. Other information about the CPU that is shown is mostly duplicate with other !sysinfo options. Note, that this is the only place in !sysinfo where you can find the voltage of the CPU.
Code:
[Processor Information (Type 4) - Length 48 - Handle 001ch]
Socket Designation U3E1
Processor Type Central Processor
Processor Family c6h - Specification Reserved
Processor Manufacturer Intel(R) Corporation
Processor ID e3060500fffbebbf
Processor Version Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Processor Voltage 8dh - 1.3V
External Clock 100MHz
Max Speed 8300MHz
Current Speed 4000MHz
Status Enabled Populated
Processor Upgrade Other
L1 Cache Handle 0019h
L2 Cache Handle 001ah
L3 Cache Handle 001bh
Serial Number
Asset Tag Number
Part Number To Be Filled By O.E.M.This is the final, but largest portion of SMBIOS and shows information about the installed RAM. There is some technical information on memory error handling, but thereafter, if you look carefully, you can notice that it is possible to detect where RAM modules are installed. What I like to do to do this quickly, is go to the last parts of this portion and go up searching for Part Number which may have something or nothing. If there is something, then in that slot a RAM module is installed. Part Number is the last line of a subportion identifying one RAM module, and a few lines above it you can find the speed at which the RAM module was operating. This in turn can be used to detect if XMP is used.
Code:
[Physical Memory Array (Type 16) - Length 23 - Handle 001dh]
Location 03h - SystemBoard/Motherboard
Use 03h - System Memory
Memory Error Correction 03h - None
Maximum Capacity 67108864KB
Memory Error Inf Handle [Not Provided]
Number of Memory Devices 4
[Memory Device (Type 17) - Length 40 - Handle 001eh]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 0 bits
Data Width 0 bits
Size [Not Populated]
Form Factor 02h - Unknown
Device Set [None]
Device Locator ChannelA-DIMM0
Bank Locator BANK 0
Memory Type 02h - Unknown
Type Detail 0000h -
Speed 0MHz
Manufacturer [String Not Specified]
Serial Number [String Not Specified]
Asset Tag Number [String Not Specified]
Part Number [String Not Specified]
[Memory Device (Type 17) - Length 40 - Handle 001fh]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 16384MB
Form Factor 0dh - SODIMM
Device Set [None]
Device Locator ChannelA-DIMM1
Bank Locator BANK 1
Memory Type 1ah - Specification Reserved
Type Detail 0080h - Synchronous
Speed 2667MHz
Manufacturer 0420
Serial Number
Asset Tag Number
Part Number F4-2666C18-16GRS
[Memory Device (Type 17) - Length 40 - Handle 0020h]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 0 bits
Data Width 0 bits
Size [Not Populated]
Form Factor 02h - Unknown
Device Set [None]
Device Locator ChannelB-DIMM0
Bank Locator BANK 2
Memory Type 02h - Unknown
Type Detail 0000h -
Speed 0MHz
Manufacturer [String Not Specified]
Serial Number [String Not Specified]
Asset Tag Number [String Not Specified]
Part Number [String Not Specified]
[Memory Device (Type 17) - Length 40 - Handle 0021h]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 16384MB
Form Factor 0dh - SODIMM
Device Set [None]
Device Locator ChannelB-DIMM1
Bank Locator BANK 3
Memory Type 1ah - Specification Reserved
Type Detail 0080h - Synchronous
Speed 2667MHz
Manufacturer 0420
Serial Number
Asset Tag Number
Part Number F4-2666C18-16GRS
[Memory Array Mapped Address (Type 19) - Length 31 - Handle 0022h]
Starting Address 00000000h
Ending Address 01ffffffh
Memory Array Handle 001dh
Partition Width 02
Extended Starting Address 0000000000000000h
Extended Ending Address 0000000000000000h
[Memory Device Mapped Address (Type 20) - Length 35 - Handle 0024h]
Starting Address 00000000h
Ending Address 00ffffffh
Memory Device Handle 001fh
Mem Array Mapped Adr Handle 0022h
Partition Row Position [Unknown]
Interleave Position 01
Interleave Data Depth 02
Extended Starting Address 0000000000000000h
Extended Ending Address 0000000000000000h
[Memory Device Mapped Address (Type 20) - Length 35 - Handle 0025h]
Starting Address 01000000h
Ending Address 01ffffffh
Memory Device Handle 0021h
Mem Array Mapped Adr Handle 0022h
Partition Row Position [Unknown]
Interleave Position 02
Interleave Data Depth 02
Extended Starting Address 0000000000000000h
Extended Ending Address 0000000000000000hThere is one parameter left: !sysinfo registers. I expect you won't use this parameter all that much so I won't explain it. You can find a brief explanation about it in Help > Index in WinDbg, but it basically shows machine-specific registers.
Code:
2: kd> !sysinfo registers
CPUID 0h - dh 68747541h 444d4163h 69746e65h "....AuthcAMDenti"
- dh 68747541h 444d4163h 69746e65h "....AuthcAMDenti"
CPUID 1h - 800f11h 3080800h 7ed8320bh 178bfbffh ".........2.~...."
- 800f11h 2080800h 7ed8320bh 178bfbffh ".........2.~...."
CPUID 2h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 4h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 5h - 40h 40h 3h 0h "@...@..........."
- 40h 40h 3h 0h "@...@..........."
CPUID 6h - 4h 0h 1h 0h "................"
- 4h 0h 1h 0h "................"
CPUID 7h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 9h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID ah - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID bh - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID ch - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID dh - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
MSR c0000080h - 4d01h' 0h
- 4d01h' 0h
CPUID 80000000h - 8000001fh 68747541h 444d4163h 69746e65h "....AuthcAMDenti"
- 8000001fh 68747541h 444d4163h 69746e65h "....AuthcAMDenti"
CPUID 80000001h - 800f11h 20000000h 35c233ffh 2fd3fbffh "....... .3.5.../"
- 800f11h 20000000h 35c233ffh 2fd3fbffh "....... .3.5.../"
CPUID 80000002h - 20444d41h 657a7952h 2035206eh 30303531h "AMD Ryzen 5 1500"
- 20444d41h 657a7952h 2035206eh 30303531h "AMD Ryzen 5 1500"
CPUID 80000003h - 75512058h 432d6461h 2065726fh 636f7250h "X Quad-Core Proc"
- 75512058h 432d6461h 2065726fh 636f7250h "X Quad-Core Proc"
CPUID 80000004h - 6f737365h 20202072h 20202020h 202020h "essor ."
- 6f737365h 20202072h 20202020h 202020h "essor ."
CPUID 80000005h - ff40ff40h ff40ff40h 20080140h 40040140h "@.@.@.@.@.. @..@"
- ff40ff40h ff40ff40h 20080140h 40040140h "@.@.@.@.@.. @..@"
CPUID 80000006h - 26006400h 66006400h 2006140h 808140h ".d.&.d.f@a..@..."
- 26006400h 66006400h 2006140h 808140h ".d.&.d.f@a..@..."
CPUID 80000007h - 0h 1bh 0h 6599h ".............e.."
- 0h 1bh 0h 6599h ".............e.."
CPUID 80000008h - 3030h 7h 4007h 0h "00.......@......"
- 3030h 7h 4007h 0h "00.......@......"
CPUID 80000009h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8000000ah - 1h 8000h 0h 1bcffh "................"
- 1h 8000h 0h 1bcffh "................"
CPUID 8000000bh - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8000000ch - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8000000dh - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8000000eh - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8000000fh - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000010h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000011h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000012h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000013h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000014h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000015h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000016h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000017h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000018h - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 80000019h - f040f040h 0h 0h 0h "@.@............."
- f040f040h 0h 0h 0h "@.@............."
CPUID 8000001ah - 3h 0h 0h 0h "................"
- 3h 0h 0h 0h "................"
CPUID 8000001bh - 3ffh 0h 0h 0h "................"
- 3ffh 0h 0h 0h "................"
CPUID 8000001ch - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8000001dh - 0h 0h 0h 0h "................"
- 0h 0h 0h 0h "................"
CPUID 8000001eh - 3h 101h 0h 0h "................"
- 2h 101h 0h 0h "................"
CPUID 8000001fh - 7h 16fh fh 0h "....o..........."
- 7h 16fh fh 0h "....o..........."I strongly encourage everyone to play with this extension, the above is merely basics on !sysinfo, and if you noticed I actually skipped some parameters which allow for specifying what and how you want to display things. Most of these parameters are applicable for the SMBIOS parameter, an example below shows all processor related information from the SMBIOS.
Code:
2: kd> !sysinfo smbios -processor
[SMBIOS Data Tables v3.0]
[DMI Version - 0]
[2.0 Calling Convention - No]
[Table Size - 3314 bytes]
[Cache Information (Type 7) - Length 19 - Handle 0018h]
Socket Designation L1 Cache
Cache Configuration 0180h - WB Enabled Int NonSocketed L1
Maximum Cache Size 0080h - 128K
Installed Size 0080h - 128K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type ParitySingle-Bit ECC
System Cache Type Data
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 0019h]
Socket Designation L1 Cache
Cache Configuration 0180h - WB Enabled Int NonSocketed L1
Maximum Cache Size 0080h - 128K
Installed Size 0080h - 128K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type ParitySingle-Bit ECC
System Cache Type Instruction
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 001ah]
Socket Designation L2 Cache
Cache Configuration 0181h - WB Enabled Int NonSocketed L2
Maximum Cache Size 0400h - 1024K
Installed Size 0400h - 1024K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type Multi-Bit ECC
System Cache Type Unified
Associativity 4-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 001bh]
Socket Designation L3 Cache
Cache Configuration 0182h - WB Enabled Int NonSocketed L3
Maximum Cache Size 2000h - 8192K
Installed Size 2000h - 8192K
Supported SRAM Type 0020h - Synchronous
Current SRAM Type 0020h - Synchronous
Cache Speed 0ns
Error Correction Type Specification Reserved
System Cache Type Unified
Associativity 16-way Set-Associative
[Processor Information (Type 4) - Length 48 - Handle 001ch]
Socket Designation U3E1
Processor Type Central Processor
Processor Family c6h - Specification Reserved
Processor Manufacturer Intel(R) Corporation
Processor ID e3060500fffbebbf
Processor Version Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Processor Voltage 8dh - 1.3V
External Clock 100MHz
Max Speed 8300MHz
Current Speed 4000MHz
Status Enabled Populated
Processor Upgrade Other
L1 Cache Handle 0019h
L2 Cache Handle 001ah
L3 Cache Handle 001bh
Serial Number
Asset Tag Number
Part Number To Be Filled By O.E.M.WinDbg would not be quite as powerful as it is if you would not be able to combine them. As such, you can combine processor and power information from the SMBIOS.
Code:
2: kd> !sysinfo smbios -power -cpu
[SMBIOS Data Tables v3.0]
[DMI Version - 0]
[2.0 Calling Convention - No]
[Table Size - 2428 bytes]
[Cache Information (Type 7) - Length 19 - Handle 002ah]
Socket Designation L1 - Cache
Cache Configuration 0180h - WB Enabled Int NonSocketed L1
Maximum Cache Size 0180h - 384K
Installed Size 0180h - 384K
Supported SRAM Type 0010h - Pipeline-Burst
Current SRAM Type 0010h - Pipeline-Burst
Cache Speed 1ns
Error Correction Type Specification Reserved
System Cache Type Unified
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 002bh]
Socket Designation L2 - Cache
Cache Configuration 0181h - WB Enabled Int NonSocketed L2
Maximum Cache Size 0800h - 2048K
Installed Size 0800h - 2048K
Supported SRAM Type 0010h - Pipeline-Burst
Current SRAM Type 0010h - Pipeline-Burst
Cache Speed 1ns
Error Correction Type Specification Reserved
System Cache Type Unified
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 002ch]
Socket Designation L3 - Cache
Cache Configuration 0182h - WB Enabled Int NonSocketed L3
Maximum Cache Size 4000h - 16384K
Installed Size 4000h - 16384K
Supported SRAM Type 0010h - Pipeline-Burst
Current SRAM Type 0010h - Pipeline-Burst
Cache Speed 1ns
Error Correction Type Specification Reserved
System Cache Type Unified
Associativity 16-way Set-Associative
[Processor Information (Type 4) - Length 48 - Handle 002dh]
Socket Designation AM4
Processor Type Central Processor
Processor Family 6bh - Specification Reserved
Processor Manufacturer Advanced Micro Devices, Inc.
Processor ID 110f8000fffb8b17
Processor Version AMD Ryzen 5 1500X Quad-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 3900MHz
Current Speed 3500MHz
Status Enabled Populated
Processor Upgrade Specification Reserved
L1 Cache Handle 002ah
L2 Cache Handle 002bh
L3 Cache Handle 002ch
Serial Number
Asset Tag Number
Part Number UnknownWhile this is incredibly useful at times, there is a drawback. As you may have noticed, quite a bit of information is retrieved from different sources: ACPI, SMBIOS, the firmware, the system and the motherboard. ACPI may be disabled in the BIOS, for instance, making parts of !sysinfo parameters useless. For quick reference, ACPI is a standard specification on how to efficiently handle power consumption by desktop and laptop. The most common drawback is related to the SMBIOS. SMBIOS, System Management BIOS, is another standard that defines structures and methods to access management information from the BIOS. Microsoft developed a driver called mssmbios.sys that implements this standard. Drivers can load and unload at any given moment theoretically, therefore it is possible that the SMBIOS information will not be available in a dump which happens when the mssmbios.sys driver is not loaded during the crash. When that happens, you see the following in the dump
Code:
sysinfo: could not find necessary interfaces.
sysinfo: note that mssmbios.sys must be loaded (XPSP2+).The information !sysinfo provides is a lot and can be daunting, the key here is to give yourself time and go over it slowly. I often still need to go slowly over things so that I don't miss what I am looking for, which is usually the RAM information. Remember that you do not need to understand everything, you just need to pick the relevant portions that you are looking for and use it.
A tip I would encourage everyone to do, add !sysinfo commands to automatically run every time you open dump files. I have a few !sysinfo commands running by default, smbios, machineid and cpuspeed, in that order. That way I can almost instantly detect overclocking with the CPU as that's done most often. It also shows me the motherboard and BIOS information that I can use to see if the BIOS is updated or not if needed. Lastly, I can check whether the RAM is seated in slots that the motherboard manual recommends, if XMP is used and the RAM make/model. In the SMBIOS RAM part, you can see the following
Code:
[Memory Device (Type 17) - Length 40 - Handle 0021h]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 16384MB
Form Factor 0dh - SODIMM
Device Set [None]
Device Locator ChannelB-DIMM1
Bank Locator BANK 3
Memory Type 1ah - Specification Reserved
Type Detail 0080h - Synchronous
Speed 2667MHz
Manufacturer 0420
Serial Number
Asset Tag Number
Part Number F4-2666C18-16GRS
[Memory Device (Type 17) - Length 40 - Handle 0020h]
Physical Memory Array Handle 001dh
Memory Error Info Handle [Not Provided]
Total Width 0 bits
Data Width 0 bits
Size [Not Populated]
Form Factor 02h - Unknown
Device Set [None]
Device Locator ChannelB-DIMM0
Bank Locator BANK 2
Memory Type 02h - Unknown
Type Detail 0000h -
Speed 0MHz
Manufacturer [String Not Specified]
Serial Number [String Not Specified]
Asset Tag Number [String Not Specified]
Part Number [String Not Specified]As you can tell by now, !sysinfo not only provides a lot of information, if you learn to use it accordingly then there's no need for questions such as at what speed is the CPU or RAM running, how is the RAM seated, is XMP used and more.