Required Tools :
Before starting any debugging you need to get the following tools :
- WinDbg from Microsoft available here (Install Debugging Tools for Windows 32-bit Version).
- Remote Registry Editor provided with Visual Studio 2005.
Sample Application :
// MemException application
void PrintHello ()
void GenerateNullPointerException ()
BYTE *pByte = NULL;
*pByte = 0xFF;
int _tmain(int argc, _TCHAR* argv)
First Step : Locate the kdump files
Using the registry you can change the file location folder for the kdump files.
"DumpDirectory"="\Temp\DumFiles" (string entry)
"DumpEnabled"=dword:1 (dword entry)
Second step : Copy the kdump files
Note : Don't close the warning message box, before doing the copy as DrWatson is removing the files right after.
Third Step : Open the kdump files
Launch the WinDbg application and get to File -> Open Crash Dump menu.
Select the kdmp file retrieve from your device.
Then in the command line area of Windbg, launch the command :
MemException!GenerateNullPointerException+14 [d:\nbesson\projects\vs2005\memexception\memexception\memexception.cpp @ 16]
00011028 0030c2e5 strb r3, [r2]
Known Issues with symbols
Sometimes, WinDbg is unable to find the debug files to locate the source code during the analyze of the dump file. In this case you have to make sure that files hasn't been renamed during copy on the device.
Use the following command to get the link to the source code :
- .sympath : to check the symboles folder, if missing folder go to "File->Symbol File Path" or hit Ctrl+S, add the folder and do not forget to reload
- .reload : to reload symbols
- !sym noisy : to enable verbosity on symbol files access
and finaly if after all those steps the symbol files is not loaded, use the .reload /f <binary file name> to force the symbols loading for this specific binary.
Now enjoy debugging !