Understanding Windows Crash Dump Analysis

If Windows creates a crash dump (memory.dmp or .dmp file), you can open it to see what went wrong the WinDbg tool.

Install the Windows Debugging Tools (WinDbg) from the Windows SDK. After install, run WinDbg (x64 if you're on 64-bit Windows).

1) Open the dump file:

File - Open Crash Dump - C:\Windows\MEMORY.DMP

2) Load symbols (Microsoft's public symbol server):

.symfix
.reload

3) Run the basic analysis:

!analyze -v

That gives a summary: bug check code, probable cause, and the stack trace of the crashing thread. Scroll down for the module name (often a driver or DLL).

You can also see running threads and call stacks:

~* k

To check a particular thread:

~3s
k

If the dump came from an application (not a full system crash), you can often spot the last method called before the exception.

Sometimes, you need to go lower than normal .NET or C#. In those moments, it's good to know the tools are there.