Before you start to use WinDbg you also need to configure the symbol path – just go to file->symbol file path and the path you need to enter for the Microsoft public symbol server is: 

If you haven’t come across the concept of symbols before, then a short explanation is that the symbols are used to decode the information held in the memory dump file which allows you to see the function names in the call stack, to give an example of what you might see with and without symbols: 

As you can see in the above example, without symbols it is not possible to read the call stack. Each specific version of an application has a unique symbol file – as they related directly to the source code for that application, so if one line of source code is different inside the application then a new symbol file is generated to match it. 

You can run the command “lmv max32serv” in WinDbg to find out which kernel version the AOS is running (if it’s a dump taken from an AOS) or “lmv max32” to find out which version a client is from a client dump. The output in Windbg will look like 

Sometimes there might be a problem loading symbols for the specific version of AX that you are running – in that case there are some WinDbg commands which can help you, first you can turn on “noisy” symbol loading prompts so that WinDbg will give information about where it is trying to find the symbols and what the result was (like “file not found” or something like this), there are two commands you need in Windbg to do this: 

The. reload command will attempt to reload symbols, and the “!sym –noisy” will turn on noisy prompts. You can also force WinDbg to load a mismatched symbol file – if you can’t find the exact matching file for your version, the command to do that is: 

This step-by-step article describes how to debug a Windows service by using the WinDbg debugger (windbg.exe). To debug a Windows service, you can attach the WinDbg debugger to the process that hosts the service after the service starts, or you can configure the service to start with the WinDbg debugger attached so that you can troubleshoot service-startup-related problems. This article describes both these methods. 

Requirements 

This article assumes that you are familiar with the following topics:
 

• Windows Services 
• WinDbg Debugger 

This step-by-step article describes how to debug a Windows service by using the WinDbg debugger (windbg.exe). To debug a Windows service, you can attach the WinDbg debugger to the process that hosts the service after the service starts, or you can configure the service to start with the WinDbg debugger attached so that you can troubleshoot service-startup-related problems. This article describes both these methods. 
 

This article assumes that you are familiar with the following topics:
 

• Windows Services 
• WinDbg Debugger 

Attach the WinDbg debugger to a service after the service starts 

This method is similar to the method that you can use to attach a debugger to a process and then debug a process. 

1. To determine the process ID (PID) of the process that hosts the service that you want to debug, use one of the following methods

• Right-click the taskbar, and then click
  Task Manager. The Windows Task Manager dialog box appears. 
• Click the Processes tab of the
  Windows Task Manager dialog box. 
• Under Image Name, click the image name of the process that hosts the service that you want to debug. Note the process ID of this process as specified by the value of the corresponding
  PID field. 

• Method 2: Use the Task List Utility (tlist.exe) 

• Click Start, and then click
  Run. The Run dialog box appears. 
• In the Open box, type
  cmd, and then click OK. 
• At the command prompt, change the directory path to reflect the location of the tlist.exe file on your computer.Note The tlist.exe file is typically located in the following directory: Debugging Tools for Windows 
• At the command prompt, type
  tlist to list the image names and the process IDs of all processes that are currently running on your computer.Note Make a note of the process ID of the process that hosts the service that you want to debug. 

• At a command prompt, change the directory path to reflect the location of the windbg.exe file on your computer.Note If a command prompt is not open, follow steps a and b of Method 1. The windbg.exe file is typically located in the following directory:Debugging Tools for Windows. 

• At the command prompt, type windbg –p
  ProcessID /g to attach the WinDbg debugger to the process that hosts the service that you want to debug.Note ProcessID is a placeholder for the process ID of the process that hosts the service that you want to debug. 

Use the image name of the process that hosts the service that you want to debug 

• You can use this method only if there is exactly one running instance of the process that hosts the service that you want to run. To do this, follow these steps:
   
• Click Start, and then click
  Run. The Run dialog box appears. 

• In the Open box, type
  cmd, and then click OK to open a command prompt. 
• At the command prompt, change the directory path to reflect the location of the windbg.exe file on your computer.Note The windbg.exe file is typically located in the following directory Tools for Windows. 
• At the command prompt, type windbg –pn
  ImageName /g to attach the WinDbg debugger to the process that hosts the service that you want to debug.NoteImageName is a placeholder for the image name of the process that hosts the service that you want to debug. The “-pn” command-line option specifies that the
  ImageName command-line argument is the image name of a process. 

Start the WinDbg debugger and attach to the process that hosts the service that you want to debug 

• Start Windows Explorer. 
• Locate the windbg.exe file on your computer.Note The windbg.exe file is typically located in the following directory: C:\Program Files\Debugging Tools for Windows 
• Run the windbg.exe file together with the /g command-line switch to start the WinDbg debugger. The /g command-line switch allows the tracked process to continue after the break point is set. 
• On the File menu, click Attach to a Process to display the Attach to Process dialog box. 
• Click to select the node that corresponds to the process that hosts the service that you want to debug, and then click
  OK. 

• In the dialog box that appears, click Yesto save base workspace information. Notice that you can now debug the disassembled code of your service. 
• Configure a service to start with the WinDbg debugger attached 
• You can use this method to debug services if you want to troubleshoot service-startup-related problems.
   
• Configure the “Image File Execution” options. To do this, use one of the following methods:
   

•  
• Start Windows Explorer. 
• Locate the gflags.exe file on your computer.Note The gflags.exe file is typically located in the following directory:  Tools for Windows. 
• Run the gflags.exe file to start the Global Flags Editor. 
• In the Image File Name text box, type the image name of the process that hosts the service that you want to debug. For example, if you want to debug a service that is hosted by a process that has MyService.exe as the image name, type
  MyService.exe. 

• Under Destination, click to select the Image File Options option. 
• Under Image Debugger Options, click to select the Debugger check box. 
• In the Debugger text box, type the full path of the debugger that you want to use. For example, if you want to use the WinDbg debugger to debug a service, you can type a full path that is similar to the following:Click Apply, and then click
  OK to quit the Global Flags Editor. 
• Click Start, and then click
  Run. The Run dialog box appears. 
• In the Open box, type
  regedit, and then click OK to start Registry Editor. 

• Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 
• How to back up and restore the registry in Windows 
• In Registry Editor, locate, and then right-click the following registry subkey: 
• Point to New, and then click
  Key. In the left pane of Registry Editor, notice that
  New Key #1 (the name of a new registry subkey) is selected for editing. 
• Type ImageName to replace , and then press ENTER.Note ImageName is a placeholder for the image name of the process that hosts the service that you want to debug. For example, if you want to debug a service that is hosted by a process that has MyService.exe as the image name, type
  MyService.exe. 

• Right-click the registry subkey that you created in step e. 
• Point to New, and then click
  String Value. In the right pane of Registry Editor, notice that New Value #1, the name of a new registry entry, is selected for editing. 
• Replace New Value #1 with
  Debugger, and then press ENTER. 
• Right-click the Debugger registry entry that you created in step h, and then click Modify. The
  Edit String dialog box appears. 
• In the Value data text box, type
  DebuggerPath, and then click
  OK.Note DebuggerPath is a placeholder for the full path of the debugger that you want to use. For example, if you want to use the WinDbg debugger to debug a service, you can type a full path that is similar to the following: 

• For the debugger window to appear on your desktop, and to interact with the debugger, make your service interactive. If you do not make your service interactive, the debugger will start but you cannot see it and you cannot issue commands. To make your service interactive, use one of the following methods:
   
•  

• Click Start, and then point to
  Programs. 
• On the Programs menu, point to
  Administrative Tools, and then click
  Services. The Services console appears. 
• In the right pane of the Services console, right-click ServiceName, and then click Properties.Note ServiceName is a placeholder for the name of the service that you want to debug. 

• On the Log On tab, click to select the Allow service to interact with desktop check box under
  Local System account, and then click
  OK. 

• Method 2: Use Registry Editor 

• In Registry Editor, locate, and then click the following registry subkey: 
• Note Replace ServiceName with the name of the service that you want to debug. For example, if you want to debug a service named MyService, locate and then click the following registry key: 
• Under the
  Name field in the right pane of Registry Editor, right-click Type, and then click
  Modify. The Edit DWORD Value dialog box appears. 

• Change the text in the Value data text box to the result of the binary OR operation with the binary value of the current text and the binary value, 0x00000100, as the two operands. The binary value, 0x00000100, corresponds to the SERVICE_INTERACTIVE_PROCESS constant that is defined in the WinNT.h header file on your computer. This constant specifies that a service is interactive in nature. 

• When a service starts, the service communicates to the Service Control Manager how long the service must have to start (the time-out period for the service). If the Service Control Manager does not receive a “service started” notice from the service within this time-out period, the Service Control Manager terminates the process that hosts the service. This time-out period is typically less than 30 seconds. If you do not adjust this time-out period, the Service Control Manager ends the process and the attached debugger while you are trying to debug. To adjust this time-out period, follow these steps:
   

• In Registry Editor, locate, and then right-click the following registry subkey: 
•  
• Point to New, and then click
  DWORD Value. In the right pane of Registry Editor, notice that
  New Value #1 (the name of a new registry entry) is selected for editing. 

• Type ServicesPipeTimeout to replace New Value #1, and then press ENTER. 
• Right-click the  registry entry that you created in step c, and then click
  Modify. The dialog box appears. 
• In the text box, type , and then click
  OKNote TimeoutPeriod is a placeholder for the value of the time-out period (in milliseconds) that you want to set for the service. For example, if you want to set the time-out period to 24 hours (86400000 milliseconds), type 86400000. 
• Restart the computer. You must restart the computer for Service Control Manager to apply this change. 

• Start your Windows service. To do this, follow these steps: 

• Click Start, and then point to
  Programs. 
• On the Programs menu, point to
  Administrative Tools, and then click
  Services. The Services console appears. 
• In the right pane of the Services console, right-click ServiceName, and then click Start.Note ServiceName is a placeholder for the name of the service that you want to debug. 

• Troubleshooting 

• Before you try to debug a service across a network, make sure that the symbols and the source files that the service uses are accessible from the computer where the service will run. To do this, use one of the following methods: 
• Grant at least read-access permissions to everyone for the folder on your computer that contains the symbols and the source files that the service uses. 
• Copy these symbols and source files that the service uses to the computer where the service will run. 
•  

Download WinDbg Preview :

WinDbg Preview is a new version of WinDbg with more modern visuals, faster windows, and a full-fledged scripting experience. It is built with the extensible object-orientated debugger data model front and center. WinDbg Preview is using the same underlying engine as WinDbg today, so all the commands, extensions, and workflows still work as they did before. 

Get Debugging Tools for Windows (WinDbg) from the SDK: Windows 10 SDK. 

If you just need the Debugging Tools for Windows, and not the Windows Driver Kit (WDK) for Windows 10, you can install the debugging tools as a standalone component from the Windows Software Development Kit (SDK). 

In the SDK installation wizard, select Debugging Tools for Windows, and deselect all other components. 

Installing windbg on Windows 2016 Server:

REQUIREMENTS

• Windows VM
• Stand-alone Windows debugger

WINDOWS DEBUGGER OVERVIEW

• The windows debugger is most commonly known as windbg. It provides frequent updates, functionality and on-line help.
• It provides GUI (Graphical User Interface) to display the debugger output along with stacks, registers.
• It used to analyze both kernel mode and user mode memory dumps. Kernel mode memory dumps contain information about all the process and application during the crash time. User mode memory dumps will limit only the affected process or application information.
• It’s free to download from Microsoft.
• It allows us to perform Live kernel debugging or post-mortem analysis.
• Also, it contains CLI (Command Line Interface) tool named kd.exe. It also has known Kernel debugger. It’s a great tool for scripting and also easy to automate the crash dump analysis.
• The debugging tools also contains other tools like dumpchk, kill, tlist, usbview, etc..,

DOWNLOADING SDK

• Go to the URL https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit and scroll down and click on Get (WinDbg) as part of Windows 8.1 SDK (English only) link.

• Once you click on the link it prompts us to download the sdksetup.exe file.

• Save and run the sdksetup.exe file. Select the Install the Windows Software Development Kit for Windows 8.1 to this computer option and click Next.

• Select either yes or no to join the Customer Experience Improvement Program. Then Click Next.

• Click the Accept button for the license agreement.

• Select only the Debugging Tools for Windows and Click Install.

• It will take few minutes to complete the installation.

• Click Close to finish the installation wizard.

CONFIGURE ENVIRONMENT PATH

• Once the installation is complete, Right click on the start menu and select System.

• Click on Advanced system settings.

• Select the Environment Variables button.

• Highlight the Path variable under System Variables applet and click Edit.

• Click on New button and add the windows debugger path as C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64.

• Click OK thrice to close the system properties window.

• To verify the environment variable settings, Open the command prompt and type the command windbg. You will able to see the windbg help menu.

CONFIGURING WINDOWS DEBUGGER

• Go-to start-menu and select Windows Kits and Click on Windbg (x64).

• The windbg application has opened up with the blank workspace.

• To configure the symbol path, Click on the File menu and select Symbol File Path.

• Add the path as srv*c:\symbols*http://msdl.microsoft.com/download/symbols in the text box and click OK.

• Go-to File menu and click on save workspace to save the changes.

CONFIGURE IMAGE FILE PATH

• When small kernel dump is configured, not all the memory configuration is saved in the dump file. Small memory dump does not save all the .exe, .dll, .sys images.
• To resolve this issue, we need to configure the debugger executable image file path to Microsoft Symbol Server.
• To configure the image path, Open the windbg (64) and Click on the File menu and select Image File Path.

• Add the path as srv*c:\symbols*http://msdl.microsoft.com/download/symbols in the text box and click OK.

• Go-to File menu and click on save workspace to save the changes.

-WinDbg is a multipurpose debugger for the Microsoft Windows computeroperating system, distributed by Microsoft. Debugging is the process of finding and resolving errors in a system; in computing it also includes exploring the internal operation of software as a help to development. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode. Like the better-known Visual Studio Debugger it has agraphical user interface (GUI), but is more powerful and has little else in common.

WinDbg is a debugger that wraps NTSD and KD with a better UI. It provides command-line options like starting minimized (-m), attach to a process by pid (-p) and auto-open crash files (-z). It supports three types of commands: 

• regular commands. The regular commands are to debug processes. 
• dot commands. The dot commands are to control the debugger. 
• extension commands these are custom commands that you can add to WinDbg; they are implemented as exported functions in extension DLLs. 

Major Features of Windbg, kd, cdb, ntsd

WinDbg is a debugger that wraps NTSD and KD with a better UI. It provides command-line options like starting minimized (-m), attach to a process by pid (-p) and auto-open crash files (-z). It supports three types of commands:

• regular commands . The regular commands are to debug processes.
• dot commands . The dot commands are to control the debugger.
• extension commands these are custom commands that you can add to WinDbg; they are implemented as exported functions in extension DLLs.

WinDbg