Go to ...

RSS Feed

June 1, 2020

DaRT 10 – Crash Analyzer

First things first: DaRT stands for the Diagnostics and Recovery Toolset, a set of utilities from Microsoft designed to help troubleshoot and repair Windows desktops. Ed’s old buddy, Jerry Honeycutt, wrote an article about this way back in 2009 for TechNet. It’s archived and out of date, but still work a read: “Overview of DaRT.” Thus, DaRT 10 is the collection of diagnostic and recovey tools for Windows 10.

IMHO, Crash Analyzer is the most valuable and important of all DaRT 10 tools. A BSOD, when it happens, does not provide a lot of information. Thus, there’s not much IT support can do when a user makes contact to report that a BSOD happened because of a DPC Watchdog Violation or a System Service Exception. To analyse such a BSOD, a crash dump needs to read and analysed. DaRT 10 Crash Analyzer allows you to help your users remotely, in case the PC in question cannot be booted after a BSOD has occurred. If the PC can be booted, users can send the crash dumps from %windir%\Minidump to IT support for analysis.

Run Crash Analyzer from desktop

If you have received crash dumps from a user, simply launch the Crash Analyzer from Start > Microsoft DaRT 10. You will be asked for the location of debugging files you installed with DaRT 10 (WDK, Windows Driver Kit):

In the next step you need to download Symbol files. A quote from the article Symbols and Symbol Files at Microsoft Hardware Dev Center:

When applications, libraries, drivers, or operating systems are linked, the linker that creates the .exe and .dll files also creates a number of additional files known as symbol files.

Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process.

Typically, symbol files might contain:
– Global variables
– Local variables
– Function names and the addresses of their entry points
– Frame pointer omission (FPO) records
– Source-line numbers

Symbol files will be downloaded automatically. You only need to specify a location where they’ll be stored:

Finally, browse to the crash dump file that the user sent (.dmp):

Crash Analyzer starts the analysis engine, reads the dump and analyses it:

When it’s done, a short description is shown:

To see the full analysis report, click Details:

Check those details: they will help you to understand the reason for the crash, and find a solution to keep it from recurring.

Run Crash Analyzer at boot

If a user can’t boot  Windows and access the dumps, you can run Crash Analyzer remotely. Tell the user to boot from DaRT 10 RECOVERY Media,  then allow you to remote into the PC. See my earlier post for brief instructions: https://win10.guru/dart-10-remote-assistance/

When a remote connection has been established, you can run the Crash Analyzer from the DaRT GUI:


Author: Kari Finn

A former Windows Insider MVP, Kari started in computing in the mid 80’s writing code for VAX / VMS systems. Since then, he’s worked in a variety of IT positions. He specializes in Windows image capture, customization, repair and deployment as well as Hyper-V virtualization. Kari is a proud Team Member at number #1 Windows site TenForums.com.

Tags: , , ,

Leave a Reply

More Stories From DaRT 10