In this episode of Defrag Tools, Andrew Richards and Chad Beeder use Debugging Tools for Windows (WinDbg) to determine the root cause of various application crashes which have occurred on Andrew's computer. We use Sysinternals ProcDump to capture the dumps. While debugging, we take a side trip into configuring colors for Compressed and Encrypted files in Windows Explorer, and use Sysinternals Process Monitor to determine why the debugger was getting an Access Denied when loading the PDE Debugger Extension. We did a similar investigation in these two episodes: Defrag Tools #135 - Debugging User Mode Crash Dumps Part 1Defrag Tools #136 - Debugging User Mode Crash Dumps Part 2We cover how to install the Debugging Tools for Windows in this episode: Defrag Tools #131 - Windows 10 SDKGet the Sysinternals tools from http://www.sysinternals.com. We use: Sysinternals ProcDumpSysinternals Process MonitorGet the PDE debugger extension from the Defrag Tools OneDrive Get your Symbol Path to the Microsoft Public Symbol Server: Via Environment Variablesetx /m _NT_SYMBOL_PATH SRV*C:\My\Sym*https://msdl.microsoft.com/download/symbolsIn the Debugger.sympath SRV*C:\My\Sym*https://msdl.microsoft.com/download/symbolsTo collect dumps of crashes on your own machine, install ProcDump as the Postmortem (AeDebugger) debugger: md c:\dumps procdump.exe -ma -i c:\dumps On any dump (user or kernel), you can run automated analysis to view the issue: !analyze -v Debugging Cheat Sheet c0000005 is an Access Violation - use .ecxr & kc000027b is a Stowed Exception (Store Apps) - use !pde.dsee0434352 is a CLR Exception - use !sos.pee0697282 is a C++ Exception - use .ecxr & k80000003 is a Breakpoint - use !analyze -vWhen typing a decimal number, prefix it "0n"When typing a hexadecimal number, prefix it "0x" (the default prefix)Common Debugger Commands .exr -1 View the Exception Code and the Exception ParametersNumber looking like C0xxxxxx and 80xxxxxx are