GeekSocket Plug in and be Geekified

Tutorial Windows

Fighting the Blue Screen Of Death (BSOD)

by Bhavin Gandhi

windows-10-bsods- Image credits: Softpedia

What is BSOD and dump files?

If you are a Windows user, you must have came across Blue Screen with some error message.

It’s Blue Screen of Death, when crash occurs on windows system this screen is displayed and machine is restarted.

When windows shows Blue Screen, it generates two dump files MEMORY.dmp and a mini dump files.

These files are stored in

C:\WINDOWS\ and C:\WINDOWS\MiniDump

the kernel memory dump contains,

  • The Stop message, its parameters and other data
  • A list of loaded drivers
  • The processor context (PRCB) for the processor that stopped
  • The process information and kernel context (EPROCESS) for the process that stopped
  • The process information and kernel context (ETHREAD) for the thread that stopped
  • The Kernel-mode call stack for the thread that stopped

Source.

How to find the cause?

There are some tools to analyze the dump files,

BlueScreenView

It’s the easiest way to find which driver caused the crash.

It shows all mini dumps with some more information.

BlueScreenView BlueScreenView - Details

If it’s caused by same driver again and again, you should consider updating it or reinstalling the driver.

Debugging tools for Windows

For this you will need to install either WDK or SDK tools,

Installing SDK 10 for Windows 7 to 10

Installing WDK 10 for Windows 7 to 10

This page gives information about some tools included in Debugging Tools for Windows.

We are going to use WinDbg.

For analyzing the dmp files we will need symbol files, which we will obtain from Microsoft Symbol Server.

Debugging information is stored in a symbol file separate from the executable.

More information about symbol files.

When we use Microsoft Symbol Server it downloads the needed symbol files to the directory specified by us.

All Debugging tools are stored in

C:\Program Files (x86)\Windows Kits\10\Debuggers\ on Windows 8 onwards.

C:\Program Files\debugging tools\ on Windows 7.

  • Open the Directoty, C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
  • Run WinDbg.
  • Go to File -> Symbol File Path or Ctrl + S.
  • Enter the path, srv*c:\symbols*http://msdl.microsoft.com/download/symbols (Don’t enter any blank space or new line).

Adding Symbol Path

  • Now, go to File -> Open Crash Dump or Ctrl + D
  • Locate your dump and open it. (Wait for some time, this process takes one to two minutes.)
  • Once it completes you can click on !analyze -v for more detailed output.

Analysis Started Analysis Complete Analyze -v

Useful articles,

How to Debug Kernel Mode Blue Screen Crashes (for beginners)

How to read the small memory dump file that is created by Windows if a crash occurs

Analyzing a Crash Dump, aka BSOD

Once you find the cause you can search about it.

If you are having trouble in any step, comment down below, I will try to help you πŸ™‚
Tags:

blue screen BSOD crash debug dump WinDbg windows

Posted on: Permalink

Comments

Comments are not enabled on this site. The old comments might still be displayed. You can reply on one of the platforms listed in β€˜Posted on’ list, or email me.

Abhinav Shirur on Tue Jun 7, 2016 20:30 IST

It will be useful someday,but for now .. πŸš€πŸš€πŸš€πŸš€πŸš€

bhavin192 on Tue Jun 7, 2016 23:05 IST
Replying to comment by Abhinav Shirur: "It will be useful someday,but for …"

Windows πŸ˜…πŸ˜…
You will definitely need it someday 😜😜