How to analyze crash dumps / blue screens (BSOD)

Published On: September 25th, 2020

BlueScreenView

This simple free tool, will often find the driver that caused the crash.
http://www.nirsoft.net/utils/blue_screen_view.html

 

How to analyze crash dumps / blue screens (BSOD)

WinDbg

When BlueScreenView does not provide enough information, Microsoft’s Debugging Tools may be needed.
https://msdn.microsoft.com/en-US/library/windows/hardware/ff551063(v=vs.85).aspx

Installation

If you only want to install the Debugging Tools, run the Windows SDK installer, select the Debugging Tools for Windows box, and clear all the other boxes.

Install-Debugging-Tools-for-Windows

Configuration

Symbols

Symbols are used to decode the information held in the memory dump file which allows you to see the function names in the call stack.

  1. Open WinDbg -> File -> Open -> Symbol Search Path
  2. Add the following symbol path and press OK: http://msdl.microsoft.com/download/symbols
  3. To save your configuration for next time, click File -> Save Workspace

WinDbg-Symbol-Search-Path

Opening Crash Dumps

  1. Make sure you have access to your DMP files
    1. Either run WinDbg with an elevated token (Start -> WinDbg -> right-click -> Run as administrator)
    2. Or copy the “C:\Windows\Minidump” directory to a location where you have read access.  e.g. your desktop.
  2. WinDbg -> File -> Open Crash Dump -> Browse to your latest .DMP file
    1. By default, .DMP files are saved in C:\Windows\Minidump\
    2. You may also find C:\Windows\MEMORY.DMP
  3. Let the analysis run.  It may take 10 or more minutes to complete.

WinDbg-Bugcheck-Analysis

Share This Story, Choose Your Platform!

Have more questions?

This site is protected by reCAPTCHA and the
Google Privacy Policy and Terms of Service apply.