Analyzing Crash Dumps / Blue Screens (BSoD)
This article describes how to identify the cause of most Windows Blue Screens (BSoDs).
BlueScreenView
This simple free tool, will often find the driver that caused the crash.
http://www.nirsoft.net/utils/blue_screen_view.html
WinDbg
When BlueScreenView does not provide enough information, Microsoft’s Debugging Tools may be needed.
https://msdn.microsoft.com/en-US/library/windows/hardware/ff551063(v=vs.85).aspx
Installation
If you only want to install the Debugging Tools, run the Windows SDK installer, select the Debugging Tools for Windows box, and clear all the other boxes.
Configuration
Symbols
Symbols are used to decode the information held in the memory dump file which allows you to see the function names in the call stack.
- Open WinDbg -> File -> Open -> Symbol Search Path
- Add the following symbol path and press OK: http://msdl.microsoft.com/download/symbols
- To save your configuration for next time, click File -> Save Workspace
Opening Crash Dumps
- Make sure you have access to your DMP files
- Either run WinDbg with an elevated token (Start -> WinDbg -> right-click -> Run as administrator)
- Or copy the “C:\Windows\Minidump” directory to a location where you have read access. e.g. your desktop.
- WinDbg -> File -> Open Crash Dump -> Browse to your latest .DMP file
- By default, .DMP files are saved in C:\Windows\Minidump\
- You may also find C:\Windows\MEMORY.DMP
- Let the analysis run. It may take 10 or more minutes to complete.
Share This Story, Choose Your Platform!
Get Updates Right In Your Inbox
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.