Analyzing Crash Dumps / Blue Screens (BSoD)

By Published On: March 2nd, 2021Categories: Knowledge Base, Troubleshooting

This article describes how to identify the cause of most Windows Blue Screens (BSoDs).

BlueScreenView

This simple free tool, will often find the driver that caused the crash.
http://www.nirsoft.net/utils/blue_screen_view.html

How to analyze crash dumps / blue screens (BSOD)

WinDbg

When BlueScreenView does not provide enough information, Microsoft’s Debugging Tools may be needed.
https://msdn.microsoft.com/en-US/library/windows/hardware/ff551063(v=vs.85).aspx

Installation

If you only want to install the Debugging Tools, run the Windows SDK installer, select the Debugging Tools for Windows box, and clear all the other boxes.

Install Debugging Tools for Windows

Configuration

Symbols

Symbols are used to decode the information held in the memory dump file which allows you to see the function names in the call stack.

  1. Open WinDbg -> File -> Open -> Symbol Search Path
  2. Add the following symbol path and press OK: http://msdl.microsoft.com/download/symbols
  3. To save your configuration for next time, click File -> Save Workspace

WinDbg Symbol Search path

Opening Crash Dumps

  1. Make sure you have access to your DMP files
    1. Either run WinDbg with an elevated token (Start -> WinDbg -> right-click -> Run as administrator)
    2. Or copy the “C:\Windows\Minidump” directory to a location where you have read access. e.g. your desktop.
  2. WinDbg -> File -> Open Crash Dump -> Browse to your latest .DMP file
    1. By default, .DMP files are saved in C:\Windows\Minidump\
    2. You may also find C:\Windows\MEMORY.DMP
  3. Let the analysis run. It may take 10 or more minutes to complete.

WinDbg Bugcheck Analysis

Search All Resources:

Join the IT-security paradigm shift!

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Share This Story, Choose Your Platform!

Get Updates Right In Your Inbox

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Leave a Comment

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.

Analyzing Crash Dumps / Blue Screens (BSoD)

By Published On: October 6th, 2020

Analyzing Crash Dumps / Blue Screens (BSoD)

This article describes how to identify the cause of most Windows Blue Screens (BSoDs).

BlueScreenView

This simple free tool, will often find the driver that caused the crash.
http://www.nirsoft.net/utils/blue_screen_view.html

Blue Screen

WinDbg

When BlueScreenView does not provide enough information, Microsoft’s Debugging Tools may be needed.
https://msdn.microsoft.com/en-US/library/windows/hardware/ff551063(v=vs.85).aspx

Installation

If you only want to install the Debugging Tools, run the Windows SDK installer, select the Debugging Tools for Windows box, and clear all the other boxes.

Install Debugging Tools for Windows

Configuration

Symbols

Symbols are used to decode the information held in the memory dump file which allows you to see the function names in the call stack.

  1. Open WinDbg -> File -> Open -> Symbol Search Path
  2. Add the following symbol path and press OK: http://msdl.microsoft.com/download/symbols
  3. To save your configuration for next time, click File -> Save Workspace
WinDbg Symbol Search path

Opening Crash Dumps

  1. Make sure you have access to your DMP files
    1. Either run WinDbg with an elevated token (Start -> WinDbg -> right-click -> Run as administrator)
    2. Or copy the “C:\Windows\Minidump” directory to a location where you have read access.  e.g. your desktop.
  2. WinDbg -> File -> Open Crash Dump -> Browse to your latest .DMP file
    1. By default, .DMP files are saved in C:\Windows\Minidump\
    2. You may also find C:\Windows\MEMORY.DMP
  3. Let the analysis run.  It may take 10 or more minutes to complete.
WinDbg Bugcheck Analysis

Search All Resources:

Join the IT-security paradigm shift!

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Share This Story, Choose Your Platform!

Get Updates Right In Your Inbox

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Leave a Comment

Go to Top