Bill Detwiler: Few things are more infamous in the Windows world than the dreaded Blue Screen of Death. They can strike without warning. And troubleshooting them is often a combination of knowledge, skill, and lots of trial and error.
I'm Bill Detwiler, and during this TR Dojo episode, I'll show you a slightly more methodical blue screen troubleshooting approach using Microsoft's own WinDbg debugger tool.
The blue screen of death troubleshooting process I'll outline in this video has three steps. First, you'll need to capture the memory dump associated with the blue screen you're troubleshooting. You'll then need to download, install, and configure the WinDbg debugger tool. And lastly, you'll use WinDbg to analyze the memory dump.
Now before we begin, let me warn you that this process assumes you're able to start Windows. If the blue screen appears when you launch an application or perform a specific operation, just avoid that action until we're ready to capture the associated memory dump.
If on the other hand, the blue screen appears immediately after Windows boots, try booting in Safe Mode. If that doesn't work, you can also use a Bootable Recovery CD to access the machine via a command prompt, and then copy the memory dump file to a working machine that has WinDbg installed.
Regardless, the critical step is being able to open the memory dump file with WinDbg.
Ok. So, how do you capture the memory dump file?
First, open the System Properties window and click the Advanced tab. Under Start Up and Recovery, click the Settings button. Now, uncheck Automatically Restart and then Click the dropdown arrow under Write Debugging Information. Select Small Memory Dump (64 KB) and make sure the output is %SystemRoot%\Minidump.
Click OK to close Start Up and Recovery, and OK again to close System Properties.
Now, restart the PC and if necessary perform the action that causes the blue screen of death. This will allow the system to error out, and generate the Minidump file.
On most typical Windows installations, you'll find the Minidump files in the
C:\WINDOWS\Minidump\ directory, and they will have a DMP extension.
Now that you've created the memory dump file, you'll need to download, install, and configure WinDbg.
Just remember that this tool really isn't designed for the average user. It's most often used by developers or hardware manufactures to test their application code or driver software. That said, it doesn't mean we can't use WinDbg to troubleshoot a blue screen of death. It just means that using the program requires a fair bit of Windows technical savvy and some patience.
Now to get the tool, you'll need to download the entire set of Debugging Tools for Windows. These tools are available as part of the Windows Driver Kit (or WDK).
You can download the Windows Driver Kit from the Microsoft Debugging Tools Web site, which I'll link to from the TR Dojo blog. Be sure to select the correct package for your Windows version.
As of this taping, the current Windows Driver Kit is only available as an ISO file. Once you've downloaded the file, you'll need to burn the ISO to a CD, DVD or other installation media. You can then open the ISO from the installation media or mount it using a virtual drive utility.
The Setup Wizard will walk you through the installation.
With WinDbg installed, you can now examine the memory dump file for clues to the cause of your machine's blue screen of death.
Click Start | All Programs | Debugging Tools for Windows, and open WinDbg.
From the main window, select File and click Symbol File Path. The Symbol Search Path window will appear.
More than likely, you'll use the path shown here:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Once you've entered the correct path, click OK.
Close the WinDbg workspace, and save the Workspace information. This should lock the Symbol path.
Now, reopen WinDbg, select File, select Open Crash Dump, and then navigate to the minidump file created earlier. Highlight it, and select Open.
From the Command window that opens click the text:
! analyze v
under Bugcheck Analysis.
When you click the link, WinDbg will give you detailed information on the system error, such as the type of fault and process name. You can use this information to determine the cause of the fault and develop a potential remedy.
For example, the machine that generated the memory dump shown here suffered a blue screen of death caused by dialer software for a USB modem. Unfortunately, Windows was still referencing the file even though the software had been uninstalled. In this case, the solution was to located the offending file (fldevice.sys) and rename it fldevice.sys.old. With that change the blue screen of death disappeared.
WinDbg can be a powerful tool for troubleshooting blue screen of death errors, but it isn't for the Windows novice. For more information on using WinDbg to analyze memory files and solve blue screen errors, check out Jacky Howe's article in our Windows blog. You should also check documentation on Microsoft's WDK and Developer Tools Web site. I'll all these additional resources from the TR Dojo blog.
And as always, for more teachings on your path to becoming an IT Ninja, visit trdojo.techrepublic.com, or you can follow me on Twitter at twitter.com/billdetwiler.
Thanks for visiting the TR Dojo.
