Windows

Video: Troubleshoot Windows blue screen of death (BSOD) with WinDbg

Bill Detwiler shows you how to troubleshoot Windows blue screen of death (BSOD) errors using Microsoft's own WinDbg debugger tool.

Few things are more infamous in the Windows world than the dreaded Blue Screen of Death. They can strike without warning. And, troubleshooting them is often a combination of knowledge, skill, and lots of trial and error. During this TR Dojo episode, I show you a slightly more methodical blue screen troubleshooting approach using Microsoft's own WinDbg debugger tool.

For those who prefer text to video, you can click the Transcript link that appears below the video player window or read Jacky Howe's article, "How do I use WinDBG Debugger to troubleshoot a Blue Screen of Death?"

You'll find the WinDbg debugger tool and related resources on the following Microsoft Web pages:

You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

38 comments
jnager
jnager

It is because your windows has invalid or obsolete items. You need to remove them. I use Digeus Registry Cleaner for this purpose.

asolomon
asolomon

Will this only work with the minidump? Does this utility work on server versions of Windows?

rickclark9
rickclark9

Bill, As always I like Bill's style. This subject and the use of WinDbg is however beyond your average PC user. There are times when a competent computer professional is required. Much simpler methods of basic troubleshooting should be attempted first. What was I doing when I got the BSOD? Was there something new that was installed either application or hardware with drivers? Did I do any critical updates just before this started?

203T
203T

Part II would be GREAT! I've been through this material and managed over the years but would love to see a concise and probably conceptual 'how to'. (part III?)

g.ferguson
g.ferguson

Hi, This looks very useful. Can you please verify the symbols path. It looks like SRV"c:\symbols"http://madl.microsoft.com/download/symbols but that http address cannot be browsed to?? Alternatively, can you tell me how I know which .pdb file will have the symbols I require. I'm looking at a W2008 32-bit dump. Many thanks, Garry

techrepubliclist
techrepubliclist

Since switching to Win7 Ultimate, commercial version, I'm seeing about one (1) per month. Since the beta & RTM versions, I've accrued 25 blue screen mini-dumps.

NickNielsen
NickNielsen

A decade ago, I would see multiples in a day. I've seen one this year so far.

Bill Detwiler
Bill Detwiler

In the above TR Dojo post, I show you how to troubleshoot Windows blue screen of death (BSOD) errors using Microsoft's own WinDbg debugger tool. But, I'm curious to know if BSOD errors are as prevalent today as they were five years ago. Take the poll and in the post above, and let me know. Original post and poll: http://blogs.techrepublic.com.com/itdojo/?p=1682

wandersick
wandersick

With NirSoft BlueScreen or WhoCrashed you can do the same and much easier. Just run the program as the former is portable, and read the displayed Bug Check Code, affected driver, and lots more information from the Small Dump. Really, all these years I still haven't dug into WinDbg because there're simpler tools around. I can't convince myself why WinDbg is needed as I wouldn't understand any more info it displays anyway. On the other hand, it was mentioned in the video to select Small Memory Dump (64 KB), but in some versions of Windows, Kernel Memory Dump or Full Memory Dump is selected instead by default. These settings will work too; as as long as it is not set to (none), Small Memory Dump will always be created (assuming Pagefile.sys is on the system drive), alongside with other types of dumps (if selected) created in %systemroot%\MEMORY.DMP

Bill Detwiler
Bill Detwiler

I couldn't agree more. WinDbg is not for the average user, and I hope that point came across in the video. This was actually one of the more difficult episodes to produce. It took me several hours to solve a symbols problem I had.

whatisnew
whatisnew

WinDbg can solve admin a lot of headache; even thought, I only see BSOD a few times for the past of few years. Each BSOD is still a very serious problem. A good skill on WinDbg is definitely going to help me to get rid of BSOD at no time.

jwschull
jwschull

Been getting several lately. I believe it is the newly installed Magic Disk ISO reader i installed. I believe the BSOD occured when the cpu went to sleep. Removed it and no more problems. I installed MagicDisk because the slysoft and MS versions had issues. MS doesn't have a supported ISO reader for Win7 x64 even though alot of their MSDN resources are on ISO. The Slysoft version appears to have issues with deep directory structures. MagicDisk doesn't have either issue. But it does seem to cause the BSOD when the cpu goes to sleep.

leo8888
leo8888

Lately I am finding more and more malware that hooks into the system in such a way that deleting the infected files will cause a BSOD on the next boot. Usually when the infection installs itself as a driver. If I could ever get my hands on one of those maggots that write malware I'd...

erikehlert
erikehlert

Bill, are there services/sites out there that will do the analysis of the possible BSOD causes for me if I give them the minidump file? That would be a preferred option for the novices like myself. Getting the minidump file seems to be the easy part of this troubleshooting task. In my case I have an XP machine that's about 6-7 years old. It just recently started having problems without me installing or changing a thing. Figuring that some part was going bad due to age, like the hard drive, I got a new Windows 7 system. And it bluescreened the first day (but not since). Ugh.

willcomp
willcomp

Excellent presentation on a rather technical topic. I still see a number of BSODs but I do repair and service work on mostly home PCs. Most still have XP and those installs have a bit of age on them -- some more than 8 years. For anyone with access to MS DaRT (ERD Commander renamed) such as TechNet subscribers, MSDN subscribers, or Software assurance licensees; try the Crash Analyzer Wizard which simplifies minidump analysis a bit. When stop code varies along with faulting module (usually system files), test memory. In nearly all cases I've seen with those symptoms, memory was the root cause.

dave
dave

As IT support where I work with 100+ workstations and 6 servers, I have not seen one for several years. Fixed a few on the side that had the blue screen issue and they were RAM related.

dale_wellman
dale_wellman

Bill, You mentioned having to download the entire ISO, then extracting the debugger. Somewhere on Microsoft's site I found the file "dbg_x86_6.8.4.0.msi," which is a 17Mb installer just for the debugger, without requiring the ISO. Perhaps this is no longer available, though. I did this last year when facing some BSOD problems. Overall, I would say "less" BSOD's these days, but I haven't really put Win7 to the test yet. During one of my last BSOD's, I looked at several different crash dumps for the same machine. Each one seemed to point to different causes, which led me to believe that the problem was actually a faulty RAM issue, and not really software at all. Maybe that's "faulty" logic on my part, but I never could eliminate the problem with software changes. Unfortunately, it is a laptop, so that means a tedious surgery in order to swap and test the RAM . . . As always, thanks for very well done presentations! I, too, would love to see some more detailed training on WinDbg.

stuartc
stuartc

For sure fewer and I do push my PC, but I've had 2 on my brand new Windows 7 PC in less than 2 months...

alec.wood
alec.wood

For all people slated Vista, it really marked the beginning of the end of BSOD for most ordinary users. I'd hazard a guess that most people haven't seen one since Vista appeared

leo8888
leo8888

I have found BlueScreenView to be very handy, especially when run from BartPE. It has helped me troubleshoot and repair systems that I could not otherwise get to boot past a BSOD.

xambassador
xambassador

Blue screens have not been a problem for over a decade, ever since I learned to keep heat sinks etc. free of dust and to use cccleaner on a regular basis. The most satisfying has been, however, installing SuSE 11.0 in a dual-boot arrangement (2 years). I now use Windows only for compatibility purposes for the sake of coworkers, etc.

Bill Detwiler
Bill Detwiler

Glad you found the symbols path. I tried to make sure the path was clear in the video, but at 480x272 I know text can be a bit hard to read. If you ever have trouble reading text within the video, you should be able to find what you're looking for in the transcript or blog notes.

NickNielsen
NickNielsen

almost any modern file archiving program.

jwschull
jwschull

The windbg tool pointed to the MagicDisk driver as the culprit.

willcomp
willcomp

Two options I know about: You can ask a question here on TR and someone may be able to assist. It would take a peer mail to transfer minidump files. Minidump analysis is routinely done on Experts Exchange where you can attach minidump files to a question.

PhilippeV
PhilippeV

Most BSOD today are not hardware related (except in case of severe physical damages, such as a failing memory DIMM or damaged disk drive controler or interface, or damages caused by overheat in the north bus bridge, or damages in the power ; generally, in these cases, the PC will not be able to boot a safe CD even in safe mode, or will fail simply during the BIOS POST tests, or in the slow POST tests if you enable it instead of the usual "fast boot" mode which only performs minimum checks to detect the effective presence of the expected devices). So the remaining BSOD come from softwares : notably those that are registered as non-plug-n-play devices implementing software services. In many cases, this is related to a damaged installation of a security software (an antivirus or antirootkit, which was attacked by a new malware), or by the malware itself (such as those installing as network redirectors in the WinSock services stack, and various pseudo-SCSI emulation devices installed by bogous CDROM/DVDROM drive emulators ; another common source is an incorrect installation of the display driver, not suitable for your OEM display board, due to an incompatibility with the motherboard's chipset fro which the display driver was not tested). In rare cases, the drivers are really too old, and do not manage correctly the IO request privilege levels : you have installed a driver that was built only for Windows 2000 (partially working on XP, with limitations, but no longer supported in Vista or Seven; the issue is frequent with those old display drivers that ware only built for DirectX 6 : don't use them on Windows Vista or Windows Seven, prefer the default generic display drivers provided by Microsoft, even if they only support DirectX 9 and are not fast). If your PC is a notebook from a famous brand, try restoring the latest display driver proposed by the Pc manufacturer, sometimes they are the generic driver from AMD/ATI or from nVidia, but drivers for Intel GPUs are really very sensitive and only worl well with specific versions of Intel chipsets and may not work without sepcific tuning and extension DLLs added by the OEM PC manufacturer. Don't use the drivers proposed by some Flash USB memory key or smartcards: they offer absolutely no competitive advantage compared to the generic drivers proposed by Microsoft on Vista and Seven (those OEM drivers were only made to be used in Windows XP or 2000, long before Microsoft supported these classes of devices). Same thing about network interfaces, Ethernet or WiFi (the generic drivers proposed by Microsoft are equally performant, the OEM drivers offer no specific performance advantage in Vista and Seven). Beware also about BIOS settings: if you have ever enabled the IO APIC, or ACPI in the BIOs when installing Windows, don't disable them later (note that some BIOSes, when restauring them to their factory defaults, will disable these options, if the PCI settings stored in the NVRAM of PCI adapters and devices, becomes corrupted). Beware also about excessive CPU and bus frequency (notably if the room temperature is high and exceeds 28?C, and your CP has difficulties to get freezed by the CPU fan through the small vents on notebooks): - If the weather is too hot, you may sometimes need to reduce the CPU frequency in the BIOS at a lower value (say -25%), to maintain correct behavior & stability. - For some high frequencies, the CPU will not work reliably if its power Voltage ID is not increased a bit (but it will also increase its heat disssipation).

snideley59
snideley59

Some RAM issues (can't blame MS there)but more related to third party drivers (the old fatal stop...BAD_HEADER_POOL) Can't fix those until the third party driver guys get on the stick. Was not aware of WinDbg. Hope WinDbg helps, because until now I have been relying on the Scientific Wild Ass Guess (SWAG) approach. I come from the UNIX/Linux environment, where a core dump is something that you send back to the vendor in the hopes that they can get something useful out of the megabytes of hex code that it generates. Way above my pay grade. Most informative ITDOJO. Thanks Bill

smokeybehr
smokeybehr

99% of the BSoD that I see are due to a hard drive failing, giving me the UNMOUNTABLE_BOOT_VOLUME error. The other 1% is because someone has used the wrong image for a machine. We did have a rash of BSoD errors when Dell changed a bunch of stuff on their Optiplex 740, and went to the "Enhanced" model and a triple core processor.

detours
detours

I haven't seen a software-generated BSOD in many years. The ones I've seen in the last five years were all caused by hardware - bad RAM - misconfigured/outdated BIOS - failing hard drive - bad video card - bad sound card

LocoLobo
LocoLobo

On my Vista machine at home I've had no BSDs. However, Vista locks up regularly. Alt-Ctl-Del has no effect most of the time. When it does, trying to kill the process that is causing the problem doesn't stop the process, it just sits there locked up. Usually it will self recover if I want to wait 10 min or so. About half the time I have to reboot the machine by powering down and back up.

joseph.r.piazza
joseph.r.piazza

I thnk BSoD was really a Windows 95-98 issue. Since XP or XP SP1 I rarely, if ever saw one....what happens as someone reported is it just freezes up and you have to power off. I upgraded to W 7 back in begining of January and I have had 2 freeze-ups since then

robindustygraves
robindustygraves

Since I work with many, strange, odd, thrown together systems (see my tiny kidbots.com ), I regularly run into BSoD. In high end systems, it usually happens when installing some version of Windows in the first place, since typically, the OS would be on a partition on drive F: or whatever, and this causes problems. However, the BSoD does pop up now and then, but less than in the past. I regularly re- install the entire OS, usually on a complete, separate harddrive from data, so that if it crashes, the data is separate, and intact, and accessible, usually with Knoppix, Ubuntu, MINT, or some free Linux CD/DVD that instantly loads, identifies everything, goes online, and reads and can BURN all the data onto a CD/DVD backup... The only problem with this method is that some of the newest, greatest, fastest, loaded computers often have "New and Improved" Video or DVD DRIVERS that Linux cannot identify -yet- ,so the Linux tools have to be constantly checked for new versions. The ability to analyze the BSoD would be MOST handy when you DO NOT want to reload the entire system, which I normally do, or when you are in a situation where you do not have the resources or TIME to fully investigate, - you just want to patch it and move on... I very much enjoy Detwiler's DOJO videos, and often download the suggested programs and files etc, and check out the links. Keep up the great work! Since I have been working on electronics and computers since the 70's, I get a LOT of technical information arriving to my computer, and Bill's Videos are something I always take the time to look at! Thanks again...

JCitizen
JCitizen

for Vista/Win7 all mine have been third party drivers, most often associated with display hardware - that is as close to hardware as it gets for me - drivers.

dave
dave

Click of Death. Probably just lucky, but I can see where it can happen. After I tried to do a data salvage from an infected PC for a coworker with BartPE, I received a blue screen during boot. Cleaned the disk and all went well, but corruption on the drive would do the same.

Editor's Picks