Analyzing Crash Dumps / Blue Screens (BSoD)

This article describes how to identify the cause of most Windows Blue Screens (BSoDs).

BlueScreenView

This simple free tool, will often find the driver that caused the crash.
http://www.nirsoft.net/utils/blue_screen_view.html

BlueScreenView

WinDbg

When BlueScreenView does not provide enough information, Microsoft’s Debugging Tools may be needed.
https://msdn.microsoft.com/en-US/library/windows/hardware/ff551063(v=vs.85).aspx

Installation

If you only want to install the Debugging Tools, run the Windows SDK installer, select the Debugging Tools for Windows box, and clear all the other boxes.

Install Debugging Tools for Windows

Configuration

Symbols

Symbols are used to decode the information held in the memory dump file which allows you to see the function names in the call stack.

  1. Open WinDbg -> File -> Open -> Symbol Search Path
  2. Add the following symbol path and press OK: http://msdl.microsoft.com/download/symbols
  3. To save your configuration for next time, click File -> Save Workspace
WinDbg Symbol Search Path

Opening Crash Dumps

  1. Make sure you have access to your DMP files
    1. Either run WinDbg with an elevated token (Start -> WinDbg -> right-click -> Run as administrator)
    2. Or copy the “C:\Windows\Minidump” directory to a location where you have read access.  e.g. your desktop.
  2. WinDbg -> File -> Open Crash Dump -> Browse to your latest .DMP file
    1. By default, .DMP files are saved in C:\Windows\Minidump\
    2. You may also find C:\Windows\MEMORY.DMP
  3. Let the analysis run.  It may take 10 or more minutes to complete.
WinDbg Bugcheck Analysis