Dec 08 2010

Windows Blue Screen Analysis

Published by at 1:37 am under Windows

Despite what you may hear, blue screens still occur in Windows XP, Vista and 2003 server. After the system crash – hence the blue screen – Windows generates a memory dump file in C:/Windows/Minidump. The filename provides the date and time, a useful piece of information that lets you know about the crash frequency.

Enable Minidumps

They should be enabled by default 
From the control panel:

- Go in System
- Click on "Advanced" tab
- Start and Recovery -> Settings
- Enable "Write an event to the system log"
- Disable Automatically restart
- Select the following debug info:
  * Small memory dump (64 Kb)
  * Small Dump Directory : %SystemRoot%\Minidump

Confirm all and restart the server.


Do whatever makes it crash.

Install Tools

The “Windows debugging tools” provides utilities for dump analysis. You can get it here.

MiniDumps Analysis

To extrakt information out f the minidump file:

- Open a command prompt window (Start -> Run -> "cmd")
- cd \program files\debugging tools (Or the chosen path when you installed the Windows debugging tools)
- kd -z C:\WINDOWS\Minidump\Mini???????-??.dmp
- kd> .logopen c:\debuglog.txt
- kd> .sympath srv*c:\symbols*
- kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

You’ve now got a debuglog.txt file in c:\, which you can open with Notepad or any text editor.


If you’re lucky enough, you may find the the program or driver name causing the blue screens in the MODULE_NAME and IMAGE_NAME modules. Knowing this, you can now fix the problem.

One response so far

One Response to “Windows Blue Screen Analysis”

  1. ruunyytikkilon 03 Oct 2012 at 11:16 pm

    Thanks for sharing such a useful stuff!

Comments RSS

Leave a Reply