Dec 08 2010
Windows Blue Screen Analysis
Despite what you may hear, blue screens still occur in Windows XP, Vista and 2003 server. After the system crash – hence the blue screen – Windows generates a memory dump file in C:/Windows/Minidump. The filename provides the date and time, a useful piece of information that lets you know about the crash frequency.
Enable Minidumps
They should be enabled by default
From the control panel:
- Go in System - Click on "Advanced" tab - Start and Recovery -> Settings - Enable "Write an event to the system log" - Disable Automatically restart - Select the following debug info: * Small memory dump (64 Kb) * Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the server.
Crash
Do whatever makes it crash.
Install Tools
The “Windows debugging tools” provides utilities for dump analysis. You can get it here.
MiniDumps Analysis
To extrakt information out f the minidump file:
- Open a command prompt window (Start -> Run -> "cmd") - cd \program files\debugging tools (Or the chosen path when you installed the Windows debugging tools) - kd -z C:\WINDOWS\Minidump\Mini???????-??.dmp - kd> .logopen c:\debuglog.txt - kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols - kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
You’ve now got a debuglog.txt file in c:\, which you can open with Notepad or any text editor.
Conclusion
If you’re lucky enough, you may find the the program or driver name causing the blue screens in the MODULE_NAME and IMAGE_NAME modules. Knowing this, you can now fix the problem.
Thanks for sharing such a useful stuff!