{"id":719,"date":"2010-12-08T01:37:37","date_gmt":"2010-12-07T23:37:37","guid":{"rendered":"http:\/\/www.netexpertise.eu\/en\/?p=719"},"modified":"2021-10-12T22:32:57","modified_gmt":"2021-10-12T20:32:57","slug":"blue-screen-analysis","status":"publish","type":"post","link":"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html","title":{"rendered":"Windows Blue Screen Analysis"},"content":{"rendered":"\n

Despite what you may hear from Microsoft defenders, blue screens still occur in Windows<\/a> family servers. After the system crash – hence the blue screen – Windows generates a memory dump file in C:\/Windows\/Minidump. The filename provides the date and time, a useful piece of information that lets you know about the crash frequency. These minidumps are also useful to conduct some Windows blue screen analysis.

<\/p>\n\n\n\n

\"Blue<\/figure><\/div>\n\n\n\n


Enable Blue Screen Minidumps<\/h3>\n\n\n\n

Minidumps should be enabled by default on your system but it is worth checking if you experience blue screens and C:\/Windows\/Minidump remains empty.
From the control panel:<\/p>\n\n\n\n

– Go in System
– Click on “Advanced” tab
– Start and Recovery -> Settings
– Enable “Write an event to the system log”
– Disable Automatically restart
– Select the following debug info:
* Small memory dump (64 Kb)
* Small Dump Directory : %SystemRoot%\\Minidump <\/p>\n\n\n\n

 
Confirm settings on every window and restart the server.
 <\/p>\n\n\n\n

Reproduce Windows Crash<\/h3>\n\n\n\n

Do whatever it takes to make Windows crash. If you do not know how to reproduce, blue screen dumps will add up in the minidump folder overtime and you can analyse them anytime later on.
 <\/p>\n\n\n\n

Install Debugging Tools for Windows<\/h3>\n\n\n\n

The “Windows debugging tools” provides utilities for dump analysis. You can download them on Microsoft website<\/a>.
 <\/p>\n\n\n\n

MiniDumps Analysis<\/h3>\n\n\n\n

Now, you will need to extract information out of the minidump file. kd is the command we will use from the debugging tools for Windows to analyse blue screen dumps.<\/p>\n\n\n\n

Open a command prompt window (Start -> Run -> “cmd”)<\/p>\n\n\n\n

cd \\program files\\debugging tools\nrem (Or the chosen path when you installed the Windows debugging tools)\nkd -z C:\\WINDOWS\\Minidump\\Mini???????-??.dmp\nkd> .logopen c:\\debuglog.txt\nkd> .sympath srv*c:\\symbols*http:\/\/msdl.microsoft.com\/download\/symbols\nkd> .reload;!analyze -v;r;kv;lmnt;.logclose;q<\/code><\/pre>\n\n\n\n
 
You now have a debuglog.txt file in c:\\, which you can open with Notepad or any text editor.
 <\/p>\n\n\n\n
Conclusion<\/h3>\n\n\n\n
If you’re lucky enough, you may find the the program or driver name causing the blue screens in the MODULE_NAME and IMAGE_NAME modules. Knowing this, you can now fix the problem.<\/p>\n","protected":false},"excerpt":{"rendered":"
Despite what you may hear from Microsoft defenders, blue screens still occur in Windows family servers. After the system crash – hence the blue screen – Windows generates a memory dump file in C:\/Windows\/Minidump. The filename provides the date and time, a useful piece of information that lets you know about the crash frequency. These […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[70],"tags":[391],"yoast_head":"\nNetexpertise - Windows Blue Screen Analysis<\/title>\n<meta name=\"description\" content=\"How to analyse Windows blue screen minidumps with debugging tool for Windows kd and get rid of Windows crash\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Netexpertise - Windows Blue Screen Analysis\" \/>\n<meta property=\"og:description\" content=\"How to analyse Windows blue screen minidumps with debugging tool for Windows kd and get rid of Windows crash\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html\" \/>\n<meta property=\"og:site_name\" content=\"Netexpertise\" \/>\n<meta property=\"article:published_time\" content=\"2010-12-07T23:37:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-12T20:32:57+00:00\" \/>\n<meta name=\"author\" content=\"dave\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@netexpertise\" \/>\n<meta name=\"twitter:site\" content=\"@netexpertise\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html\",\"url\":\"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html\",\"name\":\"Netexpertise - Windows Blue Screen Analysis\",\"isPartOf\":{\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#website\"},\"datePublished\":\"2010-12-07T23:37:37+00:00\",\"dateModified\":\"2021-10-12T20:32:57+00:00\",\"author\":{\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa\"},\"description\":\"How to analyse Windows blue screen minidumps with debugging tool for Windows kd and get rid of Windows crash\",\"breadcrumb\":{\"@id\":\"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/www.netexpertise.eu\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows Blue Screen Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#website\",\"url\":\"http:\/\/www.netexpertise.eu\/en\/\",\"name\":\"Netexpertise\",\"description\":\"Systems \/ Networks \/ DevOps\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.netexpertise.eu\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa\",\"name\":\"dave\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g\",\"caption\":\"dave\"},\"sameAs\":[\"http:\/\/www.netexpertise.eu\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Netexpertise - Windows Blue Screen Analysis","description":"How to analyse Windows blue screen minidumps with debugging tool for Windows kd and get rid of Windows crash","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html","og_locale":"en_US","og_type":"article","og_title":"Netexpertise - Windows Blue Screen Analysis","og_description":"How to analyse Windows blue screen minidumps with debugging tool for Windows kd and get rid of Windows crash","og_url":"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html","og_site_name":"Netexpertise","article_published_time":"2010-12-07T23:37:37+00:00","article_modified_time":"2021-10-12T20:32:57+00:00","author":"dave","twitter_card":"summary_large_image","twitter_creator":"@netexpertise","twitter_site":"@netexpertise","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html","url":"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html","name":"Netexpertise - Windows Blue Screen Analysis","isPartOf":{"@id":"http:\/\/www.netexpertise.eu\/en\/#website"},"datePublished":"2010-12-07T23:37:37+00:00","dateModified":"2021-10-12T20:32:57+00:00","author":{"@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa"},"description":"How to analyse Windows blue screen minidumps with debugging tool for Windows kd and get rid of Windows crash","breadcrumb":{"@id":"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.netexpertise.eu\/en\/systems\/windows\/blue-screen-analysis.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/www.netexpertise.eu\/en"},{"@type":"ListItem","position":2,"name":"Windows Blue Screen Analysis"}]},{"@type":"WebSite","@id":"http:\/\/www.netexpertise.eu\/en\/#website","url":"http:\/\/www.netexpertise.eu\/en\/","name":"Netexpertise","description":"Systems \/ Networks \/ DevOps","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.netexpertise.eu\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/cb4cd666549d22e9070ec1cfc1a496fa","name":"dave","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/www.netexpertise.eu\/en\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/1129916e1f4955bd632f27f836f64e55?s=96&d=mm&r=g","caption":"dave"},"sameAs":["http:\/\/www.netexpertise.eu"]}]}},"_links":{"self":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts\/719"}],"collection":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/comments?post=719"}],"version-history":[{"count":0,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/posts\/719\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/media?parent=719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/categories?post=719"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.netexpertise.eu\/en\/wp-json\/wp\/v2\/tags?post=719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}