Netexpertise

Dec 08 2010

Windows Blue Screen Analysis

Published by dave at 1:37 am under Windows

Despite what you may hear from Microsoft defenders, blue screens still occur in Windows family servers. After the system crash – hence the blue screen – Windows generates a memory dump file in C:/Windows/Minidump. The filename provides the date and time, a useful piece of information that lets you know about the crash frequency. These minidumps are also useful to conduct some Windows blue screen analysis.

Enable Blue Screen Minidumps

Minidumps should be enabled by default on your system but it is worth checking if you experience blue screens and C:/Windows/Minidump remains empty.
From the control panel:

– Go in System
– Click on “Advanced” tab
– Start and Recovery -> Settings
– Enable “Write an event to the system log”
– Disable Automatically restart
– Select the following debug info:
* Small memory dump (64 Kb)
* Small Dump Directory : %SystemRoot%\Minidump

Confirm settings on every window and restart the server.

Reproduce Windows Crash

Do whatever it takes to make Windows crash. If you do not know how to reproduce, blue screen dumps will add up in the minidump folder overtime and you can analyse them anytime later on.

Install Debugging Tools for Windows

The “Windows debugging tools” provides utilities for dump analysis. You can download them on Microsoft website.

MiniDumps Analysis

Now, you will need to extract information out of the minidump file. kd is the command we will use from the debugging tools for Windows to analyse blue screen dumps.

Open a command prompt window (Start -> Run -> “cmd”)

cd \program files\debugging tools
rem (Or the chosen path when you installed the Windows debugging tools)
kd -z C:\WINDOWS\Minidump\Mini???????-??.dmp
kd> .logopen c:\debuglog.txt
kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q

You now have a debuglog.txt file in c:\, which you can open with Notepad or any text editor.

Conclusion

If you’re lucky enough, you may find the the program or driver name causing the blue screens in the MODULE_NAME and IMAGE_NAME modules. Knowing this, you can now fix the problem.

Tags: Windows

No responses yet

Comments RSS

Follow @netexpertise
Categories
- Code (4)
  - Java (1)
  - Python (3)
- Database (14)
  - Ldap (2)
  - Mysql (11)
  - Oracle (1)
  - Postgresql (2)
- DevOps (9)
  - Ansible (4)
  - Jenkins (2)
  - Terraform (3)
- Docker (3)
  - Kubernetes (3)
- Mail (6)
  - Exchange (6)
- Misc (13)
  - Apache (4)
  - GLPI (2)
  - Nginx (1)
- Networking (20)
  - Cisco (8)
  - Fortinet (2)
  - Freeradius (10)
  - Monitoring (3)
- Security (7)
  - SSH (4)
- Storage (2)
- Systems (70)
  - Aix (3)
  - AS400 (14)
  - Backup (4)
  - Linux (31)
  - Solaris (3)
  - Virtualization (3)
  - Windows (21)

Get your projects done with Netexpertise
contact us »

Yearly
- 2022 (3)
- 2021 (14)
- 2020 (2)
- 2018 (1)
- 2017 (6)
- 2016 (6)
- 2015 (10)
- 2014 (4)
- 2013 (6)
- 2012 (5)
- 2011 (8)
- 2010 (11)
- 2009 (24)
- 2008 (14)
- 2007 (6)
- 2006 (4)

Systems / Networks / DevOps

Windows Blue Screen Analysis

Enable Blue Screen Minidumps

Reproduce Windows Crash

Install Debugging Tools for Windows

MiniDumps Analysis

Conclusion

Leave a Reply

Categories

Yearly