What happens when you get a Blue Screen of Death (BSOD)? I’m sure almost everyone just says something like “____ Microsoft!” Unfortunately, most of the time, you would just be using Microsoft as a scape goat. Why? According to Microsoft and other gurus, about 70-80% of crashes are caused by 3rd party drivers. Yep, all those great toys you have hooked up to your computer and the software that control them are most likely responsible.
I have probably just blown your mind or you are probably full of skeptism. Hopefully these debugging techniques can make you a believer….
Step 1: Disable auto-reboot on a crash
Step 2: Create a memory dump versus a Mini crash dump.. This will allow you to get more information from the dumps.
Step3: Install Windows Debugger tools
Step4: Set environment variable to automatically download symbols from the Microsoft symbol servers (WinDBG->Source Symbol Path->”srv*C:symbols*http://msdl.microsoft.com/download/symbols”)
Step5: Open the crash dump file located in C:Windows or C:Windowsminidump
Step6: Run “analyze -v” to get list of drivers in the stack text. If the driver points to one of the Windows core system files (ntoskrnl.exe, win2k32.sys, etc), then you probably have to dig a little deeper.
Step7: Additional helpful debug commands to run to find the culprit
kv – Looks at stack of current thread. This is used for misdiagnosed analysis. Look for suspicious drivers
lm kv – Shows version information (dates, etc) of currently loaded drivers to find updates for.
!vm – Check pool usage (if close to maximum, then it’s a leaky driver)
!thread – looks at currently running threads
!process 0 0 – summary level display of processes during crash
!irp <irp from IRP List from !thread> – Associates drivers thread (it’s a hint to investigate)
!poolused (needs to enable on xp and earlier) – Use with Strings
Debugging mode (F8) – Use when no crash dump created…, needs to connect using usb (modify boot.ini) or serial from another system running windbg
Windbg – File->Kernel Debug
Debug -> Break to connect to crashed system
.dump (saves dump information)
Hung system troubleshooting (computer freeze)
– Use crash on control-scrl-scrl (registry setting)
– Check other processors on multiple processors
lm kv <driver name from stack>