Friday, July 01, 2011

Recovering from BSOD with crash dump

My system just crashed and performed the traditional Blue Screen of Death (BSOD). The bad news is that I had open files that I have now lost. The good news is that it created a dump file to review and see what caused it.

90% of all crashes are due to a driver of some sort, and most of those are easily identified. The first step is to download WinDBG. For my Windows 7 system, with was part of the Windows 7 SDK at http://www.microsoft.com/download/en/confirmation.aspx?id=8279, I ran the setup and cleared out all but Common Utilities | Debugging Tools for Windows.
Once installed, on the start menu open WinDbg and go to File | Symbol File Path and enter SRV*c:\local cache*http://msdl.microsoft.com/download/symbols, click OK. Go to File | Open Crash Dump and browse to the memory.dmp or mini.dmp file. On opening the file, the debugger will do some initial analysis and return a line:
Probably caused by : XXXXXX
To get more detailed information, enter (or click) !analyze -v. Tons of more information will come spewing out and detail the type of error, more distinct error codes, drivers, and modules effected.

Like stated earlier, 90% of these errors are due to drivers (printers, video, etc...). This debug information should have identified the driver name, just google that driver and find an updated version.

More information on using the windows debugger to deal with crash dumps:
http://www.networkworld.com/news/2005/041105-windows-crash.html
http://support.microsoft.com/kb/315263

No comments: