Steps in a nutshell
- Create and capture the memory dump associated with the BSOD you are trying to troubleshoot.
- Install and configure WinDBG and the Symbols path to the correct Symbols folder.
- Use WinDBG to Debug and analyze the screen dump, and then get to the root cause of the problem.
Create memory dump
Keep in mind that if you are not experiencing a blue screen fatal system error, there will be no memory dump to capture.
1. Press the WinKey + Pause.
2. Click Advanced, and under Start Up and Recovery, select Settings.
3. Uncheck Automatically Restart.
4. Click on the dropdown arrow under Write Debugging Information.
5. Select Small Memory Dump (64 KB) and make sure the output is%SystemRoot%\Minidump.
6. Restart the PC normally, as this will allow the System to error and Blue Screen and then create the Minidump.
The location of the Minidump files can be found here:
To download and install the Windows debugging tools for your version of Windows, visit the Microsoft Debugging Tools Web site.
Follow the prompts, and when you install, take note of your Symbols location, if you accept the default settings. I normally create a folder first and then direct the install to that folder because I use WinDBG for two operating systems, XP and Vista, and want to keep them separate and organized.
This Microsoft Support Knowledge Base article will explain how to read the small memory dump files that Windows creates for debugging purposes.
Setting up and using WinDBG
1. Click Start | All Programs | Debugging Tools for Windows, and open WinDBG. Select File | Symbol file path and modify it to suit your situation, then copy and paste it into the box, as shown in Figure A, and click OK. I suggest:
Or if you are using different Symbols:
2. Close the workspace and save the Workspace information, as shown inFigure B. This should lock in the Symbol path.
3. Open WinDBG and select File and select Open Crash Dump and then navigate to the minidump file created earlier, highlight it, and select Open.
! analyze -v
as shown in Figure C under Bugcheck Analysis.
! analyze -v
Tips! If you look to the bottom of the screen, you will see kd>; to the right of that type !analyze -v or .lastevent and press the Enter key. It will then show you the exception record and stack trace of the function where the exception occurred.
You can also use the .exr, .cxr, and .ecxr commands to display the exception and context records.
When working with drivers, you can use kd> lm tn, as shown in Figure D, to get extra information.
[Ctrl]+[A] will let you copy the information and paste it into Notepad.
For example, look to the bottom of the page for information similar to what is shown in Figure E.
The problem creating the BSOD was caused by the installed dialer software for a USB modem. It turned out that uninstalling the software didn’t resolve the problem.
The answer to the problem was achieved by using the WinDBG tool to Debug and analyze the memory dump file. The fix was to rename theC:\Windows\System\fldevice.sys driver to C:\Windows\System\fldevice.sys.old. Windows was still referencing the file even though the software had been uninstalled. This tool is invaluable and will help you to resolve the problems that you may encounter when you get a BSOD.