Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: User-friendly: Analyzing your first BSoD!

22 Nov 2011   #1

Microsoft Windows 7 Ultimate: x64 (SP1)
 
 
User-friendly: Analyzing your first BSoD!

Introduction
Note   Note
So this will be a little bit different guide for analysing dump files and hopefully figure out the cause of a BSoD. It'll be userfriendly for sure, and I will share my own experience. The tutorial will start off with the very basic things, and will probably get a little harder, but not that hard at all!
So there you have it! Read it through a couple of times if you misunderstood something, or just ask in the thread itself.

Happy analysing!

Tip   Tip
If your Windbg shows errors related to the symbol path, you should read the Windbg tutorial again and check up on it.

warning   Warning
Delete the bunch of dumps you're analyzing once a month or so. It can run up in Gigabytes!


Get the Windbg ready!
Windbg stands for Windows Debugging as you probably guessed, and it's the visualizer for the dump file. It works a bit like a command prompt, a bit different though; you enter a command, you will get it. But we will get to all this later, first let's get your Windbg ready. The tutorial below covers it all, return when you're ready!

Configuring the Debugging Tools

What is a dump file?
A dump file, also called a crash dump, is created when a BSoD appears. It'll make you able to see what the BSoD caused in many cases. It'll tell you what kind of events that has been happening till the BSoD took place. Bigger dumps takes longer to load. If the user doesn't have this included in the zip file, you should link to the page below.

Posting Instructions

Let's get started
If you followed the "Configuring the Debugging Tools" you're able to simply double-click on a .dmp file and Windbg will open. Let Windbg load the dump, it can take time. If it takes more than 2min or so, the dump is in-complete. If this is the case, you should pick another dump in the .zip.

Probably caused by
So in the very first beginning there's a lot of text just when you open the dump. That's actually information about the symbols you picked earlier. When you see a text field where it says:
Code:
Probably caused by: (something)
.. the dump is loaded. In most cases, it shoots the fault at 'ntoskrnl.exe' which is likely very incorrect. It'll just put the fault on that .exe file if it can't figure out what's 'Probably' causing the dump.
If the dump points to something else, go to a driver reference (Carrona), and search for it. A dump is fairly easy to analyse if this is the case.

Bugcheck
The Bugcheck is probably something you know by own experience. It's a number and some text which shows what kind of BSoD the user has been experiencing. Here's an example of a Bugcheck.
Code:
STOP 0x1000007F: UNEXPECTED_KERNEL_MODE_TRAP_M
You can check this website (BSOD Index) and search for the probably causes.

In this case, it could be the CPU.

So, where's the Bugcheck?
the command '!analyse -v' will give you a more detailed analyse-dump. You can't really miss it. It's surrounded by stars and says Bugcheck.
In a lot of cases, the Bugcheck says it's caused by a memory corruption, and you should inform the user to run a Memtest86+.

Check for old drivers.
Code:
lmntsm
That's a command for showing drivers, but I certainly do not recommend it that way. Do it this way:

i) click Debug
ii) click Modules
iii) sort it by date

Wrap the old drivers in a [CODE][/CODE ] and post it for the user. If the user wonders how to find the drivers make a [QUOTE][/QUOTE ] saying:

Quote:
How to Find Drivers
search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- visit the web site of the manufacturer of the hardware/program to get the latest drivers (DON'T use Windows Update or the Update driver function of Device Manager).
- if there are difficulties in locating them, post back with questions and someone - will help you search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- - if there are difficulties in locating them, post back with questions and someone will try and help you locate the appropriate program.
- The most common drivers are listed on this page: Driver Reference
- - Driver manufacturer links are on this page: Drivers and Downloads
To remove any left over driver remnants, especially from graphics cards, use driver sweeper
Guru3D - Driver Sweeper
What if a process is set as 'Probably caused by'?
When the Probably caused by function ends with .exe and the Bugcheck informs a process, you know it's a process, for now. It'll likely be a worm also known as Malware. For that we have the awesome tool for a scan. You should link to the following:

Malwarebytes

It could also be a broken system file in that case, they should run the 'sfc /scannow command in a command prompt. It'll likely restore some Windows 7 files. Tell the user to run it 2-3 times as it won't likely repair at first run.

SFC-command

Antivirus error
If you discover a Antivirus error, you should ask the user to uninstall their current Antivirus, and ask them to install Microsoft Security Essentials. An antivirus should be uninstalled with the manufactures' software. Here's a list of uninstallers.

Uninstallers

Conclusion
There are much more ways to analyse dumps, much more advanced too, but this is just the general things I look for first. Somehow I find the pattern analyses quite irrelevant. Of course it can be used if the dump is a bit harder to analyse, but in most cases you can just pick another dump from the zip. I will probably make more detailed guides next time. For now, I hope you enjoyed it, and i'm sure that you can use it sometime. I totally understand if you find this hard and thinks there's a lot of writing, well, even the professionals can have trouble with all this.

Change-log
Code:
- added malwarebytes option
- added sfc /scannow command
- added anitivirus
- added antivirus-uninstallers
- added goodies in the conclusion
- added lmntsm instead of lm t n
- added tip/warning


Fred.


My System SpecsSystem Spec
.

22 Nov 2011   #2

Windows® 8 Pro (64-bit)
 
 

Great job mate.
My System SpecsSystem Spec
22 Nov 2011   #3

Microsoft Windows 7 Ultimate: x64 (SP1)
 
 

Quote   Quote: Originally Posted by Dinesh View Post
Great job mate.
Thanks Dinesh!
My System SpecsSystem Spec
.


22 Nov 2011   #4

Windows 7 Home Premium x64 SP1
 
 

Very interesting FredeGail especially for someone who doesn't know where to start like me lol

Danny
My System SpecsSystem Spec
22 Nov 2011   #5

Microsoft Windows 7 Ultimate: x64 (SP1)
 
 

Quote   Quote: Originally Posted by xxxdannyxxx View Post
Very interesting FredeGail especially for someone who doesn't know where to start like me lol

Danny
Glad you also could use it Danny.
Thanks!

Fred.
My System SpecsSystem Spec
22 Nov 2011   #6

Windows 7 Ultimate SP1 64-Bit
 
 

Cheers Fred, BSOD analysis left me cold as I didn't know where to start.

Now I know where to start I need to find a road map for the rest of the journey!
My System SpecsSystem Spec
23 Nov 2011   #7

Microsoft Windows 7 Ultimate: x64 (SP1)
 
 

Quote   Quote: Originally Posted by seavixen32 View Post
Cheers Fred, BSOD analysis left me cold as I didn't know where to start.

Now I know where to start I need to find a road map for the rest of the journey!
Haha, glad you liked it seavixen!

Fred.
My System SpecsSystem Spec
23 Nov 2011   #8

Microsoft Windows 7 Ultimate: x64 (SP1)
 
 

I updated some stuff. You can check the change-log in the end of the main post!

Fred.
My System SpecsSystem Spec
24 Nov 2011   #9

Microsoft Community Contributor Award Recipient

Windows 7 Ult x64 - SP1/ Windows 8 Pro x64
 
 

Nice tut Fred, good information.

It's actually pretty easy once you do it a couple times.

When looking for causes and clues, open the Event logs, $evtx_app_dump and $evtx_sys_dump, these are application and system event logs.
These are usually big files, so use the 'Find' in the 'EDIT' tab, enter 'error' (no quotation marks).
This will take you to all the errors and usually you will find some interesting information.
My System SpecsSystem Spec
24 Nov 2011   #10

Windows 7 Ultimate x86
 
 

Nice work !
Just a remark:
Instead of
Code:
lm t n
I use
Code:
lmntsm
which sorts by name and serves me better when looking for a specific driver.

-DG
My System SpecsSystem Spec
Reply

 User-friendly: Analyzing your first BSoD!




Thread Tools



Similar help and support threads for2: User-friendly: Analyzing your first BSoD!
Thread Forum
Most user-friendly way to return 64-bit system to factory settings Backup and Restore
Just a friendly share :) Chillout Room
BSOD Need help analyzing (dumps included) BSOD Help and Support
New Help Analyzing BSOD BSOD Help and Support
Which AV is most ressource friendly ? System Security
How to see if software is Windows 7 friendly? Software
Friendly poke Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:49 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33