Windows 7: Debugging A BSOD - My way

Seven Forums has given allot to me, so I thought I should give a little in return.

This happened once upon a time when I made noobish attempts on trying to debug a Blue screen. The basics are pretty much covered on the threads in our "How to" section:

1) FredeGail's: User-friendly: Analyzing your first BSoD!
2) Jonathan_King's: BSOD Analysis - Getting Started
3) Writhziden's: How I Debug Blue Screen Crashes (A little more than basic)

The first obvious thing we do is download and extract the zip file that were generated by Capt.Jack Sparrow's SF Diagnostic Tool: Blue Screen of Death (BSOD) Posting Instructions



We have a few contents staring back at us to analyze them Wonder..Which one do I start with?

Chill, take a deep breath. That's what I do.

Step One

1. Go through the Host file, nothing suspicious in there, but if you have a question on what those entries are about you can always ask the user about them.


2. Pick the Msinfo32 file, check the amount of items on start up. If I see more than 8 entries I link them to the guides below:

Startup Programs - Change
Troubleshoot Application Conflicts by Performing a Clean Startup

Go through the list of programs installed. Look for problematic software. Hmm. What kind of software can create problem on a PC? Not specific, sometimes analyzing the BSOD deeper gives you idea where its driver's failing - but look for what security app is being used and for "Overclocking" tools. I lay back when I see Microsoft Security Essentials & Malware Bytes because we all know that Security plays a very important role on a system, and I am evident that MSE and MBAM do not cause BSOD's. Why'd I use the word BSOD instead of problem(s)? Cause in my experience of debugging I've never come across MSE causing a BSOD. There is no better free alternative to MSE.


For uninstalling problematic software I recommend users to uninstall using Revo Uninstaller Free:
If uninstalled in Advanced Mode an option for deleting leftover registries is available which is good IMO

A fact that Blues screens are caused by Third party drivers, Hardware etc. An infected PC can also throw such problems. Here are a few new/old threads where Virus infection were the culprit.

BSOD - Right after start up... Works when it wants to!!
BSOD Ataport.sys 0x10000008e
BSOD Win 7 Pro x86 error: ataport.sys
BSOD Randomly Error code 0X00000050 PAGE_FAULT_IN_NONPAGED_AREA

You may come across users who have unknowingly installed two antivirus apps on their system, some intentional for more security? ..a few links I post them to take a look or you could explain them why they shouldn't keep two antiviruses on the system.

The Assumptions You Make About Your Slow PC (and Why They're Probably Wrong)
is it bad to run multiple antivirus programs?

Apart from programs installed, I go through the device drivers which is listed in the Components tab which expands if you click on the + icon.

Check the driver dates under:
3. Note some problematic software then you start analyzing the dumps. You see the users system specs, probably a gaming system, a shiny, new, rock solid computer and oops.. It's overclocked . How did I know he's overclocking? A hint was given through the Msinfo file and now after running a dump. Type the command:
A tutorial by x BlueRobot on Windbg commands: BSOD Commands - WinDbg

Overclocking any part of a computer can cause instability, so we recommend to stop the OC at least during troubleshooting and or get the system back to a stable state. If the system is stable, redirect the OP to SF's good Performance & Maintenance Section and Overclocking and Case Mods Section for a (maybe) stable OC.

Some OP's may get back saying they're not able to monitor the temperature of their system and used the tool to do that. I recommend Speccy/HWMonitor.
Speccy System Information

HWMonitor

For video card GPU z should be reliable: GPU-Z Video card GPU Information Utility

Step Two

4. After checking couple of dumps, what information have you collected? Is it a third party driver, device driver or a windows component? A driver is being blamed in the probably caused line. For reference log on to Carrona.org and click on the Driver Reference Table copy and paste the link of the driver for the users ease. Some drivers may not be listed at John Carrona's DRT so using another source for example Google may be OK. At least gives you an idea what product it belongs to. Also, Software Environment> System Drivers is a place where you may get some hint about to which the driver belongs to. Look at the Description column. If updating the particular driver does not help, you can ask the OP to uninstall the program completely from control panel and delete its drivers. Disable it temporarily in case of a hardware device for example a Webcam, Printer, Wifi/Internet dongle even a USB stick and so on. If the OP has another system, they can try adding the device on to it and see if it causes similar issues there.

Random Crashes/ Blue Screen IRQL_NOT_LESS_OR_EQUAL 0x0000000a
Friend's Laptop BSOD's
BSOD with USB and sometimes with sleep
Bsod driver_power_state_failure
BSOD after start-up and whilst playing several games

5. Reading the Usual causes of a bug check at John Carrona's BSOD Index (although not always accurate) has helped me allot. Bug Check Code Reference (Windows Debuggers) is a nice place for basic ideas about the bug check codes. Many of us are not hardware experts such as myself but a few simple tips and links on how to troubleshoot a particular hardware always helps.

Thermal Paste and How To Use It | techPowerUp
Avoid Static Damage to Your PC | PCWorld
Power Supply Information and Selection - Tech Support Forum
Basic computer troubleshooting
How To Clear CMOS
How to clean your PC of dust and dirt
How to clean a computer

6. Computer crashes are never specific and all crash dumps can never give you the accurate information, ideas or clues. Some dumps have no meaning and should be disregarded. This is when you need to make the OP your Guinea Pig (Not necessarily, but!). Driver Verifier will be your way to go. Verifier can bring out information of the problematic drivers which are not shown in a normal dump or a dump you disregarded.
Driver Verifier - Enable and Disable
Using Driver Verifier to identify issues with Windows drivers for advanced users
Using Driver Verifier (Windows Drivers)

Some input from one of our analyst on Driver Verifier:

This is why driver verifier is important, and that is how driver verifier helps us debuggers to debug in some situations.

7. Notice the information present in the dump, look for a pattern. For example, BSOD-s while doing a RAM intensive task. The first thing that comes to your mind? = Memtest RAM - Test with Memtest86+. I've always quoted part three (3) from the tutorial so the OP knows what exactly he/she should do. But what happens if memtest doesn't find errors but your gut feeling is on RAM? We tell the user to try different sticks or complete new sticks cause memtests are not always reliable.

Network crashes like Netio.sys, while browsing, downloading torrents? Updating network drivers does not help? Check what antivirus software is being used, if it's one of the "Internet Securities", remember to switch to MSE and MBAM


BSOD-s while playing games/related to graphics are tough to solve, I've seen a few OP's solve their issues by underclocking their graphics card/CPU and maybe 1 or 2 who solved a video driver related BSOD by rolling back to an earlier BIOS version. Graphics related BSOD-s are always different and vary from each other that's what make them really hard to diagnose.

Here's one the OP solved by searching himself: BSOD when loading SWTOR 0x50
Reading his dump gave him ideas because he was so willing to solve them, you see!

Step Three

8. The PC is randomly shutting down? You can always check what's going on in Event viewer when it comes to stuff like this. Go through the EventApp and EventSys texts. Check for overheating issues, loose connections. What if something is/was improperly seated? Is a hardware component failing/about to fail? Checked for broken CPU pins? Doubts about Power Supply supplying enough power? System runs fine for weeks but a BSOD/turn off/ crash happened again? Apply thermal, clean dust off the system. Even reinstalled windows from scratch still no go? Tried swapping the swap-able hardware components? When none of it works it leaves us with a clue that the problem is with the motherboard. If the system is under warranty there's a good chance for a replacement if not, time for a new MB. For more basic information on troubleshooting hardware go through H2SO4's: Stop 0x124 - what it means and what to try and Usasma's website: Carrona.org for Hardware Diagnosing tools.
*) Random BSOD - Error 0x0000003b

A reminder for the user:


9. Lost? Don't be. SevenForums is one of the Best Tech Forum ever with lots of wonderful and highly knowledgeable members who're willing to help. So don't forget to request for more help on the More Help Requested thread. There are a vast number of solved threads over the years here at SF. Courtesy & respect goes to our Senior BSOD analysts, to name a few:

Usasma - John Carrona
zigzag3143 - Ken
Dave76 - Dave
Capt.Jack Sparrow - Shyam Sasindran
CarlTR6 - Carl Swofford
richc46 - Richard
Jonathan_King - Jonathan King
Writhziden - Mike
seth500 - Seth
Yowanvista - Yowan
MvdB - Mark
mgorman87 - Mike
FredeGail - Frederik

10. I hope this has helped you in learning "How to solve Blue screens"

Best of luck!

Very nicely put together! It will help a lot of people for sure.

It will certainly help a NOOB like me , thanks Koolkat ,
You do realise we are going to be out of work soon

Great tutorial, will for sure help some of the less experienced BSOD analysts

Great tutorial. Very helpful.

Thanks everyone!

I had mentioned that ---
The common commands for checking drivers are lmtsm and lm, I use both of these often

How to check which driver is failing between crashes?:

It's the !thread command that you need to run.

1. Hit enter and you will then see a few numbers like this:

2. Copy and paste the numbers from “Limit and Base” but before that type “dps”

And hit enter.

3. It will be busy but expand after a while. Then scroll down slowly and see which driver is failing there..

For instance, in the image above you can see nvlddmkm.sys failing.

Thanks, I never even knew that

Great tutorial!!

No problem I'm still learning myself.
Thank you Element7, glad you find it useful

Well I wish I new the English language better because I'm searching for the proper words.

I will have to stick to words I know. GREAT JOB.

Well put together and understandable. Your gift to us with this Thread is accepted by me and Thank You.