New
#1
Debugging A BSOD
Seven Forums has given allot to me, so I thought I should give a little in return. :)
This happened "once upon a time" when I made noob'ish attempts to debug a BSOD. The basics are pretty much covered on the threads in our "How to" section:
- FredeGail's: User-friendly: Analyzing your first BSoD!
- Jonathan_King's: BSOD Analysis - Getting Started
- Writhziden's: How I Debug Blue Screen Crashes (A little more than basic)
The first obvious thing is download & extract the zip file generated by Capt.Jack Sparrow's SFDT: Blue Screen of Death (BSOD) Posting Instructions
You have a few contents staring back at you.. Wonder..Which one do I start with?
Chill, take a deep breath. That's what I do.
Step One
1. Go through the Host file, nothing suspicious but if you have a question on what those entries are about you can always ask the user about them. Make the user re-run the SFDT in case any file is missing.
2. Pick the Msinfo32 file. Check the amount of items on Start up. When I see more than 8 entries I link them to the tuts below:
Have a look through the list of programs installed. Look for problematic software. Hmm. What kind of software can be problematic on a PC? Not specific but sometimes analyzing the BSOD deeper gives you idea where the software drivers is/are failing. Do look for what security software is being used & for Overclocking tools. I lay back when I see Microsoft Security Essentials & Malware Bytes because we do know that Security plays a very important role on a system & am evident that the combination of MSE & MBAM do not cause BSODs. Why'd I use the word BSOD instead of problem(s)? My experience of debugging says I've never come across MSE causing a BSOD. There is no better free alternative to MSE. Uninstallers (removal tools) for common antivirus software - ESET Knowledgebase
Microsoft Security Essentials & the Free version of Malwarebytes, update and make full scans separately:
- Uninstallers (removal tools) for common antivirus software - ESET Knowledgebase
- Help protect your PC with Microsoft Security Essentials
- Malwarebytes Free
You may also take a look at:NoteDo not start the trial version of MalwareBytes
Why Overclocking tools can be a problem? Solved threads:TipIf the OP is unwilling about uninstalling their paid security software (for testing purpose at least), link them to the relevant company's website, tell them to create a thread for/ask for help on why the product is causing BSOD.
For uninstalling problematic software I recommend users to uninstall using Revo Uninstaller Free:If uninstalled in Advanced Mode an option for deleting leftover registries is available which is good.Information
- Download and install Revo Uninstaller free from here: Download Revo Uninstaller Freeware
Opt for "Advanced Mode" and uninstall the software (also delete the leftover registry entries).
A fact that BSODs are caused by Third party drivers, Hardware etc. An infected PC can also throw such problems. A few new/old threads where virus infections were the cause.
- BSOD - Right after start up... Works when it wants to!!
- BSOD Ataport.sys 0x10000008e
- BSOD Win 7 Pro x86 error: ataport.sys
- BSOD Randomly Error code 0X00000050 PAGE_FAULT_IN_NONPAGED_AREA
- ntoskrnl.exe irql not less or equal, PAGE_FAULT_IN_NONPAGED_AREA
You may come across users who have unknowingly installed two antivirus apps on their system, some intentional for more security? ..a few links I post them to take a look or explain them why two antiviruses on the system can cause problems.
- The Assumptions You Make About Your Slow PC (and Why They're Probably Wrong)
- is it bad to run multiple antivirus programs?
Apart from programs installed, I go through the device drivers which is listed in the Components tab which expands if you click on the + icon.
Check the driver dates under:
3. Note some problematic software then you start analyzing the dumps. You see the users system specs, probably a gaming system, a shiny, new, rock solid computer and oops.. It's overclocked . How did I know he's overclocking? A hint was given through the Msinfo file and now after running a dump. Type the command:Code:Components> Multimedia> Sound Components> Multimedia> Display Components> Input > Keyboard Components> Input> Pointer Components> Network> Adapter For storage related issues: Components> Storade> Drives Components> Storage> Disks Components> Storage> IDE
A tutorial by x BlueRobot on Windbg commands: BSOD Commands - WinDbgCode:!sysinfo cpuspeed
Overclocking any part of a computer can cause instability, so we recommend to stop the OC at least at the time of troubleshooting or wait to get the system back to a stable state. If the system is stable, redirect the OP to SF's good Performance & Maintenance Section and Overclocking and Case Mods Section for a (maybe) stable OC.
Some OP's may get back saying they're not able to monitor the temperature of their system & used the tool to do that. I recommend Speccy/HWMonitor.
Speccy System Information-- HWMonitor
For video card GPU z should be reliable: GPU-Z Video card GPU Information Utility
Step Two
4. After checking couple of dumps, what information have you collected? Is it a third party driver, device driver or a windows component? A driver is being blamed in the probably caused line. For reference log on to Carrona.org and click on the Driver Reference Table copy+paste the link of the driver for the users ease. Some drivers may not be listed at John Carrona's DRT so using another source for example Google may be OK. At least gives you an idea what product it belongs to. Also, Software Environment> System Drivers is a place where you may get some hint about to which the driver belongs to. Look at the Description column. If updating the particular driver does not help, you can ask the OP to uninstall the program completely from control panel and delete its drivers. Disable it temporarily in case of a hardware device for example a Webcam, Printer, Wifi/Internet dongle even a USB stick and so on. If the OP has another system, they can try adding the device on to it and see if it causes similar issues there.
- Random Crashes/ Blue Screen IRQL_NOT_LESS_OR_EQUAL 0x0000000a
- Friend's Laptop BSOD's
- BSOD with USB and sometimes with sleep
- Bsod driver_power_state_failure
- BSOD after start-up and whilst playing several games
5. Reading the Usual causes of a bug check at John Carrona's BSOD Index (although not always accurate) has helped me allot. Bug Check Code Reference (Windows Debuggers) is a nice place for basic ideas about the bug check codes. Many of us are not hardware experts such as myself but a few simple tips and links on how to troubleshoot a particular hardware always helps.
- Thermal Paste and How To Use It | techPowerUp
- Avoid Static Damage to Your PC | PCWorld
- Power Supply Information and Selection - Tech Support Forum
- Basic computer troubleshooting
- How To Clear CMOS
- How to clean your PC of dust and dirt
- How to clean a computer
6. Computer crashes are never specific and all crash dumps can never give you the accurate information, ideas or clues. Some dumps have no meaning and should be disregarded. This is when you need to make the OP your Guinea Pig (Not necessarily, but!). Driver Verifier will be your way to go. Verifier can bring on information of the problematic drivers which are not shown in a normal dump or a dump you disregarded.
- Driver Verifier - Enable and Disable
- Using Driver Verifier to identify issues with Windows drivers for advanced users
- Using Driver Verifier (Windows Drivers)
Some input from one of our analyst on Driver Verifier:
This is why driver verifier is important, and that is how driver verifier helps us debuggers to debug in some situations.When we don't find enough information form a crash dump; but the bugcheck code says that it is a driver related issue (say driver IRQL less or not equal. or driver power state failure), we need to search for the possible drivers playing behind the crashes. And here driver verifier is important. It puts a stress on the drivers, so that the unstable drivers may cause crashes. When a single driver is causing a crash, it will be recorded in the memory dump, as expected, and it occurs. Say, a system has Daemon tools installed. You haven't noticed it anyhow in the MSINFO32 file. The system is crashing, but dumps are not showing any finite probable cause, even in the raw stacks. Go for driver verifier. Within a few minutes it will crash, and the initial windbg output will say that "probably caused by: dtsoftbus01.sys".
7. Notice the information present in the dump, look for a pattern. For example, BSOD's while doing a RAM intensive task. The first thing that comes to your mind? = Memtest RAM - Test with Memtest86+. I've always quoted part three (3) from the tutorial so the OP knows what exactly he/she should do. But what happens if memtest doesn't find errors but your gut feeling is on RAM? We tell the user to try different sticks or complete new sticks cause memtests are not always reliable.
BSODs while copying large files, hard drive tested?
Network crashes like Netio.sys, browsing, downloading torrents? Updating network drivers do not help? Check what antivirus software is being used, if it's one of the "Internet Security App"BSOD-s while playing games/related to graphics are tough to solve, I've seen a few OP's solve their issues by underclocking their graphics card/CPU and maybe 1 or 2 who solved a video driver related BSOD by rolling back to an earlier BIOS version. Graphics related BSODs vary from each other that's what make them really hard to diagnose.NoteNo internet securities present and still facing crashes during tasks above? Probably a sign of corrupt drivers that cannot be fixed with a clean install of the drivers. Or probably a problem with the network device itself. Here's a thread where clean install of windows solved the OP's problem:
BSOD when downloading torrents
So in his case it was a problem of corrupt network drivers.
- Here's one the OP solved by searching himself: BSOD when loading SWTOR 0x50 Reading his dump gave him ideas because he was so willing to solve them, you see!
Step Three
8. The PC is randomly shutting down? You can always check what's going on in Event viewer when it comes to stuff like this. Go through the EventApp & EventSys texts. Check for overheating issues, loose connections. What if something is/was improperly seated? Is a hardware component failing/about to fail? Checked for broken CPU pins? Doubts about Power Supply supplying enough power? System runs fine for weeks but a BSOD/turn off/ crash happened again? Apply thermal, clean dust off the system. Even reinstalled windows from scratch still no go? Tried swapping the swap-able hardware components? When none of it works it leaves us with a clue that the problem is with the motherboard. If the system is under warranty there's a good chance for a replacement if not, time for a new MB. For more basic information on troubleshooting hardware go through H2SO4's: Stop 0x124 - what it means and what to try and Usasma's website: Carrona.org for Hardware Diagnosing tools.
A damaged Motherboard:
In cases like this, double check Warranty with the user.
9. Lost? Don't be. Seven Forums is one of the Best Tech Forum ever with lots of wonderful and highly knowledgeable members who're willing to help. So don't forget to request for more help on the More Help Requested thread. There are a vast number of solved threads over the years here at SF. Courtesy & respect goes to our Senior BSOD analysts, to name a few:
Usasma - John Carrona
zigzag3143 - Ken
Dave76 - Dave
Capt.Jack Sparrow - Shyam Sasindran
CarlTR6 - Carl Swofford
richc46 - Richard
Jonathan_King - Jonathan King
Writhziden - Mike
seth500 - Seth
Yowanvista - Yowan
MvdB - Mark
mgorman87 - Mike
FredeGail - Frederik
10. I hope this has helped you in learning "How to solve Blue screens"
Best of luck! :)
Last edited by koolkat77; 28 Sep 2013 at 10:09.