Debugging A BSOD - My way

Page 1 of 2 12 LastLast

  1. Posts : 15,026
    Windows 10 Home 64Bit
       #1

    Debugging A BSOD


    Seven Forums has given allot to me, so I thought I should give a little in return. :)

    This happened "once upon a time" when I made noob'ish attempts to debug a BSOD. The basics are pretty much covered on the threads in our "How to" section:


    The first obvious thing is download & extract the zip file generated by Capt.Jack Sparrow's SFDT: Blue Screen of Death (BSOD) Posting Instructions

    You have a few contents staring back at you.. Wonder..Which one do I start with?

    Chill, take a deep breath. That's what I do.

    Step One

    1. Go through the Host file, nothing suspicious but if you have a question on what those entries are about you can always ask the user about them. Make the user re-run the SFDT in case any file is missing.

    2. Pick the Msinfo32 file. Check the amount of items on Start up. When I see more than 8 entries I link them to the tuts below:


    Have a look through the list of programs installed. Look for problematic software. Hmm. What kind of software can be problematic on a PC? Not specific but sometimes analyzing the BSOD deeper gives you idea where the software drivers is/are failing. Do look for what security software is being used & for Overclocking tools. I lay back when I see Microsoft Security Essentials & Malware Bytes because we do know that Security plays a very important role on a system & am evident that the combination of MSE & MBAM do not cause BSODs. Why'd I use the word BSOD instead of problem(s)? My experience of debugging says I've never come across MSE causing a BSOD. There is no better free alternative to MSE. Uninstallers (removal tools) for common antivirus software - ESET Knowledgebase
    Microsoft Security Essentials & the Free version of Malwarebytes, update and make full scans separately:

       Note
    Do not start the trial version of MalwareBytes
    You may also take a look at:
       Tip
    If the OP is unwilling about uninstalling their paid security software (for testing purpose at least), link them to the relevant company's website, tell them to create a thread for/ask for help on why the product is causing BSOD.
    Why Overclocking tools can be a problem? Solved threads:


    For uninstalling problematic software I recommend users to uninstall using Revo Uninstaller Free:
       Information


    Opt for "Advanced Mode" and uninstall the software (also delete the leftover registry entries).
    If uninstalled in Advanced Mode an option for deleting leftover registries is available which is good.

    A fact that BSODs are caused by Third party drivers, Hardware etc. An infected PC can also throw such problems. A few new/old threads where virus infections were the cause.


    You may come across users who have unknowingly installed two antivirus apps on their system, some intentional for more security? ..a few links I post them to take a look or explain them why two antiviruses on the system can cause problems.


    Apart from programs installed, I go through the device drivers which is listed in the Components tab which expands if you click on the + icon.

    Check the driver dates under:
    Code:
    Components> Multimedia> Sound
    Components> Multimedia> Display
    Components> Input > Keyboard
    Components> Input> Pointer
    Components> Network> Adapter
    
    For storage related issues: 
    Components> Storade> Drives
    Components> Storage> Disks
    Components> Storage> IDE
    3. Note some problematic software then you start analyzing the dumps. You see the users system specs, probably a gaming system, a shiny, new, rock solid computer and oops.. It's overclocked . How did I know he's overclocking? A hint was given through the Msinfo file and now after running a dump. Type the command:
    Code:
    !sysinfo cpuspeed
    A tutorial by x BlueRobot on Windbg commands: BSOD Commands - WinDbg

    Overclocking any part of a computer can cause instability, so we recommend to stop the OC at least at the time of troubleshooting or wait to get the system back to a stable state. If the system is stable, redirect the OP to SF's good Performance & Maintenance Section and Overclocking and Case Mods Section for a (maybe) stable OC.

    Some OP's may get back saying they're not able to monitor the temperature of their system & used the tool to do that. I recommend Speccy/HWMonitor.
    Speccy System Information-- HWMonitor

    For video card GPU z should be reliable: GPU-Z Video card GPU Information Utility

    Step Two

    4. After checking couple of dumps, what information have you collected? Is it a third party driver, device driver or a windows component? A driver is being blamed in the probably caused line. For reference log on to Carrona.org and click on the Driver Reference Table copy+paste the link of the driver for the users ease. Some drivers may not be listed at John Carrona's DRT so using another source for example Google may be OK. At least gives you an idea what product it belongs to. Also, Software Environment> System Drivers is a place where you may get some hint about to which the driver belongs to. Look at the Description column. If updating the particular driver does not help, you can ask the OP to uninstall the program completely from control panel and delete its drivers. Disable it temporarily in case of a hardware device for example a Webcam, Printer, Wifi/Internet dongle even a USB stick and so on. If the OP has another system, they can try adding the device on to it and see if it causes similar issues there.


    5. Reading the Usual causes of a bug check at John Carrona's BSOD Index (although not always accurate) has helped me allot. Bug Check Code Reference (Windows Debuggers) is a nice place for basic ideas about the bug check codes. Many of us are not hardware experts such as myself but a few simple tips and links on how to troubleshoot a particular hardware always helps.


    6. Computer crashes are never specific and all crash dumps can never give you the accurate information, ideas or clues. Some dumps have no meaning and should be disregarded. This is when you need to make the OP your Guinea Pig (Not necessarily, but!). Driver Verifier will be your way to go. Verifier can bring on information of the problematic drivers which are not shown in a normal dump or a dump you disregarded.


    Some input from one of our analyst on Driver Verifier:

    When we don't find enough information form a crash dump; but the bugcheck code says that it is a driver related issue (say driver IRQL less or not equal. or driver power state failure), we need to search for the possible drivers playing behind the crashes. And here driver verifier is important. It puts a stress on the drivers, so that the unstable drivers may cause crashes. When a single driver is causing a crash, it will be recorded in the memory dump, as expected, and it occurs. Say, a system has Daemon tools installed. You haven't noticed it anyhow in the MSINFO32 file. The system is crashing, but dumps are not showing any finite probable cause, even in the raw stacks. Go for driver verifier. Within a few minutes it will crash, and the initial windbg output will say that "probably caused by: dtsoftbus01.sys".
    This is why driver verifier is important, and that is how driver verifier helps us debuggers to debug in some situations.

    7. Notice the information present in the dump, look for a pattern. For example, BSOD's while doing a RAM intensive task. The first thing that comes to your mind? = Memtest RAM - Test with Memtest86+. I've always quoted part three (3) from the tutorial so the OP knows what exactly he/she should do. But what happens if memtest doesn't find errors but your gut feeling is on RAM? We tell the user to try different sticks or complete new sticks cause memtests are not always reliable.

    BSODs while copying large files, hard drive tested?

    Network crashes like Netio.sys, browsing, downloading torrents? Updating network drivers do not help? Check what antivirus software is being used, if it's one of the "Internet Security App"
       Note
    No internet securities present and still facing crashes during tasks above? Probably a sign of corrupt drivers that cannot be fixed with a clean install of the drivers. Or probably a problem with the network device itself. Here's a thread where clean install of windows solved the OP's problem:
    BSOD when downloading torrents
    So in his case it was a problem of corrupt network drivers.
    BSOD-s while playing games/related to graphics are tough to solve, I've seen a few OP's solve their issues by underclocking their graphics card/CPU and maybe 1 or 2 who solved a video driver related BSOD by rolling back to an earlier BIOS version. Graphics related BSODs vary from each other that's what make them really hard to diagnose.

    • Here's one the OP solved by searching himself: BSOD when loading SWTOR 0x50 Reading his dump gave him ideas because he was so willing to solve them, you see!

    Step Three

    8. The PC is randomly shutting down? You can always check what's going on in Event viewer when it comes to stuff like this. Go through the EventApp & EventSys texts. Check for overheating issues, loose connections. What if something is/was improperly seated? Is a hardware component failing/about to fail? Checked for broken CPU pins? Doubts about Power Supply supplying enough power? System runs fine for weeks but a BSOD/turn off/ crash happened again? Apply thermal, clean dust off the system. Even reinstalled windows from scratch still no go? Tried swapping the swap-able hardware components? When none of it works it leaves us with a clue that the problem is with the motherboard. If the system is under warranty there's a good chance for a replacement if not, time for a new MB. For more basic information on troubleshooting hardware go through H2SO4's: Stop 0x124 - what it means and what to try and Usasma's website: Carrona.org for Hardware Diagnosing tools.

    A damaged Motherboard:

    In cases like this, double check Warranty with the user.

    9. Lost? Don't be. Seven Forums is one of the Best Tech Forum ever with lots of wonderful and highly knowledgeable members who're willing to help. So don't forget to request for more help on the More Help Requested thread. There are a vast number of solved threads over the years here at SF. Courtesy & respect goes to our Senior BSOD analysts, to name a few:

    Usasma - John Carrona
    zigzag3143 - Ken
    Dave76 - Dave
    Capt.Jack Sparrow - Shyam Sasindran
    CarlTR6 - Carl Swofford
    richc46 - Richard
    Jonathan_King - Jonathan King
    Writhziden - Mike
    seth500 - Seth
    Yowanvista - Yowan
    MvdB - Mark
    mgorman87 - Mike
    FredeGail - Frederik

    10. I hope this has helped you in learning "How to solve Blue screens"

    Best of luck! :)
    Last edited by koolkat77; 28 Sep 2013 at 10:09.
      My Computer


  2. Arc
    Posts : 35,373
    Microsoft Windows 10 Pro Insider Preview 64-bit
       #2

    Very nicely put together! It will help a lot of people for sure.
      My Computer


  3. Posts : 2,014
    Windows 7 Professional 64bit
       #3

    It will certainly help a NOOB like me :), thanks Koolkat ,
    You do realise we are going to be out of work soon
      My Computer

  4.    #4

    Great tutorial, will for sure help some of the less experienced BSOD analysts
      My Computer


  5. Posts : 8,476
    Windows® 8 Pro (64-bit)
       #5

    Great tutorial. Very helpful.
      My Computer


  6. Posts : 15,026
    Windows 10 Home 64Bit
    Thread Starter
       #6

    !thread


    Thanks everyone! :)

    I had mentioned that ---
    koolkat77 said:
    Sometimes analyzing the BSOD deeper gives you idea where its driver's failing
    The common commands for checking drivers are lmtsm and lm, I use both of these often :)

    How to check which driver is failing between crashes?:

    It's the !thread command that you need to run.

    1. Hit enter and you will then see a few numbers like this:


    2. Copy and paste the numbers from “Limit and Base” but before that type “dps”


    And hit enter.

    3. It will be busy but expand after a while. Then scroll down slowly and see which driver is failing there..


    For instance, in the image above you can see nvlddmkm.sys failing.
    Last edited by koolkat77; 17 May 2013 at 02:31. Reason: Typo
      My Computer

  7.    #7

    Thanks, I never even knew that
      My Computer


  8. Posts : 315
    Windows 7 Ultimate 32bit
       #8

    Great tutorial!!
      My Computer


  9. Posts : 15,026
    Windows 10 Home 64Bit
    Thread Starter
       #9

    x BlueRobot said:
    Thanks, I never even knew that
    No problem :) I'm still learning myself.
    Element7 said:
    Great tutorial!!
    Thank you Element7, glad you find it useful
      My Computer


  10. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #10

    Well I wish I new the English language better because I'm searching for the proper words.

    I will have to stick to words I know. GREAT JOB.

    Well put together and understandable. Your gift to us with this Thread is accepted by me and Thank You.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:50.
Find Us