Wednesday, February 23, 2011

Debugging a blue screen

Title - Debugging a blue screen

Details - Have you ever wondered how to obtain extra information from the infamous Blue Screen of Death (BSOD) that will sometimes show up and give you a cryptic, Stop: 0×00000000 error message, before flashing off the screen? The error message is trying to point you to a fatal operating system error that could be caused by a number of problems. When the system encounters a hardware problem, data inconsistency, or similar error, it may display a blue screen containing information that can be used to determine the cause of the error. This information includes the STOP code and whether a crash dump file was created. It may also include a list of loaded drivers and a stack trace.
Microsoft’s WinDBG will help you to debug and diagnose the problem and then lead you to the root cause so you can fix it.
Steps For Analyze
  1. Create and capture the memory dump associated with the BSOD you are trying to troubleshoot.
  2. Install and configure WinDBG and the Symbols path to the correct Symbols folder.
  3. Use WinDBG to Debug and analyze the screen dump, and then get to the root cause of the problem.
Minidump
A minidump is a smaller version of a complete, or kernel memory dump.  Usually Microsoft will want a kernel memory dump.  But the debugger will analyze a mini-dump and quite possibly give information needed to resolve.  If it's all you have, then debug it, rather than waiting for the machine to crash again.  Open the file in the debugger (see below) just as opening memory.dmp.
Steps to create memory dump
Keep in mind that if you are not experiencing a blue screen fatal system error, there will be no memory dump to capture.
1. Press the WinKey + Pause.
2. Click Advanced, and under Start Up and Recovery.
3. Uncheck Automatically Restart.
4. Click on the dropdown arrow under Write Debugging Information.
5. Select Small Memory Dump (64 KB) and make sure the output is %SystemRoot%\Minidump.
6. Restart the PC normally, as this will allow the System to error and Blue Screen and then create the Minidump.
The location of the Minidump files can be found here:
C:\WINDOWS\Minidump\Mini000000-01.dmp
To download and install the Windows debugging tools for your version of Windows, visit the Microsoft Debugging Tools Web site.
Follow the prompts, and when you install, take note of your Symbols location, if you accept the default settings this Microsoft Support Knowledge Base article will explain how to read the small memory dump files that Windows creates for debugging purposes.

Dump Analyze using WinDBG

 Open WinDBG and select File and select Open Crash Dump and then navigate to the minidump file created earlier, highlight it, and select Open.
Click on:
! analyze –v
As shown in Figure C under Bugcheck Analysis.

Figure C

! analyze -v

Conclusion

The problem creating the BSOD was caused by the installed driver software for a USB modem. The answer to the problem was achieved by using the WinDBG tool to Debug and analyze the memory dump file.

Reference:

Posted By : Binu M D 

No comments:

Post a Comment