How to analyze a memory dump on Windows after a blue screen error?
Solution 1
I would use Microsoft's debugging tool: WinDbg. It can read and automatically analyze memory dumps like yours. (The WinDbg command is aptly named: !analyze
)
The tool is powerful, but quite complex. Here is a detailed HOW TO guide.
The same forum suggests BlueScreenView. I have not tried it; it's probably simpler to use, but does not give as detailed information.
update:
Is there any way to understand which particular driver has a problem?
After !analyze
run k
or kd
. This will show the stack trace right before the crash. The stack trace is the list of function calls made right before the crash, with the most recent one at the top. You should at least be able to learn the filenames of the modules (DLL's) involved.
I suggest sharing the full results of !analyze
and/or the memory dump with people who are are skilled at WinDbg and are interested in helping. The previously linked MajorGeeks forum looks like a good place.
Solution 2
There is a free tool called BlueScreenView it will analyze the dump files from c:\windows\minidump
and will show a graphical windows ,so user can identify the errors
bublegumm
Updated on September 17, 2022Comments
-
bublegumm almost 2 years
My computer running Windows 7 x64 crushes time to time. Could you please advise how to analyze the memory dump or point out possible cause and further troubleshooting steps?
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff96000015de8, 0xfffff88007db9fb0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080210-24819-01.
The quotation from the result of WinDbg run
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
...
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: explorer.exe
...
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
Is there any way to understand which particular driver has a problem?
-
Nick Josevski over 12 yearsSee also - superuser.com/questions/28448/…
-
-
bublegumm almost 14 yearsThanks! Do you have any ideas what is next step? I added results of WinDbg run
-
russds over 8 yearsThat MajorGeeks Forum thread is great, offers a pretty good step by step on how to read a memory.dmp file.
-
0xC0000022L about 6 yearsWithout some in-depth knowledge trying to make sense alone of the
!analyze -v
output (and BlueScreenView offers mostly that), is almost pointless. Suggesting to look at the call stack may be sensible on StackOverflow, but is a bit silly here. Besides, I've done my share of post-mortem Windows driver debugging and many of the cases are by far not as clear-cut as you make it sound.