Wednesday, 23 August 2017

How to analyze a memory dump on Windows after a blue screen error?


My computer running Windows 7 x64 crushes time to time. Could you please advise how to analyze the memory dump or point out possible cause and further troubleshooting steps?



The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff96000015de8, 0xfffff88007db9fb0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080210-24819-01.



The quotation from the result of WinDbg run



EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.


...


DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT


BUGCHECK_STR: 0x3B


PROCESS_NAME: explorer.exe


...


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys



Is there any way to understand which particular driver has a problem?



Answer



I would use Microsoft's debugging tool: WinDbg. It can read and automatically analyze memory dumps like yours. (The WinDbg command is aptly named: !analyze)


The tool is powerful, but quite complex. Here is a detailed HOW TO guide.


The same forum suggests BlueScreenView. I have not tried it; it's probably simpler to use, but does not give as detailed information.




update:

Is there any way to understand which particular driver has a problem?



After !analyze run k or kd. This will show the stack trace right before the crash. The stack trace is the list of function calls made right before the crash, with the most recent one at the top. You should at least be able to learn the filenames of the modules (DLL's) involved.


I suggest sharing the full results of !analyze and/or the memory dump with people who are are skilled at WinDbg and are interested in helping. The previously linked MajorGeeks forum looks like a good place.


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...