How to debug a (BSOD) Blue Screen of Death - Part 1 ~ Ask The Admin

Thursday, September 20, 2007

How to debug a (BSOD) Blue Screen of Death - Part 1

We've all seen it before... Suddenley the screen turns blue and an error appears saying something like "it appears you won't be going to sleep early tonight..."

Luckily there are easy ways to make some sense of that technical jargon MS gives us in a case of a BSOD.

First lets TRY and understand what can cause your problem:

  • Bad Hardware (RAM, Disk, PCI devices, USB Devices, Temperature etc..).
  • Bad Software (Drivers, Anti-viruses etc...).
  • Bad Windows (Registry corruption, missing files etc...).
The basic BSOD message includes:

  • The standard Stop error message "Windows has encountered a problem... bla bla bla..."
  • Error Description: IRQ_NOT_LESS_OR_EQUAL
  • Error Code: "0x0000008E" and some more memory addresses in ( )
  • Optional file/driver name that might caused the problem.

What we are going to do is collect as much information we can so we can investigate the BSOD and find the root cause. The information we can collect depends if we saw the BSOD ourselves or just heard about it from the end-user, if Windows just restarted and we didn't get a chance to see the error message... (due to the Auto-Restart) and etc..

If we got to see the BSOD, then the Error description and the error code can help give a place to start Googleing. Or we can start searching the Microsoft Knowledgebase for articles about the problem. Some other options are to check these sites that lists common BSOD types and links to more info: Aumha , TheElderGeek , Kadaitcha
If we haven't seen the BSOD, some more information can be collected at:
  • c:\windows\minidump > This folder stores .dmp files that were created during the BSOD by Windows. they includes some basic information regarding the Memory and drivers that were running while the error occured.
  • c:\windows\memory.dmp > This file will appear instead of the above minidumps, incase windows was setup to save a Kernel or Full dump or the memory.
  • Windows Event Log- System Log > error events from the source "Save Dump". the event description includes the BSOD error code and the path for the memory dump that was created.
You can try viewing these logs using Safe mode in case Windows can't boot normally.
In my next post I will explain some techniques on what you can do with all this information.

Stay tuned!