How to troubleshooting blue screen (BSOD) errors ?

First , before troubleshooting blue screen you should enable a complete memory dump on your system after Windows Installation. This is done under the system properties in Startup and Recovery. It's best to do this right after you install Windows, before you start getting any BSODs. Sometimes the blue screen will show the name of the driver that is causing the problem. If nothing else, you can look up the STOP code and see what the problem is.

The most important info to record from the blue screen is the technical info, it will look something like this:

*** STOP: 0x0000007B (0x00000032, 0x00002345, 0xABCDEF00, 0x00000000)



The first number after the STOP is the bug check code. In this case it translates to DIRTY_MAPPED_PAGES_CONGESTION. ( for exammple on a live system). The 4 numbers after that are the bug check parameters, which are explained in the debugger help file. For example, in this case the first number would mean the total number of dirty pages.

If the info on the blue screen isn't enough to pinpoint the problem, you will need to install the Microsoft debugging tools. This can be downloaded from:http://www.microsoft.com/ddk/debugging/default.asp

Download the full of debugging tool.

If you can get in to the system in safe mode with networking support, install the tools on your PC, if not, take the HD from your PC and put it in another system. But don't boot from your HD, boot from the working PC's HD. The key is that you want to be able to read the memory dump from the hard drive with the debugger.

Then, set the symbol file path to use the MS symbol server. Do this from the File menu, and set the path to:

srv*c:\websymbols*http://msdl.microsoft.com/download/symbols

Next, set the image file path to root of whatever drive contains the memory dump. If it is your own PC, this is probably c:\. If you install the HD in another PC, it will probably be something like e:\.

Then, open the crash dump file (again from the file menu). This will usually be in your WINDOWS or WINNT folder with the name MEMORY.DMP. Usually only the most recent dump file is stored here. It could also be a mini dump, in which case it will be located in the Minidump folder. You can have more than one mini dump, they are named according to the date and time of the crash. In any case, open it up. Be sure that you choose to open a crash dump and not a source file.

After some time, you will get a brief analysis of the crash with the name of the driver that likely caused it. Look at the screen to be sure you don't have any messages about wrong symbols or invalid image paths. If you get those, the analysis may not be accurate. Also, close any windows that come up with assembly code in them. The info you want is in the main window and is in reasonably plain English.

If you want more info, give this command on the debugger command line:

!analyze -v

That will give you a more detailed analysis of the crash. If you need more help on troubleshooting the blue screen, post you comments under the blog.