How to diagnose a Windows blue screen?

Solution 1:

When the computer bluescreens it'll most likely create a dump of the memory. The content from memory is written to the Pagefile as the system is going down. It uses the Pagefile as placeholder for the data since it is too dangerous to try to create a new file on disk.

When the machine starts up again it'll detect the dump, and move the data into a separate dump file (typically C:\Windows\Memory.dmp or C:\Windows\Minidumps*.dmp).

Install WinDbg and open the .dmp file. Click the !Analyze link. Now it'll show you the stack from the thread that killed Windows, and show you which files that were involved. Often WinDbg will point you directly at a specific driver file. You can find step-by-step instructions here.

I can recommend reading Mark Russinovich's blog and books. You can download WinDbg from Microsoft.

So the question to the user is: "Can you e-mail me your dump file?"

Solution 2:

Mark Russinovich (of SysInternals fame) has an excellent blog entry where he describes how one can use the debugging tools to track down the module name and even the stack frame (i.e. function call) during which the blue screen occurred.

It's illustrated, well written, and has helped me get my feet under me when I started learning how to debug Blue Screen messages.


Solution 3:

The error code in the top left. By googling that, you can often narrow it down to whether it's a hardware or software issue. Proceed from there (the Google results).


Solution 4:

If they have the Bluescreen still open: The Actual Message near the top (i.e. IRQL_DRIVER_LESS_OR_EQUAL) and the Error Code at the Bottom (0x.......) with the module that crashed (i.e. nvdisp4.dll).

There are some common approaches here, but in my example, it's a Bluescreen caused by the nVidia Graphics Driver. If you analyze a few bluescreens, there are some common messages, codes and modules that regularly pop up, so after some time you should be able to narrow down issues more easily simply through experience.