Every Windows user has experienced the dreaded Blue Screen Of Death (BSOD) at one time or another, it’s simply part and parcel of being a Windows user. The three main reasons for BSODs are generally:
- 1) Corrupt, out-of-date or incompatible drivers
- 2) Malfunctioning or incompatible hardware
- 3) Software conflicts – especially true with security related software.
The problem is, although the BSOD itself displays details about the cause, that information is largely indecipherable to the vast majority of users. What you may not be aware of is that after each crash, Windows also creates a memory dump which can be located at C:/Windows/Minidump. The bad news is that the memory dump data is equally indecipherable – the good news is that there are a couple of nice free tools which will analyze the minidump files for you and help identify the culprit.
WhoCrashed is easy to use and free for home use. Simply launch WhoCrashed and click on the Analyze button. The subsequent report is quite easy to understand and will help identify the cause, plus offer suggestions on how to proceed.
If your computer crashed and produced a blue screen
It is suggested that you run WhoCrashed. WhoCrashed will analyze the crash dump files available on your computer and create a conclusion. It will inform you about responsible drivers and offer suggestions on how to proceed.
If your computer unexpectedly reset or shut down
If your computer unexpectedly reset or shut down, it is suggested that you run WhoCrashed. WhoCrashed will tell you if crash dumps are enabled on your computer, if not it offer you suggestions on how to enable them.
BlueScreenView works in much the same way as WhoCrashed, except reports are generated automatically on running the software, and the reports are not quite as user friendly. Nonetheless, is it very good software, as is all freeware from the renowned NirSoft stable. BlueScreenView also has the distinct advantage of being portable whereas WhoCrashed needs to be installed – for me anyway, that is a deal breaker.
BlueScreenView scans all your minidump files created during ‘blue screen of death’ crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version).
For each crash displayed in the upper pane, you can view the details of the device drivers loaded during the crash in the lower pane. BlueScreenView also mark the drivers that their addresses found in the crash stack, so you can easily locate the suspected drivers that possibly caused the crash.
If you receive a BSOD and have not made any hardware changes at all then that will generally point to a software issue. In that case you may be able to identify the culprit without the need for any extra software – just a little time and patience:
- 1) Boot into Safe Mode
- 2) Go to Start>Run, type msconfig into the Run dialogue box and then hit Enter
- 3) Click on the Startup tab and disable all startup items.
- 4) Click on the Services tab
- 5) Select the option to “Hide all Microsoft services” and the list will refresh.
- 6) Disable all non-Microsoft services, click Apply and then OK
7) Restart the computer and boot into normal mode.
What we have now done is prevent all external processes from starting with Windows. If the BSOD is no more then you have established that it is indeed software related and associated with one of the processes/services you have disabled. You will now need to go back into ‘msconfig’ and re-enable them, one at a time – restarting after each. When the BSOD returns…voila, there is your culprit. Hey, I told you it was time consuming and you’d need a little patience! 🙂
If, after following those instructions, the BSOD continues and you are certain you haven’t made any recent hardware changes, then you are in deep doo-doos. Just kidding!! Probably means there are corrupt or missing system files – but that is another discussion for another day.