How to analyze a memory dump on Windows after a blue screen error?
My computer running Windows 7 x64 crushes time to time. Could you please advise how to analyze the memory dump or point out possible cause and further troubleshooting steps?
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff96000015de8, 0xfffff88007db9fb0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080210-24819-01.
The quotation from the result of WinDbg run
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
...
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: explorer.exe
...
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
Is there any way to understand which particular driver has a problem?
Solution 1:
I would use Microsoft's debugging tool: WinDbg. It can read and automatically analyze memory dumps like yours. (The WinDbg command is aptly named: !analyze
)
The tool is powerful, but quite complex. Here is a detailed HOW TO guide.
The same forum suggests BlueScreenView. I have not tried it; it's probably simpler to use, but does not give as detailed information.
update:
Is there any way to understand which particular driver has a problem?
After !analyze
run k
or kd
. This will show the stack trace right before the crash. The stack trace is the list of function calls made right before the crash, with the most recent one at the top. You should at least be able to learn the filenames of the modules (DLL's) involved.
I suggest sharing the full results of !analyze
and/or the memory dump with people who are are skilled at WinDbg and are interested in helping. The previously linked MajorGeeks forum looks like a good place.
Solution 2:
There is a free tool called BlueScreenView it will analyze the dump files from c:\windows\minidump
and will show a graphical windows ,so user can identify the errors