Why Windows Crashes
Windows crashes (i.e.: stops executions and displays the blue screen) for many different reasons: a reference to a memory address that causes an access violation, an unexpected exception or trap, a faulting kernel mode driver and so on.
Blue screen: when the system encounters a hardware problem, data inconsistency, or similar error, it may display a blue screen containing information that can be used to determine the cause of the error. This information includes the STOP code and whether a crash dump file was created. It may also include a list of loaded drivers and a stack trace.
Crash dump file: you can configure the system to write information to a crash dump file on your hard disk whenever a STOP code is generated. The file (memory.dmp) contains information the debugger can use to analyze the error. This file can be as big as the physical memory contained in the computer. By default, it’s located in the Windows\Minidump folder.
Debugger: a program designed to help detect, locate, and correct errors in another program. It allows the user to step through the execution of the process and its threads, monitoring memory, variables, and other elements of process and thread context.
Kernel mode: the processor mode in which system services and device drivers run. All interfaces and CPU instructions are available, and all memory is accessible.
Minidump file: a minidump is a smaller version of a complete, or kernel memory dump.
STOP code: the error code that identifies the error that stopped the system kernel from continuing to run. It is the first set of hexadecimal values displayed on the blue screen
Symbol files: all system applications, drivers, and DLLs are built such that their debugging information resides in separate files known as symbol files. Therefore, the system is smaller and faster, yet it can still be debugged if the symbol files are available. You don’t need the Symbol files to debug: the debugger will automatically access the ones it needs from Microsoft’s public site.
Troubleshooting of Windows bug check codes, follow these suggestions:
- If you recently added hardware to the system, try removing or replacing it. Or check with the manufacturer to see if any patches are available.
- You can try running the hardware diagnostics supplied by the system manufacturer.
- Check with the manufacturer to see if an updated system BIOS or firmware is available.
- Make sure that any expansion board is properly seated and all cables are completely connected.
- Confirm that any new hardware that is installed is compatible with the installed version of Windows.
- If new device drivers or system services have been added recently, try removing or updating them.
Note Use Safe Mode when removing or disabling components. Using Safe Mode loads only the minimum required drivers and system services during the Windows startup. To enter Safe Mode, restart your computer, and press F8 at the character-mode menu that displays the operating system choices. At the resulting Windows Advanced Options menu, choose Safe Mode.
- Run a virus detection program. Viruses can infect all types of hard disks formatted for Windows, and resulting disk corruption can generate system bug check codes. Make sure the virus detection program checks the Master Boot Record for infections.
- Verify that the system has the latest Service Pack installed. To detect which Service Pack, if any, is installed on your system, click Start, click Run, type winver, and then press ENTER. The About Windows dialog box displays the Windows version number and the version number of the Service Pack, if one has been installed.
- Disable BIOS memory options such as caching or shadowing.
- Check the System Log and Application Log in Event Viewer to see if any additional error messages have been logged recently. These might pinpoint the cause of the error.
Debugging Tools for Windows :
As part of the WDK
Install Microsoft Visual Studio and then install the Windows Driver Kit (WDK). Debugging Tools for Windows is included in the WDK
As part of the Windows SDK
Install the Windows Software Development Kit (SDK). Debugging Tools for Windows is included in the Windows SDK.
- As a standalone tool set
If you want to download only Debugging Tools for Windows , Install the Windows SDK ,and during the installation, select the Debugging Tools for Windows box and clear all the other boxes.
Memory dump file location and size:
| Memory Dump Type | Default Location (variable) | Default Location (typical) | Paging File Requirements |
| Small memory dump | %systemroot%\Minidump\ | c:\Windows\Minidump | >2 MB |
| Kernel memory dump | %systemroot%\Memory.dmp | c:\Windows\Memory.dmp | Large enough for kernel memory |
| Complete memory dump | %systemroot%\Memory.dmp | c:\Windows\Memory.dmp | All physical RAM + 1 MB |
Collecting a Kernel-Mode Crash Dump:
The file dump generation settings can be configured in the “Advanced” tab of the “System Properties” window.