Debugging Windows 7 Blue Screen of Death (BSOD) Part 1
Part One:
Through the years the Microsoft Windows Operating System (OS) has grown from 16-bit to 32-bit and now to 64-bit. Even though Microsoft has added features and security settings that have caused the OS to swell in ize, it is actually much more stable and harder to crash than previous versions. The newest OS, Microsoft Windows 7, uses the User Mode and the Kernel Mode protection systems to allow multiple applications to run at the same time while greatly reducing the chance for a system crash. But crashes do happen, especially the Blue Screen error affectionately known as the “Blue Screen of Death” or BSOD. Whether or not you have a helpdesk to call for your network support needs, figuring out the cause and troubleshooting BSOD can be exhausting. We have found that the most common causes of BSOD in Windows operating systems are faulty device drivers, but it can also be caused by software or hardware errors, Windows installation errors, startup errors, or intermittent errors.
So knowing what causes Windows 7 to crash is the first step. The next step is finding the best way to stop these crashes from happening. Keeping your system updated is a good start. This means Microsoft updates for Windows and other software, such as Microsoft Office, third party drivers – especially video drivers, hardware drivers and firmware, and BIOS. Check your system by running a virus and spyware scan. Check the computer for hardware or memory errors – memory faults can easily cause Blue Screen errors. Another way to stop these crashes is by undoing recent changes with System Restore or booting into safe mode to troubleshoot the startup or driver issues. You can also try and load the default BIOS settings as resource conflicts and timing issues can be caused by incorrect BIOS settings. But in reality the most common cause of blue screen errors is a faulty device driver. Outdated, incorrect or corrupt drivers can cause the system to encounter a Stop error, resulting in a BSOD. The easiest way to fix a BSOD is to reinstall and update the systems device drivers.
So you’ve done all of the above but are still experiencing crashes and blue screens? Troubleshooting the BSOD error can be difficult, but Microsoft has given us some tools to uncover and address the source of the operating system crash. The first thing to do is to setup the Startup and Recovery settings as shown in Fig 1.
Fig 1.
By unchecking the ‘Automatically restart’ option the computer will no longer automatically reboot after a BSOD and we can take a look at the crash screen and get the error message and stop error code (Fig 2). This also allows us to get a physical dump or ‘Minidump’ of the processes that were running and/or loaded in memory. Note: Although we will get both a Kernel dump file and a Minidump file for each crash the system will only save the last Kernel dump file. You will have a Minidump file for every crash event.
Fig. 2
There are a myriad or stop error codes and messages. I will list the common ones below and what they reference.
| Stop Code : STOP 0x0000000A IRQL_NOT_LESS_OR_EQUAL | This error is caused by a buggy device driver or an actual hardware conflict. If you’ve recently added new hardware to your system, try removing it and see if the error goes away. |
| Stop Code: STOP 0×00000019 BAD_POOL_HEADER | This is, perhaps, the most obscure error message. In most cases, if you receive this error, it’s related to the most recent change you’ve made on your system. Try undoing the change to get rid of the error |
| Stop Code: STOP 0×00000024 NTFS_FILE_SYSTEM | This error indicates a file system or hard disk corruption. If your system is bootable, run CHKDSK /F on all of your partitions immediately. If your system isn’t bootable, you may have to try repairing the OS or reinstalling. |
| Stop Code: STOP 0x0000007B INACCESSIBLE_BOOT_DEVICE | Just as the name implies, this error indicates that Windows is having trouble reading from the hard disk. This error can be caused by a faulty device driver, defective cable, or bad hard drive. It could be an incorrect ARC path or Boot.ini reference. If you’ve checked for these problems, but are still receiving the error, check to make sure that a virus hasn’t destroyed your boot sector. |
| Stop Code: STOP 0×00000080 NMI_HARDWARE_FAILURE | This is a generic error message in which the hardware abstraction layer can’t report on the true cause of the error. In such a situation, Microsoft recommends calling the hardware vendor. This error can sometimes be caused by defective or mismatched RAM. |
A complete list of stop codes and descriptions can be found on the MSDN Library site located here: http://msdn.microsoft.com/en-us/library/hh406232(v=VS.85).aspx
Although these error codes are helpful, we can also check the Windows event logs for more information related to the crash (Fig 3). You should check all system and application events that preceded the system crash.
Fig. 3
We can also look at the error report generated by Windows before sending it to Microsoft (Fig. 4) to see if it sheds any more light on the error and for the location of the Minidump file.
Fig. 4
An important point that is not well known is that most crashes are repeat crashes. This is because most administrators are not able to resolve system crashes immediately. As a result those crashes unfortunately tend to occur again.
Hopefully these steps will assist you in resolving the BSOD error.
In the next installment of this blog we will use the WinDbg utility to analyze the MEMORY.DMP and Minidump files to further track down the cause of the system crash.
2 Responses to “Debugging Windows 7 Blue Screen of Death (BSOD) Part 1”
Comment from PaulJason90
Time December 12, 2011 at 12:58 pm
If you can start Windows,System Restore is the easiest thing to try first. It can undo recent changes to your computer’s system files that might have caused the problem. System Restore doesn’t affect your personal files, such as e‑mail, documents, or photos.
More information: http://www.techyv.com/questions/blue-screen-error-windows-7
Comment from PaulJason90
Time December 12, 2011 at 12:41 pm
If you can start Windows,System Restore is the easiest thing to try first. It can undo recent changes to your computer’s system files that might have caused the problem. System Restore doesn’t affect your personal files, such as e‑mail, documents, or photos.
More information: http://www.techyv.com/questions/blue…rror-windows-7