How To: Analyze Windows BSOD Memory Dump

Everyone has experienced a BSOD (Blue Screen of Death) at some point. If you happened to make note of the code that is displayed, you usually find that searching the error code does not give you any real results. What you do get is either a memory.dmp file or minidump file that you can use to track down the cause.

Normally, you would need to install the Microsoft Debugging tools, obtain the correct symbols for your system and run the analysis. The developers over at Resplendence Software have made a tool to simplify this process.

Obtain and Install WhoCrashed

To get started, we need to download the WhoCrashed application.

  1. Navigate to http://www.resplendence.com/downloads and download WhoCrashed (Version 5.53 at the time of this writing).
  2. Once downloaded, run the EXE file to start the installation.
    whocrashed-wizard1
  3. Click Next then Agree to the license agreement and click Next again
    whocrashed-wizard2
  4. Choose the installation directory and click Next
    whocrashed-wizard3
  5. Choose whether to create a Start Menu shortcut, then click Next
    whocrashed-wizard4
  6. Choose to whether to create a desktop shortcut, the click Next
    whocrashed-wizard5
  7. Finally, review the installation information and click Install
    whocrashed-wizard6
  8. Once the installation is finished, click Finish to open WhoCrashed.
    whocrashed-wizard7

Analyze Memory Dumps

  1. Locate and click the Analyze button to scan for full and mini dumps.
    whocrashed-analyze
  2. Scroll down in the Report window and review each report for the dumps on your computer. There were 5 reports in my case, but yours will differ depending on how many crashed you’ve had.
  3. If you read the reports, the software will give you some suggestions as to what caused the crash, though directly from their website –
    “Note that WhoCrashed cannot always be exactly sure about the root cause of a system crash. Because all kernel modules run in the same address space, any driver or other kernel module can potentially corrupt another. Also, any driver may be able to cause problems to any other driver that runs in the same device stack. This is to say this software is not guaranteed to identify the culprit in every scenario. ” (http://www.resplendence.com/whocrashed)

dump-report

 

If Windows was able to determine the exact driver that is causing the issue, you may see it listed. You can then search to see if there is a new driver available for that device and this will usually solve your problem.

If you like this software and find it useful or if you’re using this in a professional environment, consider purchasing the professional version here: http://www.resplendence.com/buynow

 

This article is in no way sponsored by or affiliated with Resplendence Software.

Comments

comments

Leave a Reply