Analyze Memory Dump File Using Debugging Tools For Windows

If you has read this article, I hope you has no restriction to understand the BSOD error’s message generated by computer. Today, I want to add a little explanation about this matter. Look at the picture below : 

Sometimes, when computer generate BSOD, it also create the memory dump file (.dmp) which is very useful to be analyzed by computer technician, in order to know more deeply about what type of critical error encountered by Windows.

The steps of creating memory dump file usually shown at the bottom of BSOD error message (label no. ). So, when you see that part of message, you will know that a memory dump file had been created and saved in the C:\Windows\Minidump. The label no. indicate the file (image) which you will need when start analyzing the memory dump file.

Now, based on the BSOD error message above, I will show you how to analyze the memory dump file. For your information this error occur in notebook with Windows 7 (x86) installed. 


What You Need

1. Debugging Tools for Windows. Download here. Please read this carefully before you download the tools.
   
   
2. The file, iaStor.sys which you need to know its location (file path). In this case, its file path is C:\Windows\System32\drivers

Before The Procedures

I assume that you want to analyze this memory dump file using the known good computer. So, you need to do the following

1. Create the folder named image inside the C:\ drive of known good computer.
   
   
   
   
2. Copy the file iaStor.sys (from the Windows 7’s notebook that encounter the BSOD error) and paste it into the folder C:\image that you created before.
   
   
   
   
3. Copy the memory dump file (from the Windows 7’s notebook that encounter the BSOD error) and paste it into C:\Windows\Minidump folder reside in a known good computer. 
    
4. Install the Debugging Tools for Windows
   
   

The Procedures

1. Click --> click All Programs –-> click Debugging Tools for Windows (x86) –-> click WinDbg –-> the WinDbg’s window like below appears.
   
   
   
   
2. Based on the picture above, click File –-> click Symbol File Path… –-> the Symbol Search Path’s window like below appears.
   
   
   
   
3. Inside the text area under Symbol path, type SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols –-> click OK.
   
   
4. Now, on the WinDbg’s window AGAIN, click File –-> click Image File Path…
   
   
   
   
5. The Executable Image Search Path’s window like below appears. Inside the text area under Image path, type c:\image --> click OK.
   
    
   
   Note:
   The c:\image is the folder reside in C: drive which you created at step 2 under section Before The Procedures. The content of this folder is the file iaStor.sys
   
   
6. Now, it is the time to open the memory dump file for deep analysis. Click File –-> click Open Crash Dump…
   
   
   
   
7. Then, you will be re-directed to C:\Windows\Minidump –-> highlight the memory dump file –-> click Open –-> click Yes and you will get the result like below.  
   
   
   
   
8. If you want to get more details debugging information, click !analyze -v. Then you will get the detail information as below
   
   
   
   
9. Based on the picture above, if you scroll down a little bit more, you will see the information like the picture below
   
   
   
   
10. Click the iaStor and you will be presented with the details information about the file iaStor.sys. See below
    
    

Conclusion

The another name for analyze memory dump file is debugging process. Actually the debugging process is a technique that need time to be learned and be mastered. Besides, the debugging process also time consuming to be done. What you learned in this article is the basic concept that you need to know in debugging process.

If you are interested to learn more about debugging process, here I give you the links which you can refer

1. How to Analyze Memory Dump (.dmp) File
   
   
2. How to read the small memory dump files that Windows creates for debugging
   
   
3. If your computer had been installed with Debugging Tools for Windows, you can retrieve the complete documentation about debugging process at C:\Program Files\Debugging Tools for Windows\Debugger.chm

Disable Automatic Windows Restart When BSOD Error Happen

Sometimes, the BSOD error happened while you are using computer or in other words, you are in the Windows environment. It is not a big problem for computer technician who can read and understand the error. But, always the computer do not give enough time to them to read and understand it.

What I mean is, by default, when Windows operating system encounter the critical error which cannot be recovered, it will experience the “system crash”. This “crash” will generate the BSOD error message which only appears on your computer’s screen for 5 to 10 seconds for at longest time. Of course it is not enough for computer technician to read and understand the error message.

So, now what can we do, at least to lengthen this time, so that the computer technician can have enough time to read and understand the BSOD error message? This article has the answer.


The Procedures

1. Enter your Windows system into Safe Mode.
   
   
2. Right click on Computer –-> click Properties.
   
   
   
   
3. Now, you will see the Windows system’s control panel like below
   
   
   
   
4. Click Advanced system settings and the System Properties’ window will appears. See below
   
   
   
   
5. Based on the picture above, click tab Advanced
   
   
6. Under Startup and Recovery click button Settings…
   
   
   
   
7. Now you will be re-directed to the Startup and Recovery’s window like below.
   
   
   
   
8. Under System failure, un-tick the check box Automatically restart. So that, the check box will remain empty from the sign.
   
   
   
   
9. Click OK –-> click OK –-> restart your computer into Normal mode and see the result.

Understanding BSOD Error Message

I hope the previous article will give you an overview about the meaning of BSOD in general. Today, I would like to show you how to read the BSOD error message.

The comprehension about BSOD error message is very important because it can help you to identify the causes of the computer’s problem that generate BSOD. Besides, the error message also provide you the initial steps that you can take in order to solve the problem.;



If you see the picture above, you will noticed the BSOD error message have THREE section which need your attention. Let we see each of them.

1. Section indicate the name of error message. You can click here for more complete list of BSOD error messages. Please take notice, even this list is for Windows 2000 system, it also can be used as a reference for another Windows system that encounter the BSOD problem.
   
   
2. Section will give you the initial steps that you should take to solve BSOD problem. If you read it carefully, you will noticed that the first step to solve it is by restart your computer. If restarting the computer give no effect, then you can follow the next steps. I will try to cover in more details about these steps in my next article.
   
   
3. Section represent the technical information in form of stop error written in hexadecimal numbers. These numbers give the guidance about the type of problem encountered by your computer. To retrieve the complete reference about stop error’s information and its solution, please click here.

Just To Let You Know

Sometimes you may face the “simple” BSOD error message. What I mean simple is it only has TWO section like below.

In this case, you must refer section that contain technical information in form of stop error written in hexadecimal numbers. Click here for more complete reference about stop error’s information and its solution.

Another complete list for BSOD stop error message. Click here

What Is Blue Screen Of Death In General

I think many computer users ever face the situation where their computer system suddenly being halt while they are using and after a couple of seconds show the blue looking interface like below. Actually, this is the Blue Screen Of Death's interface.

 
 

The Blue Screen Of Death (BSOD) is a stop error displayed by the Microsoft Windows operating system when it detect the critical error during its operation. Usually, this critical error cannot be recovered by Windows and caused the system "crash" and then generate BSOD.

Sometimes in the newer operating system, the memory dump occurs when BSOD happen. The memory dump is a condition where every data held by RAM during system “crash” will be changed into the memory dump file (.dmp). This file are saved and can be found usually in the folder C:\Windows\Minidump. It is very useful to analyze this file in order to know what type of critical error encountered by Windows.

 


The Type Of Critical Error That Generate BSOD
In the previous section, I had stated that BSOD will generated when Windows detect the critical error. Now, we will discover what are the type of critical errors that Windows always encounter.

1. Hardware related problem especially processor and RAM
   This issue may happen when the RAM size in your computer need to be shared between the system and graphic card. But, I think this is rare case because nowadays many graphic cards have their own memory. The another hardware problem that can cause BSOD error is a processor that become overheating. Besides that, the defective hard disk also can generate BSOD.  
     
   
2. Device driver compatibility issue.
   Sometimes, BSOD error may happen after you installed the new device in your computer. Its driver maybe not compatible with your computer system which lead to the BSOD problem. Please check into manufacturer’s website if there has any driver update files for your new device. 
    
   
3. Software compatibility issue.
   Software incompatibility can generate BSOD especially when it produce invalid registry entries during installation. So, please make sure your new application software is compatible with your computer system before buying then installing.
   
   
4. Virus attack.
   The virus attack not only can make your computer completely unable to boot but also can generate BSOD during boot process. To solve this problem, you can use rescue disk which can be downloaded from manufacturer website such as.
   
   
5. BIOS is outdate.
   Please refer to your computer manufacturer’s website to obtain the latest BIOS program.

My Experience On BSOD
During my 8 years work with computer, of course I ever face this problem which can be divided into occurrences below.

1. The BSOD error is generated while I am using Windows. It suddenly being halt. After a couple of seconds, it show the BSOD interface. Finally the computer reboot automatically.
   
   
2. The BSOD error is generated when Windows booting. Sometimes the error caused Windows completely unable to load into its environment. In other words, the repeated boot process occurs.

That is, I can say about BSOD. If you have anything to add, please do not hesitate to leave your comment.