Friday, March 15, 2013

How to solve Windows system crashes

You just experienced a BSOD (Blue Screen Of Death) or other NDE (Near Death Experience)? This is the easy way to find out what is cause the BSOD.

Whenever Windows crashes it generates a Dump (*.dmp) file that contains the log of the crash. All you have to do is to analyze the log to see who is responsible for the crash. In most cases its a driver. To analyze the dump you need a program from Microsoft called WinDebug.
  1. Install WinDebug. It can be downloaded from Microsoft's web site. It's pretty big! 
  2. Install it in a folder like: "c:\Program Files\!system\WinDbg\Symbols" 
  3. Once installed run it and hurry to "File | Symbol File Path" menu and enter this string: SRV*c:\Program Files\!system\WinDbg\Symbols2\*
    and wait... It may take quite a while for the download to finish... up to 10 minutes. The program will look like it it doesn't download anything. But when the download will be ready you will
    finally see a message.
  4. Load the Dump file (menu 'File | Open crash dump'). You can manually search for the DMP file in Windows. However, I recommend you 'W7F Diagnostic Tool.exe' tool to locate/extract the DMP file.
  5. Enter this command to analyze the file: kd> !analyze -v 
    Note: you don't have to write kd>. It is already there.
    The log will say "Bugcheck Analysis" and the command prompt will say "Bussy". It may take a while, then the command prompt will return to 'kd>'.
  6. Analyze the log and find out who is at fault.

The log may look like this. I will highlight interesting parts:

A driver is causing an inconsistent power state.
Arg1: 00000003, A device object has been blocking an Irp for too long a time
Arg2: 86cc1b58, Physical Device Object of the stack
Arg3: 83172ae0, Functional Device Object of the stack
Arg4: 8957d8a0, The blocked IRP

Debugging Details:
IMAGE_NAME:  pci.sys
FAULTING_MODULE: 84313000 pci

83172a94 83112347 0000009f 00000003 86cc1b58 nt!KeBugCheckEx+0x1e
83172b00 831123c0 83172ba0 00000000 8317f380 nt!PopCheckIrpWatchdog+0x1f5
83172b38 830c4489 8318d6e0 00000000 a47bf74a nt!PopCheckForIdleness+0x73
83172b7c 830c442d 83175d20 83172ca8 00000001 nt!KiProcessTimerDpcTable+0x50
83172c68 830c42ea 83175d20 83172ca8 00000000 nt!KiProcessExpiredTimerList+0x101
83172cdc 830c247e 002c498f 898a6890 8317f380 nt!KiTimerExpiration+0x25c
83172d20 830c22a8 00000000 0000000e 00000000 nt!KiRetireDpcList+0xcb
83172d24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38

FOLLOWUP_NAME:  MachineOwner
FAILURE_BUCKET_ID:  0x9F_3_rtl8192se_IMAGE_pci.sys
BUCKET_ID:  0x9F_3_rtl8192se_IMAGE_pci.sys

The last line is the MAGIC line that we are interested in. It shows that network's card driver is the one that causes the blue screen!

That a fucking Realtek driver for a Realtek 8192 network card. I updated the driver many times but it continues to be buggy. 

Solution: I will send the network card back and ask for a refund!

W7F Diagnostic Tool.exe

No comments:

Post a Comment