How to Use Windows Debugger to Troubleshoot Bluescreens

If your computer experiences a bluescreen, how can you find out what happened, fix the issue and it prevent it from happening again? You may find the memory dump file useful in this situation. The memory dump file contains the smallest amount of useful information that could help you identify why your computer experienced a bluescreen. Windows Debugger, also known as WinDbg, is a tool made by Microsoft to help troubleshoot bluescreen minidumps. Windows Debugger is a tool that helps you read the minidump file.

The memory dump file contains the following information:

• The stop message, its parameters, and other data
• A list of loaded drivers
• The processor context (PRCB) for the processor that stopped
• The process information and kernel context (EPROCESS) for the process that stopped
• The process information and kernel context (ETHREAD) for the thread that stopped
• The Kernel-mode call stack for the thread that stopped

Follow the step-by-step instructions below to learn how to read .dmp (dump) files.

Affected Operating Systems:

• Windows 11
• Windows 10

Causes for blue screen errors vary. Hardware failures or software corruption are both possible.

To use Windows Debugger, Install and Run WinDbg Preview, Analyze a Dump File, then Review the Analysis Results. You may also Use the Driver Verifier Tool to Gather Information. Click the appropriate subject for more information.

Install and Run

WinDbg must be installed to open and read a memory dump file. These steps show how to download and install WinDbg.

1. Search for WinDbg in the Microsoft Store and then download WinDbg Preview.
   
2. After installing the app, open WinDbg Preview from Windows Search.
   

Analyze a Dump File

With WinDbg installed, follow these steps to read the memory dump file.

1. Click the File menu.
2. Click Settings, click Debugging settings, and then locate the Default symbol path. In the Default symbol path, type srv*https://msdl.microsoft.com/download/symbols and then click OK.
   
   Note: For more information about the symbol path, reference Symbol path for Windows debuggers .
3. Click File, click Open source file, and then click Open dump file. From here, Browse to a dump file and then click Open.
   
   Note: Crash dump files for apps and Windows dump files may be analyzed after browsing to the appropriate location of the Dump File. For example, two common locations where your mini dump file may be located are:

   • C:\Users\XYZ\AppData\Local\CrashDumps\
   • C:\Windows\Minidump\
4. Analyze the file by typing !analyze -v and then press Enter.
   
5. Once the analysis is complete, Windows Debugger shows the file causing the bluescreen. Review the analysis MODULE_NAME or IMAGE_NAME for the file. Reviewing the results can lead to further troubleshooting steps and potentially reveal the cause of the error.
   

Review the Analysis Results

For more information about the error, reference the Bug Check Codes from Bug Check Code Reference.

For more information about blue screen error code confirmation links, reference Advanced Troubleshooting for Stop or Blue Screen Errors.

For more information about file Information, reference Process Explorer.

For more information about resolving blue screens, reference Resolving Blue Screen errors in Windows.

For more information about Windows Debugger, reference Analyze a kernel-mode dump file by using WinDbg.

For more information about the analyze extension, reference Using the !analyze Extension and !analyze (WinDbg).

Use the Driver Verifier Tool to Gather Information

Approximately 75% of blue screen errors are caused by driver issues. The Driver Verifier tool runs in real-time to examine the behavior of installed drivers. The driver verifier manager is built into Windows and is available on all Windows computers.

Follow these steps to start the driver verifier manager:

1. Click Search in the Taskbar and type CMD in the field.
2. Right-click Command Prompt and select Run as administrator.
3. Type Verifier in Command Prompt.

You can specify which drivers you would like to verify. The verify tool adds all drivers associated to the driver being verified as it runs, so try to verify the smallest number of drivers as possible. For more information, see Driver Verifier.

Recommended Articles

Here are some recommended articles related to this topic that might be of interest to you.

• How to Export Windows Event Logs