How do I analyse a BSOD and the error information it will provide me?
Asked Answered
S

2

9

Well, fortunately I haven't written many applications that cause a BSOD but I just wonder about the usefullness of the information on this screen. Does it contain any useful information that could help me to find the error in my code? If so, what do I need, exactly?

And then, the system restarts and probably has written some error log or other information to the system somewhere. Where is it, what does it contain and how do I use it to improve my code?

I did get a BSOD regularly in the past when I was interacting with a PBX system where the amount of documentation of it's drivers were just absent, so I had to do some trial-and-error coding. Fortunately, I now work for a different company and don't see any BSOD's as a result of my code.

Schwann answered 24/8, 2009 at 8:4 Comment(0)
A
9

If you want a fairly easy way to find out what caused an OS crash that will work ~90% of the time - assuming you have a crash dump available - then try the following:

  • Download WinDbg as part of the Debugging tools for Windows package. Note, you only need to install the component called Debugging Tools for Windows.
  • Run WinDbg
  • Select "Open Crash Dump" from the file menu
  • When the dump file has loaded type analyze -v and press enter
  • WinDbg will do an automated analysis of the crash and will provide a huge amount of information on the system state at the time of the crash. It will usually be able to tell you which module was at fault and what type of error caused the crash. You should also get a stack trace that may or may not be helpful to you.
  • Another useful command is kbwhich prints out a stack trace. In that list, look for a line contains .sys. This is normally the driver which caused the crash.

Note that you will have to configure symbols in WinDbg if you want the stack trace to give you function names. To do this:

  • Create a folder such as C:\symbols
  • In WinDbg, open File -> Symbol File Path
  • Add: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols

This will cache symbol files from Microsoft's servers.

If the automated analysis is not sufficient then there are a variety of commands that WinDbg provides to enable you to work out exactly what was happening at the time of the crash. The help file is a good place to start in this scenario.

Averell answered 24/8, 2009 at 8:4 Comment(0)
F
3

Generally speaking, you cannot cause a OS crash or bug check from within your application code. That said, if you are looking for general tips and stuff, I recommend the NTDebugging blog. Most of the stuff is way over my head.

What happens when the OS crashes is it will write a kernel dump file, depending on the current flags and so on, you get more or less info in it. You can load up the dump file in windbg or some other debugger. Windbg has the useful !analyze command, which will examine the dump file and give you hints on the bucket the crash fell into, and the possible culprits. Also check the windbg documentation on the general cause of the bug check, and what you can do to resolve it.

Fregger answered 24/8, 2009 at 8:4 Comment(1)
You can cause a BSOD from code by simply calling the related Windows API method. This is what most device drivers are actually doing. Instead of resolving the error, they just put the system in Panic mode. Fortunately, most modern device drivers nowadays try to avoid panic mode and will try to resolve the error instead.Schwann

© 2022 - 2024 — McMap. All rights reserved.