Beginners guide to analysing a Blue Screen

Most Blue Screens are caused by drivers or other kernel mode software attempting to access protected memory. The tools for analyzing the crash dump created during a Blue Screen are not very friendly. Follow these steps to determine the cause of the Blue Screen.

  • Download WinDbg.
    Firstly down load the Standalone Debugging Tools for Windows (WinDbg) from:
    https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx

  • Install WinDbg
    Run the installer
    Select Install the Windows Software Development Kit for Windows to this computer.
    Accept the CEIP and License agreement.
    Select Debugging Tools for Windows.

  • Configure WinDbg
    Run WinDbg
    Click File
    Click Symbol File Path
    Add the following line
    srv*c:\mss*http://msdl.microsoft.com/download/symbols
  • Analyse Crash Dump
    Click File
    Click Open Crash Dump
    Locate your Crash Dump. These are found at:
    C:\Windows\Minidump
    In the command bar at the bottom type:
    !analyze -v
    Press Enter.
  • Understanding the results
    Under the second Bugcheck Analysis will be the action that triggered the Blue Screen. More often than you not you will have to google this issue looking for driver updates or Microsoft hotfixes. In the below example the clues to search for are the following:
    BugCheck 50
    Probably caused by : win32k.sys
    PAGE_FAULT_IN_NONPAGED_AREA

This led to the following Microsoft hotfix which resolved the issue:
https://support.microsoft.com/en-us/kb/2781406