When facing a Windows Blue Screen of Death (BSOD), the screen typically displays:
- Stop code (e.g., CRITICAL_PROCESS_DIED, MEMORY_MANAGEMENT)
- Error message (brief description)
- QR code (links to Microsoft support)
- Technical information section
// Example of important BSOD components to document
struct BSOD_DATA {
string stop_code; // e.g., "0x0000003B"
string driver_name; // if mentioned
string timestamp; // when crash occurred
bool recurring; // same error multiple times
};
Essential questions for initial triage:
- "Does the error show a specific driver name?" (e.g., ntfs.sys)
- "Was there any hardware/software change before the crash?"
- "Does the crash occur during specific operations?" (gaming, large file transfers)
Create a PowerShell script to gather crash logs:
# PowerShell script to collect minidumps
$dumpPath = "$env:SystemRoot\Minidump"
$outputDir = "C:\BSOD_Reports_$(Get-Date -Format 'yyyyMMdd')"
if (Test-Path $dumpPath) {
New-Item -ItemType Directory -Path $outputDir -Force
Get-ChildItem $dumpPath | Copy-Item -Destination $outputDir
Get-WinEvent -LogName "System" | Where-Object {
$_.Id -eq 1001 -or $_.Id -eq 41
} | Export-Csv "$outputDir\SystemEvents.csv"
}
Basic WinDbg commands for crash analysis:
.symfix // Configure symbol path
!analyze -v // Automatic analysis
lmvm <driver_name> // Verify driver details
!thread // Examine faulting thread
| Stop Code | Likely Cause | First Action |
|---|---|---|
| 0x0000003B | Graphics driver | Update GPU drivers |
| 0x0000007E | System service | Check recent updates |
| 0x00000109 | RAM corruption | Run memory diagnostic |
This script collects system info for remote analysis:
@echo off
set report_dir=C:\BSOD_Diagnostics_%date:~-4,4%%date:~-10,2%%date:~-7,2%
mkdir "%report_dir%"
systeminfo > "%report_dir%\systeminfo.txt"
driverquery /v > "%report_dir%\drivers.txt"
wmic memorychip list full > "%report_dir%\memory.txt"
wmic qfe list full > "%report_dir%\updates.txt"
Check for problematic drivers using verifier:
verifier /standard /driver <driver.sys>
verifier /querysettings // View current verification
verifier /reset // Clear settings
When suspecting RAM issues:
mdsched.exe // Built-in memory diagnostic
wmic memorychip get // List installed RAM modules
When Windows encounters a critical error it can't recover from, it displays a Blue Screen of Death (BSOD) with error codes and technical information. This contains valuable clues for troubleshooting.
Focus on these elements when analyzing a BSOD:
- Stop Code: The hexadecimal error code (e.g., 0x0000007B)
- Error Name: Text description (e.g., "INACCESSIBLE_BOOT_DEVICE")
- Memory dump details: Addresses and module names if present
- Driver/Module: Sometimes shows the problematic driver (e.g., ntoskrnl.exe)
Here's how to systematically approach BSOD diagnosis:
// Example PowerShell command to check recent BSOD events
Get-WinEvent -FilterHashtable @{
LogName = "System"
ProviderName = "Microsoft-Windows-WER-SystemErrorReporting"
} | Format-Table -AutoSize
Some frequent BSOD scenarios and their fixes:
// Sample batch script to check disk health (common BSOD cause)
chkdsk C: /f /r
wmic diskdrive get status
For deeper analysis, use these tools:
- WinDbg (Windows Debugger)
- BlueScreenView (NirSoft utility)
- Windows Reliability Monitor
Here's a Python script to collect BSOD-related information:
import subprocess
import os
def collect_bsod_info():
# Get recent system errors
cmd = 'wevtutil qe System /q:"*[System[Provider[@Name=\'Microsoft-Windows-WER-SystemErrorReporting\']]]"'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
# Save to file
with open('bsod_report.txt', 'w') as f:
f.write(result.stdout)
print("BSOD information saved to bsod_report.txt")
collect_bsod_info()
For complete memory dump analysis, use this WinDbg command sequence:
.symfix
.reload
!analyze -v
!errrec <address>
lmvm <module_name>
To reduce BSOD occurrences:
- Keep drivers updated
- Monitor system temperatures
- Run regular hardware diagnostics
- Maintain adequate free disk space