This article shows you how to examine dump files produced directly by the Windows operating system after a computer deadlock. These files are created automatically by the system after a serious anomaly has occurred and contain a detailed list of all the programs present in the computer's RAM memory at the time of the block. This information can be very helpful in determining which programs were the primary cause of the problem. If you want to analyze the dump file generated by a system crash, or if you want to test the behavior of a certain program, you can use the free BlueScreenView program. Alternatively, you can use the free Windows 10 Drivers Kit tool produced directly by Microsoft to analyze the dump file of the latest system crash.
Steps
Part 1 of 2: Using BlueScreenView
Step 1. Access the "Start" menu by clicking the icon
It features the Windows logo and is located in the lower left corner of the desktop.
Step 2. Type in keywords displays advanced system settings
The Windows "System Properties" window will search your computer.
Step 3. Click the View Advanced System Settings icon
It features a small computer monitor that displays a white check mark. It is displayed at the top of the result list that appears. The Windows "System Properties" dialog box will appear.
Step 4. Go to the Advanced tab
It is located at the top of the window.
You may first need to select the monitor icon that appears at the bottom of the screen (on the taskbar) to access the "System Properties" window
Step 5. Press the Settings button
It is located within the "Startup and Recovery" section visible at the bottom of the "Advanced" tab. A new window will appear.
Step 6. Access the drop-down menu visible within the "Write debugging information" section
It is located at the bottom of the newly appeared dialog. A small drop-down menu will appear.
Step 7. Choose the Reduced Memory Dump option
It is one of the items on the drop-down menu. This way future memory dumps will be scrutinized using a simple program, just like BlueScreenView.
Step 8. Press the OK button
It is located at the bottom of the window. The latter will be closed and you will be automatically redirected to the "Advanced" tab of the "System Properties" window.
Step 9. Press the OK button again
The "System Properties" window will close and all configuration changes will be saved.
Step 10. Log in to the BlueScreenView website
Use the URL https://www.nirsoft.net/utils/blue_screen_view.html and the internet browser of your choice. BlueScreenView is a free program capable of detecting and analyzing dump files, making it easier for the user to identify which programs were running at the time the system's deadlock occurred.
Step 11. Download the BlueScreenView program installation file
Scroll down the web page then select the link Download BlueScreenView with full install / uninstall support. It is visible in the center of the page.
Step 12. Run the BlueScreenView installation file
Select the file bluescreenview_setup with a double click of the mouse. It should be stored in your computer's "Downloads" folder.
Step 13. Proceed to install the BlueScreenView program
Follow these instructions:
- When prompted, press the button Yup.
- Push the button Next.
- Push the button Next.
- Push the button Install.
- Wait for the BlueScreenView installation to complete.
Step 14. Launch the program
Make sure the "Run NirSoft BlueScreenView" checkbox is checked, then press the button Finish located at the bottom of the installation window. The BlueScreenView program will start.
Step 15. Examine the computer dump files
The BlueScreenView window consists of an upper and a lower pane. The upper one displays the list of all dump files identified by the program, while the lower one displays the list of programs relating to the currently selected dump file.
- You can select the dump file you want by using the upper box and clicking its name.
- It is very likely that at least one of the programs listed in the dump file is responsible for the system deadlock.
Part 2 of 2: Using the Windows Drivers Kit
Step 1. Go to the official Windows Drivers Kit website
Use the internet browser of your choice and the URL https://docs.microsoft.com/it-it/windows-hardware/drivers/download-the-wdk. The Windows Drivers Kit program allows you to open a dump file in whatever format it was created, giving you the possibility to analyze the data relating to the last deadlock of the system.
Step 2. Download the Windows Drivers Kit installation file
Scroll down the web page indicated to be able to select the link Download WDK for Windows 10, version 1709 which is located within the "Step 2: Install WDK for Windows 10, version 1709" section visible at the top of the page.
Step 3. Run the WDK installation file
Select the file wdksetup with a double click of the mouse. It is usually saved in the "Download" folder on your computer.
Step 4. Install the Windows Drivers Kit for Windows 10 program
Follow these instructions:
- Push the button Come on located at the bottom of the first four screens of the installation wizard.
- Push the button Accept.
- When prompted, press the button Yup.
- Wait for the program to be installed on your computer.
Step 5. Enter the "Start" menu by clicking the icon
It features the Windows logo and is located in the lower left corner of the desktop.
Step 6. Type the keywords command prompt
It will search your computer for the Windows "Command Prompt" program.
Step 7. Select the "Command Prompt" icon
with the right mouse button.
It has a black square and should be visible at the top of the "Start" menu. A context menu will be displayed.
Step 8. Choose the Run as administrator option
It is one of the items in the context menu that appeared.
A computer administrator user account must be used to complete this step of the procedure
Step 9. When prompted, press the Yes button
This will bring up the "Command Prompt" window.
Step 10. Navigate to the WDK installation directory
Type the following command into the "Command Prompt" window and press the Enter key:
-
cd C: / Program Files (x86) Windows Kits / 10 / Debuggers / x86
Step 11. Run the installation command
Type the command
windbg.exe -IA
within the "Command Prompt" window and press the Enter key.
Step 12. When prompted, press the OK button
This means that from now on the dump files will be opened automatically using the Windows Debugger program.
Step 13. Start the Windows Debugger
Access the menu Start clicking the icon
type in the keyword windbg, then select the icon WinDbg (X86) from the list of results that appeared. The Windows Debugger program window will appear.
Step 14. Add the path to the symbol file
This information tells the program what information to display:
- Access the menu File located in the upper left corner of the window.
- Choose the option Symbol File Path ….
-
Type the path
SRV * C: / SymCache *
- Push the button OK.
Step 15. Locate the dump file to be examined
To perform this step you need to access the system root directory:
- Access the menu Start.
- Type in the keyword Run and press the Enter key.
- Type the% SystemRoot% command in the "Open" field of the "Run" window.
- Push the button OK.
- Access the card View of the ribbon.
- Select the "Hidden items" checkbox (only if it isn't already).
- Scroll through the list to locate and double-click the file MEMORY. DMP.
Step 16. Examine the computer dump files
The list of all active programs should have appeared at the time the system crashed. This way you will be able to determine which program caused the problem (or which programs contributed to the computer malfunction).
