4

It's a simple problem. Sometimes Windows will just halt everything and throws a BSOD. Game over, please reboot to play another game. Or whatever. Annoying but not extremely serious...

What I want is simple. I want to catch the BSOD when it occurs. Why? Just for some additional crash logging. It's okay that the system goes blue but when it happens, I just want to log some additional information or perform one additional action.

Is this even possible? If so, how? And what would be the limitations?

Btw, I don't want to do anything when the system recovers, I want to catch it while it happens. This to allow me one final action. (For example, flushing a file before the system goes down.)
Wim ten Brink
  • 25,901
  • 20
  • 83
  • 149
  • 3
    I suggest you ask a new, better phrased, question: "How to debug the Windows kernel? I want to be able to hook into a BSOD while it is happening" – Vinko Vrsalovic Sep 23 '09 at 14:07
  • Well, the answer seems to be: you might do this when using a debugger for the kernel. Thanks Vinko and Brian. Still, if there are other options, feel free to add them and I could change the accepted answer if it works. – Wim ten Brink Sep 23 '09 at 14:53

4 Answers4

7

BSOD happens due to an error in the Windows kernel or more commonly in a faulty device driver (that runs in kernel mode). There is very little you can do about it. If it is a driver problem, you can hope the vendor will fix it.

You can configure Windows to a create memory dump upon BSOD which will help you troubleshoot the problem. You can get a pretty good idea about the faulting driver by loading the dump into WinDbg and using the !analyze command.

Knowing which driver is causing the problem will let you look for a new driver, but if that doesn't fix the problem, there is little you can do about it (unless you're very good with a hex editor).

UPDATE: If you want to debug this while it is happening, you need to debug the kernel. A good place to pick up more info is the book Windows Internals by Mark Russinovich. Also, I believe there's a bit of info in the help file for WinDbg and there must be something in the device driver kit as well (but that is beyond my knowledge).

Brian Rasmussen
  • 114,645
  • 34
  • 221
  • 317
  • 2
    Anyhow, it's still **very valuable** to know which driver is at fault. Even if you may not be able to actually build a new driver, you can know which vendor to closely watch and, in extreme cases, replace the hardware with faulty drivers for a different brand with better driver developers. – Vinko Vrsalovic Sep 23 '09 at 11:29
  • I don't want to fix it when it occurs. I know better than to try this. But I'm hoping to be able to do one more final action before the system goes down. Thus, I want to catch this event. – Wim ten Brink Sep 23 '09 at 11:50
  • @Alex: Windows considers BSOD to be an unrecoverable error so that will be hard to do in a reliable way if at all. – Brian Rasmussen Sep 23 '09 at 11:55
  • @Brian, I realize that. Maybe the way to catch it even depends per Windows version. Just wondering if it's possible in any way. And if possible, what the limitations would be for my code. – Wim ten Brink Sep 23 '09 at 11:58
  • Well, if debugging the kernel could help me to catch possible errors, I'll try that. :-) – Wim ten Brink Sep 23 '09 at 14:51
  • @Alex be aware that kernel debugging is rather complicated and require a special setup. – Brian Rasmussen Sep 23 '09 at 15:03
  • @Brian, I know it's complicated. That has never really stopped me from trying, though. :-) – Wim ten Brink Sep 23 '09 at 17:52
4

The data is stored in what's called "Minidumps".

You can then use debugging tools to explore those dumps. The process is documented here http://forums.majorgeeks.com/showthread.php?t=35246

Vinko Vrsalovic
  • 330,807
  • 53
  • 334
  • 373
  • I know this, but when I'm analysing the dump, I'm too late. I want an action during the crash, not afterwards. Good link (+1) but not the answer I'm looking for. – Wim ten Brink Sep 23 '09 at 11:55
2

You have two ways to figure out what happened:

The first is to upload the dmp file located under C:\Minidump***.dmp to microsoft service as they describe it : http://answers.microsoft.com/en-us/windows/wiki/windows_10-update/blue-screen-of-death-bsod/1939df35-283f-4830-a4dd-e95ee5d8669d

or use their software debugger WinDbg to read the dmp file

NB: You will find several files, you can tell the difference using the name that contain the event date.

The second way is to note the error code from the blue screen and to make a search about it in Google and Microsoft website.

The first method is more accurate and efficient.

arwa
  • 31
  • 3
1

Windows can be configured to create a crash dump on blue screens.

Here's more information: How to read the small memory dump files that Windows creates for debugging (support.microsoft.com)

Tamas Czinege
  • 118,853
  • 40
  • 150
  • 176