Jonathan_King
Baseband Member
- Messages
- 21
Out of the hundreds of errors Windows users encounter, perhaps the Blue Screen of Death generates the most fear and confusion. You're busy playing that new edition of World of Warcraft, innocently checking your email, or maybe casually surfing the web, when the screen goes blank and an alarming message appears. Besides being inconvenient, Blue Screens of Death (BSODs) cause many people to fear for the safety of their data.
The tips displayed are often useless to the BSOD victim. Many BSODs appear for no apparent reason; no hardware has been changed or software installed.
The BSOD is technically know as a “Bugcheck†or “Bluescreen†by Windows, and results when Windows encounters an error it is incapable of recovering from. That can be caused by either hardware or software, or even a power fluctuation. Rather than risk data corruption or hardware damage, Windows shuts down; by default, it is configured to dump the contents of the RAM and page file that the OS is using to a file on the hard drive.
It is often these dump files that leave the most clues for the BSOD analyst. Analysts can run these files through a debugger and see what process was “in front†at the time of the crash, what drivers were loaded in RAM, and much more. Even that, however, can be confusing for those who have not seen thousands of dumps before. What do you do if the debugger points to “ntkrnlmp.exeâ€, “ntoskrnl.exeâ€, or “win32k.sys†as the probable cause? Those are core OS files; certainly not the cause of a BSOD, right?
Thus, some generic troubleshooting tips are needed. The advice the actual bluescreen gives is sound: “Check to make sure any new hardware or software is properly installed†and “...disable or remove any newly installed software or hardware.†If nothing has been added or changed, faulty or dying hardware may be the cause, but software is still worth investigating. Do the BSODs occur during Safe Mode as well? If so, that suggests a hardware problem; if not, there is a good chance software is the cause.
As far as hardware goes, anything can be the culprit. There are bizarre cases of a bad DVD drive, a short in a monitor, and a conflict between a television remote and a TV tuner causing BSODs; however, most hardware BSODs are caused by the RAM, hard drive, motherboard, power supply, video card, or CPU. The RAM, hard drive, and CPU are fairly easy to test; a number of free programs exist to test them. I recommend Memtest86 for the RAM, and Prime95 for the RAM and CPU. Most RAM problems are due either to faulty modules or configuration issues. Overclocking the CPU can cause the system to error, as well.
Most hard drive manufacturer's provide their own disk diagnostics; Data Lifeguard Tools for Western Digital drives, Hitachi DFT for Hitachi drives, SeaTools for Seagate drives. The aforementioned programs are compatible with any hard drive, so you can use them to test drives by other manufacturers as well.
The PSU and motherboard are not as easy to test. If you are handy with a multimeter, you can try to test the power supply voltages, but the results of this may not be conclusive. Expensive programs exist to test the motherboard, but again, they are inconclusive, and of course...expensive. They are usually diagnosed by swapping them out with known good ones, or by RMAing them and waiting for the manufacturer's response.
Software is also a major cause of BSODs. Malware is sometimes at fault, but usually buggy, incompatible, or corrupted drivers are to blame. As a general rule of thumb, it is best to keep all drivers and software up-to-date; checking your computer manufacturer's site for driver updates is a good idea. If the computer manufacturer has not released new drivers for some time, try the chipset manufacturer. For example, the latest Ethernet drivers released for a particular Dell machine might be dated December 2009, but a check on the chipset manufacturer's site (say Marvell), shows drivers dated from September 2010.
Some drivers are more likely to cause BSODs than others; for example, SPTD is a driver used by a few CD virtualization and ISO-mounting programs; most notably, Daemon Tools and Alcohol 120%. SPTD has been causing BSODs for quite some time, and surprisingly, newer versions do not fix this. Windows Vista and 7 also gained a reputation for crashing with third-party security programs, although newer versions of these programs have seemed to correct this.
It takes some experience to recognize repeat offenders, but it is fairly easy to keep programs up-to-date. Microsoft has released a hotfix that addressed the BSODs seemingly caused by ZoneAlarm; the lesson to be taken away from this is to install your Windows Updates!
If you get suspected software BSODs, and updating drivers and other software does not help, consider a System Restore. Choose a restore point from some time before the BSODs started, as the real problem may have started before the first BSOD. As a last resort, remember that a clean install will take care of any software-related problems. This can be a time-consuming process, however.
Finally, if you get stuck on a BSOD problem, don't hesitate to ask for help. There are a number of free tech support sites online, several of which have excellent BSOD staff. They will typically ask for the dump files generated, and depending on the site, a full system report. Analysts who have thousands or tens of thousands of bluescreen cases under their belts can fire some dumps through their debuggers, check event logs and other reports, and type out a reply with excellent efficiency.
The tips displayed are often useless to the BSOD victim. Many BSODs appear for no apparent reason; no hardware has been changed or software installed.
The BSOD is technically know as a “Bugcheck†or “Bluescreen†by Windows, and results when Windows encounters an error it is incapable of recovering from. That can be caused by either hardware or software, or even a power fluctuation. Rather than risk data corruption or hardware damage, Windows shuts down; by default, it is configured to dump the contents of the RAM and page file that the OS is using to a file on the hard drive.
It is often these dump files that leave the most clues for the BSOD analyst. Analysts can run these files through a debugger and see what process was “in front†at the time of the crash, what drivers were loaded in RAM, and much more. Even that, however, can be confusing for those who have not seen thousands of dumps before. What do you do if the debugger points to “ntkrnlmp.exeâ€, “ntoskrnl.exeâ€, or “win32k.sys†as the probable cause? Those are core OS files; certainly not the cause of a BSOD, right?
Thus, some generic troubleshooting tips are needed. The advice the actual bluescreen gives is sound: “Check to make sure any new hardware or software is properly installed†and “...disable or remove any newly installed software or hardware.†If nothing has been added or changed, faulty or dying hardware may be the cause, but software is still worth investigating. Do the BSODs occur during Safe Mode as well? If so, that suggests a hardware problem; if not, there is a good chance software is the cause.
As far as hardware goes, anything can be the culprit. There are bizarre cases of a bad DVD drive, a short in a monitor, and a conflict between a television remote and a TV tuner causing BSODs; however, most hardware BSODs are caused by the RAM, hard drive, motherboard, power supply, video card, or CPU. The RAM, hard drive, and CPU are fairly easy to test; a number of free programs exist to test them. I recommend Memtest86 for the RAM, and Prime95 for the RAM and CPU. Most RAM problems are due either to faulty modules or configuration issues. Overclocking the CPU can cause the system to error, as well.
Most hard drive manufacturer's provide their own disk diagnostics; Data Lifeguard Tools for Western Digital drives, Hitachi DFT for Hitachi drives, SeaTools for Seagate drives. The aforementioned programs are compatible with any hard drive, so you can use them to test drives by other manufacturers as well.
The PSU and motherboard are not as easy to test. If you are handy with a multimeter, you can try to test the power supply voltages, but the results of this may not be conclusive. Expensive programs exist to test the motherboard, but again, they are inconclusive, and of course...expensive. They are usually diagnosed by swapping them out with known good ones, or by RMAing them and waiting for the manufacturer's response.
Software is also a major cause of BSODs. Malware is sometimes at fault, but usually buggy, incompatible, or corrupted drivers are to blame. As a general rule of thumb, it is best to keep all drivers and software up-to-date; checking your computer manufacturer's site for driver updates is a good idea. If the computer manufacturer has not released new drivers for some time, try the chipset manufacturer. For example, the latest Ethernet drivers released for a particular Dell machine might be dated December 2009, but a check on the chipset manufacturer's site (say Marvell), shows drivers dated from September 2010.
Some drivers are more likely to cause BSODs than others; for example, SPTD is a driver used by a few CD virtualization and ISO-mounting programs; most notably, Daemon Tools and Alcohol 120%. SPTD has been causing BSODs for quite some time, and surprisingly, newer versions do not fix this. Windows Vista and 7 also gained a reputation for crashing with third-party security programs, although newer versions of these programs have seemed to correct this.
It takes some experience to recognize repeat offenders, but it is fairly easy to keep programs up-to-date. Microsoft has released a hotfix that addressed the BSODs seemingly caused by ZoneAlarm; the lesson to be taken away from this is to install your Windows Updates!
If you get suspected software BSODs, and updating drivers and other software does not help, consider a System Restore. Choose a restore point from some time before the BSODs started, as the real problem may have started before the first BSOD. As a last resort, remember that a clean install will take care of any software-related problems. This can be a time-consuming process, however.
Finally, if you get stuck on a BSOD problem, don't hesitate to ask for help. There are a number of free tech support sites online, several of which have excellent BSOD staff. They will typically ask for the dump files generated, and depending on the site, a full system report. Analysts who have thousands or tens of thousands of bluescreen cases under their belts can fire some dumps through their debuggers, check event logs and other reports, and type out a reply with excellent efficiency.
Last edited by a moderator:
