How to analyze a memory dump on Windows after a blue screen error?

14

My computer running Windows 7 x64 crushes time to time. Could you please advise how to analyze the memory dump or point out possible cause and further troubleshooting steps?

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff96000015de8, 0xfffff88007db9fb0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080210-24819-01.

The quotation from the result of WinDbg run

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

...

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: explorer.exe

...

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

Is there any way to understand which particular driver has a problem?

windows-7
memory
black-screen-of-death
dump
asked on Super User Aug 2, 2010 by bublegumm • edited Jan 27, 2019 by I say Reinstate Monica

3 Answers

19

I would use Microsoft's debugging tool: WinDbg. It can read and automatically analyze memory dumps like yours. (The WinDbg command is aptly named: !analyze)

The tool is powerful, but quite complex. Here is a detailed HOW TO guide.

The same forum suggests BlueScreenView. I have not tried it; it's probably simpler to use, but does not give as detailed information.


update:

Is there any way to understand which particular driver has a problem?

After !analyze run k or kd. This will show the stack trace right before the crash. The stack trace is the list of function calls made right before the crash, with the most recent one at the top. You should at least be able to learn the filenames of the modules (DLL's) involved.

I suggest sharing the full results of !analyze and/or the memory dump with people who are are skilled at WinDbg and are interested in helping. The previously linked MajorGeeks forum looks like a good place.

answered on Super User Aug 3, 2010 by Leftium • edited Apr 16, 2018 by 0xC0000022L
1

There is a free tool called BlueScreenView it will analyze the dump files from c:\windows\minidump and will show a graphical windows ,so user can identify the errors

answered on Super User Jun 13, 2013 by jacob justin • edited Apr 16, 2018 by 0xC0000022L
-1

This may be causing it http://support.microsoft.com/kb/980932 (Use "View and request hotfix downloads" at the top of the page to request the hotfix, do not apply the Hotfix if it is not a 1394 Firewire issue)

Otherwise its Probably a video driver causing it, seems to be common in W7, but other hardware can cause it also, bad memory modules are also highly suspect.

Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION

http://msdn.microsoft.com/en-us/library/ff558949(v=VS.85).aspx

The SYSTEM_SERVICE_EXCEPTION bug check has a value of 0x0000003B. This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. Parameters

The following parameters are displayed on the blue screen. ParameterDescription 1The exception that caused the bug check 2The address of the exception record for the exception that caused the bug check 3The address of the context record for the exception that caused the bug check 40

Cause

This error has been linked to excessive paged pool usage and may occur due to user-mode graphics drivers crossing over and passing bad data to the kernel code.

answered on Super User Aug 3, 2010 by Moab • edited Aug 3, 2010 by Moab

User contributions licensed under CC BY-SA 3.0