Ananlyzing Blue screen of Death using Windbg tool
Here I am going to show you how to analyze the minidump file to identify the cause of BSOD which happend in my laptop. The minidump file will be located in C:\Windows\minidump\ where we can find the dump file in date month year time format. eg:150513-22994-01.dmp.
You have to download the Windbg tool from the below link to analyze the minidump file.
http://msdn.microsoft.com/en-US/windows/hardware/gg463009/
After installation of the Windbg tool, you have to configure the sysmbol path before analayzing the dump file. You can set the sysmbol path by going to File menu, Select Symbol file path and add the below line
SRV*c:\localsymbols*http://msdl.microsoft.com/download/symbols
Now your Windbg tool is ready for analyzing the dump file. You can open the dump file by clicking on File menu and then open crashdump. Then enetr the command !analyze -v in the console as shown in the below figure.
After executing the command you can see a lot of information. If you scrol dwn, you can see the stack memory information during the time of crash. In the below figure you can see that the psfilenc, nt, hal are present in the stack during crash. nt and hal are microsoft drivers and it probably may not be the cause for the crash. We can suspect on psfilenc driver which belongs to Pointsec Encryption software installed in my laptop.
If you scroll down again you can get the diver file information psfilenc.sys.
I have resolved the problem by uninstalling the Pointsec Encryption software and reinstalling it back. Then after I never faced BSOD.
You have to download the Windbg tool from the below link to analyze the minidump file.
http://msdn.microsoft.com/en-US/windows/hardware/gg463009/
After installation of the Windbg tool, you have to configure the sysmbol path before analayzing the dump file. You can set the sysmbol path by going to File menu, Select Symbol file path and add the below line
SRV*c:\localsymbols*http://msdl.microsoft.com/download/symbols
Now your Windbg tool is ready for analyzing the dump file. You can open the dump file by clicking on File menu and then open crashdump. Then enetr the command !analyze -v in the console as shown in the below figure.
After executing the command you can see a lot of information. If you scrol dwn, you can see the stack memory information during the time of crash. In the below figure you can see that the psfilenc, nt, hal are present in the stack during crash. nt and hal are microsoft drivers and it probably may not be the cause for the crash. We can suspect on psfilenc driver which belongs to Pointsec Encryption software installed in my laptop.
If you scroll down again you can get the diver file information psfilenc.sys.
I have resolved the problem by uninstalling the Pointsec Encryption software and reinstalling it back. Then after I never faced BSOD.
Comments
Post a Comment