Андрей Смирнов
Время чтения: ~16 мин.
Просмотров: 3

Определение ошибки «синего экрана смерти». утилита bluescreenview

Debugging examples

Example 1

This bugcheck is caused by a driver hang during upgrade, resulting in a bugcheck D1 in NDIS.sys (a Microsoft driver). The IMAGE_NAME tells you the faulting driver, but since this is Microsoft driver it cannot be replaced or removed. The resolution method is to disable the network device in device manager and try the upgrade again.

Example 2

In this example, a non-Microsoft driver caused page fault, so we don’t have symbols for this driver. However, looking at IMAGE_NAME and or MODULE_NAME indicates it’s WwanUsbMP.sys that caused the issue. Disconnecting the device and retrying the upgrade is a possible solution.

«Синий экран смерти»: причины появления

Чтобы лучше понять суть этого явления, нужно обратиться к сравнению компьютера с человеческой психикой. Например, человек внезапно увидел что-то страшное, моментально испугался и упал в обморок.

То же самое наблюдается и в случае с компьютером, только в качестве причины выступает какая-то критическая ошибка, механический или программный сбой. Компьютер «пугается», а синий экран и является признаком обморочного состояния, хотя в некоторых случаях такое срабатывание можно трактовать еще и как защитную реакцию, когда система отключает все процессы, которые могут угрожать безопасности или работоспособности системы.

Как правило, после повторной загрузки системы все снова работает нормально. Но если экран появляется во второй, в третий раз, тут уже нужно срочно выяснять причину сбоев и применять кардинальные меры по устранению их причин.

Хотя указание на сбой на экране и присутствует (об этом свидетельствует описание ошибки со специальным стоп-кодом), иногда рядовой пользователь не может понять, в чем была причина. Среди основных выделяют следующие:

  • механические повреждения «железных» компонентов (чаще всего проблемы с оперативной памятью, звуковым и видеооборудованием);
  • конфликты на уровне некорректно установленных драйверов;
  • конфликты после инсталляции несоответствующего конфигурации компьютера программного обеспечения или игр (требования ПО заведомо выше, нежели имеет данная конкретная система);
  • воздействие вирусов, вредоносных кодов и т. д.

Но с программой BlueScreenView выявление таких ошибок с получением самой полной информации по возникающим конфликтам становится элементарным делом даже для юзера, который в сути этого вопроса особо и не разбирается.

Advanced troubleshooting steps

Note

Advanced troubleshooting of crash dumps can be very challenging if you are not experienced with programming and internal Windows mechanisms. We have attempted to provide a brief insight here into some of the techniques used, including some examples. However, to really be effective at troubleshooting a crash dump, you should spend time becoming familiar with advanced debugging techniques. For a video overview, see Advanced Windows Debugging and Debugging Kernel Mode Crashes and Hangs. Also see the advanced references listed below.

Debugging steps

  1. Verify that the computer is set up to generate a complete memory dump file when a crash occurs. See the steps for more information.
  2. Locate the memory.dmp file in your Windows directory on the computer that is crashing, and copy that file to another computer.
  3. On the other computer, download the Windows 10 SDK.
  4. Start the install and choose Debugging Tools for Windows. This installs the WinDbg tool.
  5. Open the WinDbg tool and set the symbol path by clicking File and then clicking Symbol File Path.
    a. If the computer is connected to the Internet, enter the Microsoft public symbol server (https://msdl.microsoft.com/download/symbols) and click OK. This is the recommended method.
    b. If the computer is not connected to the Internet, you must specify a local symbol path.
  6. Click on Open Crash Dump, and then open the memory.dmp file that you copied. See the example below.
  7. There should be a link that says !analyze -v under Bugcheck Analysis. Click that link. This will enter the command !analyze -v in the prompt at the bottom of the page.
  8. A detailed bugcheck analysis will appear. See the example below.
  9. Scroll down to the section where it says STACK_TEXT. There will be rows of numbers with each row followed by a colon and some text. That text should tell you what DLL is causing the crash and if applicable what service is crashing the DLL.
  10. See Using the !analyze Extension for details about how to interpret the STACK_TEXT output.

There are many possible causes of a bugcheck and each case is unique. In the example provided above, the important lines that can be identified from the STACK_TEXT are 20, 21, and 22:

(HEX data is removed here and lines are numbered for clarity)

The problem here is with mpssvc which is a component of the Windows Firewall. The problem was repaired by disabling the firewall temporarily and then resetting firewall policies.

Additional examples are provided in the section at the bottom of this article.

BlueScreenView: как пользоваться?

Теперь можно приступать к самой программе

Первое и самое важное: нынешняя ее модификация выпускается в виде портативной версии (Portable), то есть не требует инсталляции. Загруженный архив нужно просто распаковать в удобное для себя место и уже из основной папки программы производить ее запуск (стандартный EXE-файл)

Доступны версии и для 32-х, и для 64-разрядных систем, не говоря уже о том, что утилита поддерживает огромное количество языковых пакетов и «весит» всего-то 54 Кб.

Теперь о том, как пользоваться программой в самом примитивном случае, используя стандартные средства. Главное окно приложения поделено на два больших поля. Сверху отображаются дампы ошибок, снизу – проблемные драйверы и компоненты.

Чтобы получить полную информацию по интересующему нас сбою, его нужно выделить в верхнем окне, а в нижнем – дважды кликнуть по проблемному компоненту, вызвавшему критическую ошибку (все они помечены красным цветом). На экран будет выведено окно отчета, где указывается название файла, его описание, версия, расположение, разработчик ПО и т. д.

Таким образом, сразу становится понятно, что именно повлияло на появление неполадок. Далее принимается решение по устранению проблем (например, переустановка или обновление проблемного драйвера устройства).

Создание и отправка отчетов

Теперь несколько слов еще об одном нюансе, присутствующем в программе BlueScreenView. Как пользоваться утилитой, уже понятно, но у любого пользователя может возникнуть ситуация, когда он не хочет заниматься анализом отчета по сбоям или просто не понимает ни его сути, ни поиска соответствующего метода устранения проблемы.

Для этого в приложении предусмотрена функция моментальной отправки отчета в виде HTML-документа, например, кому-то из друзей или специалистам. Для этого в верхнем поле выбирается нужный файл дампа, а правым кликом вызывается контекстное меню, где используется соответствующая строка создания HTML-отчета. Кроме того, присутствует еще несколько вариантов действий (поиск ошибки в системе Google и ряд дополнительных настроек).

General troubleshooting steps

To troubleshoot Stop error messages, follow these general steps:

  1. Review the Stop error code that you find in the event logs. Search online for the specific Stop error codes to see whether there are any known issues, resolutions, or workarounds for the problem.

  2. As a best practice, we recommend that you do the following:

    a. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:

    • b. Make sure that the BIOS and firmware are up-to-date.

      c. Run any relevant hardware and memory tests.

  3. Run the Machine Memory Dump Collector Windows diagnostic package. This diagnostic tool is used to collect machine memory dump files and check for known solutions.

  4. Run Microsoft Safety Scanner or any other virus detection program that includes checks of the Master Boot Record for infections.

  5. Make sure that there is sufficient free space on the hard disk. The exact requirement varies, but we recommend 10–15 percent free disk space.

  6. Contact the respective hardware or software vendor to update the drivers and applications in the following scenarios:

    • The error message indicates that a specific driver is causing the problem.

    • You are seeing an indication of a service that is starting or stopping before the crash occurred. In this situation, determine whether the service behavior is consistent across all instances of the crash.

    • You have made any software or hardware changes.

      Note

      If there are no updates available from a specific manufacturer, it is recommended that you disable the related service.

      To do this, see How to perform a clean boot in Windows

      You can disable a driver by following the steps in How to temporarily deactivate the kernel mode filter driver in Windows.

      You may also want to consider the option of rolling back changes or reverting to the last-known working state. For more information, see Roll Back a Device Driver to a Previous Version.

Memory dump collection

To configure the system for memory dump files, follow these steps:

  1. Download DumpConfigurator tool.
  2. Extract the .zip file and navigate to Source Code folder.
  3. Run the tool DumpConfigurator.hta, and then select Elevate this HTA.
  4. Select Auto Config Kernel.
  5. Restart the computer for the setting to take effect.
  6. Stop and disable Automatic System Restart Services (ASR) to prevent dump files from being written.
  7. If the server is virtualized, disable auto reboot after the memory dump file is created. This lets you take a snapshot of the server in-state and also if the problem recurs.

The memory dump file is saved at the following locations:

Dump file typeLocation
(none)%SystemRoot%\MEMORY.DMP (inactive, or grayed out)
Small memory dump file (256 kb)%SystemRoot%\Minidump
Kernel memory dump file%SystemRoot%\MEMORY.DMP
Complete memory dump file%SystemRoot%\MEMORY.DMP
Automatic memory dump file%SystemRoot%\MEMORY.DMP
Active memory dump file%SystemRoot%\MEMORY.DMP

You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. For more information, see the following video:

More information on how to use Dumpchk.exe to check your dump files:

  • Using DumpChk
  • Download DumpCheck

Pagefile Settings

  • Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows
  • How to determine the appropriate page file size for 64-bit versions of Windows
  • How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2

Memory dump analysis

Finding the root cause of the crash may not be easy. Hardware problems are especially difficult to diagnose because they may cause erratic and unpredictable behavior that can manifest itself in various symptoms.

When a Stop error occurs, you should first isolate the problematic components, and then try to cause them to trigger the Stop error again. If you can replicate the problem, you can usually determine the cause.

You can use the tools such as Windows Software Development KIT (SDK) and Symbols to diagnose dump logs. The next section discusses how to use this tool.

Tips for Software Engineers

When a bug check occurs as a result of code you have written, you should use the kernel debugger to analyze the problem, and then fix the bugs in your code. For full details, see the individual bug check code in the Bug Check Code Reference section.

However, you might also encounter bug checks that are not caused by your own code. In this case, you probably will not be able to fix the actual cause of the problem, so your goal should be to work around the problem, and if possible isolate and remove the hardware or software component that is at fault.

Many problems can be resolved through basic troubleshooting procedures, such as verifying instructions, reinstalling key components, and verifying file dates. Also, the Event Viewer, the Sysinternals diagnostic tools and network monitoring tools might isolate and resolve these issues.

For general troubleshooting of Windows bug check codes, follow these suggestions:

  • If you recently added hardware to the system, try removing or replacing it. Or check with the manufacturer to see if any patches are available.

  • If new device drivers or system services have been added recently, try removing or updating them. Try to determine what changed in the system that caused the new bug check code to appear.

  • Look in Device Manager to see if any devices are marked with the exclamation point (!). Review the events log displayed in driver properties for any faulting driver. Try updating the related driver.

  • Check the System Log in Event Viewer for additional error messages that might help pinpoint the device or driver that is causing the error. For more information, see . Look for critical errors in the system log that occurred in the same time window as the blue screen.

  • You can try running the hardware diagnostics supplied by the system manufacturer.

  • Run the Windows Memory Diagnostics tool, to test the memory. In the control panel search box, type Memory, and then click Diagnose your computer’s memory problems.‌ After the test is run, use Event viewer to view the results under the System log. Look for the MemoryDiagnostics-Results entry to view the results.

  • Confirm that any new hardware that is installed is compatible with the installed version of Windows. For example, you can get information about required hardware at Windows 10 Specifications.

  • Run a virus detection program. Viruses can infect all types of hard disks formatted for Windows, and resulting disk corruption can generate system bug check codes. Make sure the virus detection program checks the Master Boot Record for infections.

  • Use the scan disk utility to confirm that there are no file system errors. Right click on the drive you want to scan and select Properties. Click on Tools. Click the Check now button.

  • Use the System File Checker tool to repair missing or corrupted system files. The System File Checker is a utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files. Use the following command to run the System File Checker tool (SFC.exe).

    For more information, see Use the System File Checker tool to repair missing or corrupted system files.

  • Confirm that there is sufficient free space on the hard drive. The operating system and some applications require sufficient free space to create swap files and for other functions. Based on the system configuration, the exact requirement varies, but it is normally a good idea to have 10% to 15% free space available.

  • Verify that the system has the latest Service Pack installed. To detect which Service Pack, if any, is installed on your system, click Start, click Run, type winver, and then press ENTER. The About Windows dialog box displays the Windows version number and the version number of the Service Pack, if one has been installed.

  • Check with the manufacturer to see if an updated system BIOS or firmware is available.

  • Disable BIOS memory options such as caching or shadowing.

  • For PCs, make sure that all expansion boards are is properly seated and all cables are completely connected.

Using Safe Mode

Consider using Safe Mode when removing or disabling components. Using Safe Mode loads only the minimum required drivers and system services during the Windows startup. To enter Safe Mode, use Update and Security in Settings. Select Recovery->Advanced startup to boot to maintenance mode. At the resulting menu, choose Troubleshoot-> Advanced Options -> Startup Settings -> Restart. After Windows restarts to the Startup Settings screen, select option, 4, 5 or 6 to boot to Safe Mode.

Safe Mode may be available by pressing a function key on boot, for example F8. Refer to information from the manufacturer for specific startup options.

Advanced troubleshooting using Driver Verifier

We estimate that about 75 percent of all Stop errors are caused by faulty drivers. The Driver Verifier tool provides several methods to help you troubleshoot. These include running drivers in an isolated memory pool (without sharing memory with other components), generating extreme memory pressure, and validating parameters. If the tool encounters errors in the execution of driver code, it proactively creates an exception to let that part of the code be examined further.

Warning

Driver Verifier consumes lots of CPU and can slow down the computer significantly. You may also experience additional crashes. Verifier disables faulty drivers after a Stop error occurs, and continues to do this until you can successfully restart the system and access the desktop. You can also expect to see several dump files created.

Don’t try to verify all the drivers at one time. This can degrade performance and make the system unusable. This also limits the effectiveness of the tool.

Use the following guidelines when you use Driver Verifier:

  • Test any “suspicious” drivers (drivers that were recently updated or that are known to be problematic).
  • If you continue to experience non-analyzable crashes, try enabling verification on all third-party and unsigned drivers.
  • Enable concurrent verification on groups of 10–20 drivers.
  • Additionally, if the computer cannot boot into the desktop because of Driver Verifier, you can disable the tool by starting in Safe mode. This is because the tool cannot run in Safe mode.

For more information, see Driver Verifier.

What causes Stop errors?

A Stop error is displayed as a blue screen that contains the name of the faulty driver, such as any of the following example drivers:

There is no simple explanation for the cause of Stop errors (also known as blue screen errors or bug check errors). Many different factors can be involved. However, various studies indicate that Stop errors usually are not caused by Microsoft Windows components. Instead, these errors are generally related to malfunctioning hardware drivers or drivers that are installed by third-party software. This includes video cards, wireless network cards, security programs, and so on.

Our analysis of the root causes of crashes indicates the following:

  • 70 percent are caused by third-party driver code
  • 10 percent are caused by hardware issues
  • 5 percent are caused by Microsoft code
  • 15 percent have unknown causes (because the memory is too corrupted to analyze)

Возможные ошибки запуска

Но не всегда все так безоблачно. Иногда может возникнуть ошибка при запуске самого приложения. Причин этого можно насчитать достаточно много

Для начала обратите внимание на тот момент, что запускать программу, если вы работаете в системах Windows 7 и выше, нужно исключительно от имени администратора. Также ошибка при запуске может появиться, если изначально загружаемый архив не содержал абсолютно всех компонентов, необходимых для корректного функционирования приложения, был поврежден или просто «недокачан»

Может быть и такое, что разрядность приложения и операционной системы не совпадают (64-битную программу пользователь пытается запустить в 32-битной системе)

На такие, казалось бы, мелочи тоже стоит обратить внимание. Да и загружать приложение на компьютер изначально лучше с проверенных сайтов, поскольку сегодня известны случаи, когда искомый архив содержал вирусы-трояны

В крайнем случае перед распаковкой его лучше сразу проверить хотя бы штатным антивирусным сканером.

Рейтинг автора
5
Материал подготовил
Максим Иванов
Наш эксперт
Написано статей
129
Ссылка на основную публикацию
Похожие публикации