Analyzing BSOD without a dump [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 8 years ago.

Improve this question

One of the drivers I'm developing has caused a BSOD. Unfortunately a dump file was not created since it was not configured / low resources. I was trying to reproduce this crash but no luck so far.

Is there any way to get some info using WinDbg or any other tool? I have this information:

• A screenshot of the BSOD
• The .sys file.
• Its pdb
• The source code
• The machine it was crashed on

I have everything except the dump itself.

Your help will be much appreciated.

---

As I said above, no dump (/minidump) exists. This is the actual problem.

For this specific crash, I know I won't be able to get the stack. Just getting the specific line of code will be good enough. Because the BSOD contains the module's address, it seems like there should be a way to detect which line exactly is it. As I mentioned above, I do have the .sys file, the pdb and the source code.

This is the specific code taken from MSDN: SYSTEM_SERVICE_EXCEPTION. How can I know from there what was the specific line? and/or the specific exception raised?

Answer 1

You have the crash address, want to know the source line?

Fire up kd or windbg, disasm that address and code before it. Find the function entry point (where it adjust the stack) and you can now lookup the symbol table. From there you disasm again and compare the source.

Sorry, I guess you need to read some asm. I know no better way.

Answer 2

If you are lucky you will have minidump in C:\windows, so check if its there. If its available open it in Windbg and analyse. You don't need to configure for low resource to create dump, refer this link http://support.microsoft.com/kb/254649 on how to setup windows to create dump files. Create full dump if you want to debug your driver.

Coming back to your question to analyse issue:

• Refer bugcheck reference here to understand your BSOD error. http://msdn.microsoft.com/en-us/library/windows/hardware/hh406232(v=vs.85).aspx

• Depending upon what BSOD you got, check any parameters or other information to get possible cause.

But its not likely that you will reach to good conclusion with information you have. You will need dump file to really understand the issue.