[Tutorial] Windows Blue Screen Causes and Solutions/Windows Blue Screen Repair Analysis Tool and Usage/Windows Blue Screen Code Log Error Case Analysis and Solutions (Continuously Updated…)

Preface [Suggested Collection]
Firstly, it should be noted that although everyone is troubled by the blue screen on their computers, in reality, the Windows system’s blue screen action is to protect everyone’s data from damage. When the system encounters a serious error, first crash yourself and stop all current behavior to prevent larger and more serious damage to your system and hardware.

The appearance of a blue screen does not necessarily mean that there is a problem with the system itself. The main reasons for a blue screen on a computer are:

  1. Software compatibility issues causing blue screen on the computer;
  2. Hardware driver compatibility issues causing computer blue screen;
  3. Poor contact or damage to the memory module causing the computer to have a blue screen;
  4. Virus Trojan causing computer blue screen;
  5. Hard disk failure causes a bad channel, resulting in a blue screen on the computer;

So in summary, the reason for the blue screen in the system may be either caused by hardware or software; The purpose of organizing this article is to help everyone solve problems such as “how to find the cause of blue screen” and “how to solve blue screen”. It is recommended to save it for future use.

Many friends who upgrade to WIN10/WIN11 will encounter blue screen problems, which are indeed quite common, especially when installing some non Microsoft official pure version optimization systems. Blue screen is not uncommon. Therefore, it is strongly recommended that everyone install Microsoft’s official WIN11 imaging system. Be careful not to install and use many fake “deep” and “computer city” packaging systems that are popular on the internet. These systems are equipped with a lot of rogue software, and some even install trojans on the C drive. Therefore, be careful when installing and using such systems.

How to find the cause of blue screen?
Method 1. Use the Event Viewer to find the cause of the blue screen

  1. Firstly, if we encounter a blue screen phenomenon, we should try restarting the system to see if it can start normally;
  2. If it can start normally, right-click on “Computer” on the desktop and select “Manage”
  3. Next, expand “System Tools” on the left side of the pop-up window and select “Event Viewer”
  4. In the event viewer, we can see the specific issue that caused the blue screen;
  5. Then, simply prescribe the right medicine based on the blue screen situation and the issue displayed in the event viewer to solve the problem.

Method 2. Use the WinDbg Preview tool to analyze the. dmp file and identify the cause of the blue screen
“. dmp” is a file that stores some “scenarios” and debugging symbols at the time of software crashes during runtime; Can be seen as a “scene reproduction” of the cause of the crash.

WinDbg is an open-source tool for analyzing dmp crash files, with strong functionality, produced by Microsoft on its official website.

WinDbg Preview can be downloaded directly from the Microsoft Store;

The official version of WinDbg is integrated into Windows sdk, with the option to install only Windbg;

Search for “WinDbg” in the app store

How to use the blue screen parsing tool WinDbg

WinDbg is launching its Preview version, which can be downloaded directly from the Microsoft Store. The functions are the same as the old version, but the interface is more modern and the operation is simpler.

The first thing to prepare is to turn on the crash dump option in the system properties. Next time when the screen is blue, the system will automatically dump the memory into a file dmp, and we can locate the problem by debugging this file.

After the blue screen occurs, there will be additional dmp files in the C: \ Windows \ Minidump directory.

Then open the dmp file with WinDbg and wait for the loading to complete.

Analyzing crash scenarios using WinDbg requires information.

. dmp file, abbreviated as “dump file” in Chinese

. pdb symbol file, source code [optional]; Advanced usage, not expanded for now

Analysis steps

Temporarily remember to use WinDbg x86 to debug x86 applications; Use WinDbg x64 to debug x64 applications; (Although debugging x86 applications with x64 is possible, some commands need to be set up.).
The command can be entered in the input box at the bottom, and can be executed sequentially as follows. Alternatively, you can click on the blue command directly on the interface and omit manual input commands.
Start debugging and execute the following commands in sequence:

! Analyze – v//Analysis
. ecxr//View the context information of the current exception and some register information
Lmvm “module name”//Download corresponding. pdb
Kb//Display stack crash, specific to line
Detailed case study of WinDbg:

File Symbol File Path
Enter the symbol path window; You can enter any path you like, here I will enter the storage path for. dmp

D: \ dmp

If it defaults to empty, WinDbg will not respond for a long time after loading the. dmp file, and only the resource manager will kill and restart it.

  1. File – Open Crash Dump

Select the current. dmp to open

  1. Execute the following command

! Analyze – v

Start analyzing, wait for a moment, sometimes the process is slow, and the symbol is BUSY in the bottom left corner! Busy reminder

  1. Execution

. ecxr

View relevant information, check the context information of the current exception, and some register information [Important]

After execution, you can see that the DLL module printed on the crash stack is named cloudservice

implement

Lmvm cloudservice

Obtain detailed information about this DLL, build it on Jenkins according to the time, and download the DLL generated simultaneously with the most recent DLL at this time

Cloudservice.pdb

Symbol file;

  1. Take the newly found

Put the cloudservice.pdb file into the D: \ dmp path just now; Open the Step 1 window again and check the “Reload” option in the bottom left corner this time

Reload.

Repeat the command sequence above and execute it in sequence:

! Analyze – v//Analysis
. ecxr//View register and module information
Kb//View crash stack
If the current version of the code is restored to match the DLL version prompted by WinDbg (which can be determined by checking the compilation time and submitted hash through Jenkins), then it is basically accurate. If the code version is ahead of the DLL version, there are also specific functions that crash, and the crash location is also slightly offset around the number of prompt lines.

In fact, in step 6, you can also click on the preceding number to view information about some local variables inside when this function crashes.

Summary: The WinDbg tool can help you find the source of the crash stack, which is the true cause of the system’s blue screen (sometimes caused by hardware/sometimes caused by software), and the analysis table will clearly indicate it.

Attached are several common causes of crashes:

Pointer is empty and requires verification (90%)

There is multithreading concurrency that requires the use of atoms or locks (5%)

The iterator in the cursor using STL failed, and the element was deleted during the traversal process

Memory leakage/insufficient

How to solve the blue screen problem?
Now share some common methods to solve computer blue screens.

If the computer has a blue screen but the system can still be turned on, you can try repairing it through the command prompt:

Two important precautions:

1、 Use the command prompt, always execute as an administrator;

2、 If the installed system is not a non Microsoft official pure version, executing the SFC command may directly cause the system to crash. It is recommended to directly analyze the cause through Windbg and prescribe the right medicine, so as not to execute the SFC command again.

1) SFC

In the command prompt, enter and press enter to execute the [sfc/scan now] command, which is mainly used to repair system files. Whether it is a missing or damaged system file, it can be repaired

SFC includes the following commands:

Sfc/scan: Scan the integrity of all protected system files and repair problematic files as much as possible

Sfc/verify only: Scans the integrity of all protected system files without performing repair operations

Sfc/scanfile: Scan the integrity of the referenced file, and if any issues are found, fix the file (specify the full path)

Sfc/verifyfile: Verify the integrity of files with full paths, but do not perform repair operations. sfc/offbootdir: For offline repair, specify the location of the offline boot directory

Sfc/offwindir: For offline repair, specify the location of the offline Windows directory

Sfc/logfile: For offline repair, selectively enable logging by specifying the log file path

2) Dism

At the command prompt, enter and press enter to execute the DISM/Online/Cleanup Image/CheckHealth command, which can be used to repair Windows system images, install programs, recover programs, and PE systems

3) Initialize

  1. In the command prompt, enter and press enter to execute the [system reset cleanpc] command, which can trigger a system reset;
  2. Newly launched, this will delete all apps and programs, except for those that come standard with Windows. All Microsoft Store apps installed by your manufacturer will also be retained. Your personal files and some Windows settings will be preserved;

Note: It is not recommended to use the sfc/disp command to fix unofficial win systems, as it can easily cause the system to crash directly.

For those who do not know how to install the system, you can refer to the latest official installation tutorial for WIN11:

Windows 11/Win10&Office 2021/Office 365 Permanent Activation Method, Latest Official Pure Version Download and Free Activation of Windows 11, Professional Enhanced Version Download and Free Activation Tutorial for Office 2021 (Original/Full)
272 agree · 36 comment article

Blue screen case analysis and solutions (constantly updated)
① Solution to blue screen caused by Ntkrnlmp.exe
The blue screen issue displayed through the minidump file is caused by ntkrnlmp. exe, which is the kernel file of Windows. This issue is likely caused by an incompatible driver installed on your device, but based on this log file, the specific driver causing the problem cannot be analyzed at the moment.

Suggest conducting a “clean startup” first to eliminate issues caused by third-party application conflicts

Microsoft Official Reference Tutorial: How to Perform Clean Startup in Windows

Uninstall all third-party antivirus and system optimization software (such as 360, Tencent Computer Manager, Lu Master, etc.) from the device.

Download the installation package of the main drivers for the corresponding device model (BIOS, independent and core graphics cards, wired and wireless network cards, sound card drivers) from the official website of the device brand, cover the installation into the device, restart the device after installation, continue using the device according to normal usage habits for a period of time, and see if the blue screen still appears.

Attention: To upgrade computer device drivers, you can use third-party drivers (recommended driver sprites/driver masters, etc.), or download drivers from the device brand’s official website (such as Intel’s official website/Lenovo’s official website, etc.).

② KERNEL-SECURITY-CHECK-FAILURE Blue Screen Solution
The KERNEL-SECURATY-CHECK-FAILURE error may be related to issues with the hard drive, but other factors such as memory cannot be ruled out. We suggest that you temporarily uninstall all third-party security protection software. Windows Defender comes with the system and does not need to be downloaded. Try the following methods simultaneously:

1、 Firstly, it is recommended that you enter safe mode to observe the situation

  1. Press Windows+R, then enter msconfig in the input box and press Enter.
  2. Then select the guide above.
  3. Then check the security boot button, press OK, and restart.

To exit safe mode, simply clear the check mark on the previous secure boot and restart.

2、 If it works normally in safe mode, you can try to troubleshoot the clean startup steps:

Clean startup steps:

  1. Press Windows+R, then enter msconfig in the input box, press enter, and the system configuration dialog box will pop up.
  2. Select General, click “Selected Startup”, and then click to clear the check box above “Load Startup Items”.
  3. Click “Services” again, click “Hide all Microsoft” services, and then click “Disable all”.
  4. Click on “Start” again, click on “Open Task Manager”, click on the startup option, and then click on disable.
  5. Click OK to restart the system.

If you want to restore to a normal state, simply click or click on the “Normal Start” option on the “General” tab in the system configuration dialog box.

3、 Inspection of hard disk, memory, and other issues

To check for issues with the hard drive
Open your start menu/screen, click search, type chkdsk/F C:, and set up a disk check the next time your computer restarts. (Pay attention to backing up/saving files); Your computer is likely to take some time to complete the operation, depending on the size and speed of your hard drive.

  1. Memory issues

Press Win+R key and run: MdSched.exe

Select “Restart now and check for issues” to perform a memory check. Try to pass the test. (Note backing up/saving files)

  1. Driver issues

Press Win+X, select Computer Management, open Device Manager, right-click on all your devices, and then click Update Driver. Please note that Windows may not be able to find updated drivers for certain devices – you may have to manually find them on the manufacturer’s website.

Other cases (to be updated)

Leave a Reply

Your email address will not be published. Required fields are marked *