For example, Driver Verifier checks the use of memory resources, such as memory pools. Driver Verifier is a tool that runs in real time to examine the behavior of drivers. It is estimated that about three quarters of blue screens are caused by faulting drivers. The Defrag Tools show on Channel 9 - Using Driver Verifier to Gather Information Using the !analyze Extension and !analyze
You can also set a breakpoint in the code leading up to this stop code and attempt to single step forward into the faulting code.įor more information see the following topics:Ĭrash dump analysis using the Windows debuggers (WinDbg)Īnalyzing a Kernel-Mode Dump File with WinDbg The !analyze debug extension displays information about the bug check and can be helpful in determining the root cause. To isolate a complex problem and develop a viable workaround, it is useful to record the exact actions that lead to the failure. Remember to capture the exact text in the bug check information section of the error message. Kernel debugging is especially useful when other troubleshooting techniques fail, or for a recurring problem. bugcheck (Display Bug Check Data) command or the !analyze extension command. To see this information a second time, use the.
In this case, the blue screen may not appear immediately, the full details on this crash will be sent to the debugger and appear in the debugger window. If a debugger is attached, a bug check will cause the target computer to break into the debugger. Reading Bug Check Information from the Debugger The stop code hex value associated with the Bug Check Symbolic Name is listed in the Bug Check Code Reference. Use !analyze -v to get detailed debugging information.īugCheck 9F, ĭRIVER_POWER_STATE_FAILURE is the Bug Check Symbolic Name, with an associated bug check code of 9F. When the stop code occurs, the debugger output will include the four parameters after the stop code hex value. For more information, see Analyzing a Kernel-Mode Dump File with WinDbg.Īttach a kernel debugger to the faulting PC. Load the generated dump file and use the !analyze command with the debugger attached. For more information, see Open Event Viewer. The event properties for the BugCheck will list the four stop code parameters. There are multiple ways to gather the four stop code parameters.Įxamine the Windows system log in the event viewer. The parameters are described in Bug Check Code Reference for each stop code. Gathering the Stop Code ParametersĮach bug check code has four associated parameters that provide additional information. There is a stop code hex value associated with each stop code as listed in Bug Check Code Reference. If a kernel-mode dump file has been written, this will be indicated as well with a percentage complete count down as the dump is being written. When it is available, the module name of the code that was being executed is also displayed, such as AcmeVideo.sys. The stop code is displayed such as PAGE_FAULT_IN_NONPAGED_AREA. The following is an example of one possible blue screen: The exact appearance of the blue screen depends on the cause of the error. If you are using an insider build of Windows, the text will be displayed on a green background. This screen is called a blue screen, a bug check screen, or a stop screen. If no debugger is attached, a blue text screen appears with information about the error. If a kernel debugger is attached and active, the system causes a break so that the debugger can be used to investigate the crash. If crash dumps are enabled on the system, a crash dump file is created. If the OS were allowed to continue to run after the operating system integrity is compromised, it could corrupt data or compromise the security of the system. It is also commonly referred to as a system crash, a kernel error, or a stop error. When Microsoft Windows encounters a condition that compromises safe system operation, the system halts.
Note If you are an IT professional or support agent, see this article for additional information, Troubleshoot "blue screen" or Stop error problems before you contact Microsoft Support. If you are a customer who has received a blue screen error code while using your computer, see Troubleshoot blue screen errors.