Analyze a BlueScreen Dump File

· Windows Scripts

Although this sounds like a difficult task, it is much easier than you may think. When a computer (Microsoft Windows made famous) bluescreens, the operating system is intelligent enough to save as much information as it can on what caused the problem. To ensure you have Memory Dumps enabled, right click on My Computer -> Properties -> Advanced Tab -> Settings under Startup and Recovery -> Make sure something is selected under “Write debugging information”. Directly below, you will see the location of the dump file.

The dump file will be located in one of two locations:

C:\Windows\MiniDump\*.dmp (usually desktop operating systems)


C:\Windows\MEMORY.DMP (usually server operating systems)

You will need to install the Windows Debug Tools from the location specified in the script and then open up a command prompt from the “C:Program FilesDebugging Tools for Windows” location. Copy and paste the last line of the script or drag/drop the script below into the command prompt window and press “Enter”. Click through any prompts and the output should list any .dll or .sys files causing the problem. Then Google for a solution. Google is your friend.

Also, please be sure you have an i386 folder on the root of your C: drive (C:i386) or put in your Windows CD and change the code from “C:i386” to “D:i386” if the D: drive is your CD drive.

Place the script below in a *.CMD file.

REM Use this script to read a Windows Dump file from a Bluescreen
REM Install the Windows Debug Tools from
REM CD to "C:\Program Files\Debugging Tools for Windows"
windbg -y srv*c:\symbols* -i "C:I386" -z "C:\Windows\MiniDump\Mini021711-01.dmp"
author image

About Joseph Spurrier

I'm passionate about building solutions to automate tasks and improve efficiency. I worked for a few companies in the digital healthcare space. My education is in forensics. Tech guy. Traveler. Runner. Guitar player. Scotch and beer enthusiast. GitHub LinkedIn Twitter Google+

Share this post

Comments powered by Disqus