What? Check for bugs?
Author: jason
Date: 2011-05-27 10:57:43
Category: Technical

I overheard a user talking about the dreaded Blue Screen of Death and their computer rebooting 5 times before staying up in Windows long enough for them to login. Interesting, I said as I sipped my coffee. Ticket assigned to me!

I jumped out with Computer Management to take a look at their machine. I filtered the System log for Event IDs 6008 and 1001. Event 6008 is the system recording an unexpected shutdown. 1001 indicates the computer rebooted from a BugCheck.





Then I checked the user's C:\Windows directory for a MEMORY.DMP file. I copied the file to my computer, and hoped they didn't forcibly shut their computer down while the BSOD was saving the memory into the dump file.





I had already downloaded and installed a debugging tool from Microsoft called WinDbg along with the appropriate Symbol packages. Links at the bottom.

I opened WinDbg. I made sure I was pointed at the AMD64 FRE symbols by adding the correct symbol file path (under the File menu). Then I opened the MEMORY.DMP file with the Open Crash Dump menu command.





Right away, at the bottom, the output showed a probable cause: nvlddmkm.sys. The tool also said I could run a !analyze -v for more information.





Before I did the analyze command I jumped out to Bing. I typed in the filename and searched for possible matches and see if anyone else had this problem. The results showed it was likely related to NVidia.





In the bottom input window I typed !analyze -v and hit Enter. The DEFAULT_BUCKET_ID listed Graphics Driver and I saw more references to nvlddmkm.sys. I think I can safely say this BugCheck is the NVidia graphics drivers. So I went to the computer manufacturer's website to see if there is a new video driver. There was and I downloaded it. I asked the Help Desk to coordinate a time to install the driver on the user's computer. Installation went good, and the user hasn't had an unexpected reboot yet. Let's keep our fingers crossed.





Links
Download and Install Debugging Tools for Windows
http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

Download SP1 Symbols: Windows 7 and Windows Server 2008 R2 Service Pack 1 (KB976932)
http://www.microsoft.com/downloads/en/details.aspx?familyId=c3202ce6-4056-4059-8a1b-3a9b77cdfdda

Download Windows Symbol Packages
http://msdn.microsoft.com/en-us/windows/hardware/gg463028

Use the Microsoft Symbol Server to obtain debug symbol files
http://support.microsoft.com/kb/311503

How to install Windbg and get your first memory dump
http://blogs.msdn.com/b/johan/archive/2007/01/11/how-to-install-windbg-and-get-your-first-memory-dump.aspx



jason @ jasonthomasfrance.com - www.masterstationlog.com - copyright 2009