How to use bluescreenview. BlueScreenView: what is it and how to use it? Features of BlueScreenView

Because it conducts a deeper analysis and more accurately determines the cause of the problem.

Several people contacted me at once asking whether it was worth using the relatively recently released BlueScreenView utility instead of Debugging Tools for Windows to analyze memory dumps. Free NirSoft utilities (author – Nir Sofer) are well known for their usefulness, convenience and thoughtful functionality. And BlueScreenView is really very useful for identifying the problematic driver.

BlueScreenView

Default BlueScreenView looks for dumps in the %systemroot%\Minidump folder, but you can also set up your own folder ( Options –> Advanced). For found drivers, the utility displays:

• In the top panel - the file name, creation date, stop error name, error code, parameters, as well as the driver that supposedly caused the problem ( Caused By Driver).
• In the bottom panel – (depending on the settings in Options –> Lower Pane Mode) all drivers loaded at the time of the error, or only drivers found on the stack. Among all drivers, the drivers that supposedly caused the problem are displayed on a pink background. Also, the utility can display a blue screen, very similar to the one that everyone loves so much.

Important! I should note that when defining a driver you don't have to rely only on the filename in the column Caused by Driver. You should review the drivers in the bottom pane (or just the ones highlighted in pink if you have enabled the display of all drivers), focusing on non-system drivers first.

The utility works very quickly, and also has additional capabilities for copying individual lines and creating HTML reports.

BlueScreenView vs. kdfe.cmd/WinDbg

In the above screenshot, the culprit of the problem was not USBPORT.SYS(system driver), aclaudsl.sys(modem driver). It is the latter that was pointed out by the analysis of kdfe, which relies on Debugging Tools for Windows. And here I come to the question of how correct the analysis of the utility is in comparison with kdfe / WinDbg.

To be honest, I'm not a debugging expert, but one thing is immediately obvious: unlike WinDbg, BlueScreenView does not use symbols downloaded from the Microsoft website for analysis. I asked the author of the program how correct he considered the analysis to be under these conditions. And this is what he replied (abbreviated):

Regardless of whether you use BlueScreenView or WinDbg with symbols, it is impossible to achieve absolute accuracy in driver identification.
I don't think symbols would help my utility perform a more accurate analysis. The symbols contain additional information that can help professionals determine the exact cause—for example, the function within the driver that caused the error. However, identifying the drivers involved in the error can be done based on memory addresses without any symbols.

I decided to check how well BlueScreenView's results match kdfe. Since there is no shortage of material, I took offhand a dozen and a half dumps with the most common codes (0x8E, 0x50, 0xD1 and 0x0A). Only in one case did the results differ: BlueScreenView pointed to the system driver, and kdfe pointed to the Outpost Firewall driver. Testing also revealed that BlueScreenView does not always correctly indicate the problematic driver in the top panel, but in all cases except one mentioned above, the problematic driver was indicated in the bottom panel. Thus, kdfe more clearly indicates the problematic driver. However, the opposite picture was also observed - sometimes kdfe clearly indicates a system driver, while BlueScreenView also identifies non-system drivers, which may also be the cause of the problem.

Summary

Before the advent of the MiniDumper utility, BlueScreenView was recommended for quickly analyzing memory dumps created during BSOD. However, the utility does not always clearly indicate the problematic driver in the top panel. Therefore, instead of admiring the blue screen picture in the bottom panel, it is better to enable the display of drivers for it and study their list. For deep analysis, you still can’t do without WinDbg, and the MiniDumper utility automates this process.

For many users, the periodic appearance of a “Blue Screen of Death” (BSOD) and the subsequent restart of the computer causes real panic, and they begin to look for people who can help deal with the problem. Although you can usually do it yourself. In most cases, the computer begins to behave strangely after updating drivers or installing programs that interfere with the operation of the operating system at the kernel level, such as antiviruses or firewalls, the main thing is to understand what exactly the problem is. The only bad thing is that the BSOD screen is uninformative and disappears from the screen relatively quickly, where you simply don’t have time to read anything and remember what exactly the computer is complaining about. To view detailed information about all BSODs, there is a wonderful utility.

The installation process of the program follows an abbreviated scenario: users can choose in which folder the files will be located (it is advisable to remember the name, then you will have to add localization files there), and which section of the Start menu to push the icon to launch the utility. That's all, click Install, wait a couple of seconds and the application is ready to work.

Before the first launch, for those who are not fluent in English, it is advisable to set the localization of the program to Russian. To do this, on the BlueScreenView download page, download the Russification, saving a zip archive to the computer disk, from which we copy the “BlueScreenView_lng.ini” files to the program folder. Now the program is completely ready to work, and we can launch BlueScreenView, which will automatically find all the minidumps, making it possible to figure out what exactly caused the error.

The program interface is divided into two parts. At the top is a table of files with errors that led to BSOD, which shows the date, name of the error, error code, a bunch of incomprehensible numbers with parameters and addresses, but most importantly, it shows which driver caused the problems. If you click on the desired item with the mouse, a window will pop up where all the information will be displayed in a compact form. The lower part can be customized by choosing what exactly should be displayed: raw data (you don’t even have to try, for you it will be an incomprehensible set of letters and numbers), all loaded drivers, only drivers that led to an error, or a Windows-style blue screen of death . It is worth noting that problematic drivers that caused the operating system to crash are highlighted in red, so they will immediately catch your eye.

To find the software components that cause problems, we analyze memory minidumps, find the problematic driver that constantly causes the error, and remove the programs associated with it or roll back the hardware drivers if they were recently updated. Alternatively, you can use the option in the main menu “Find error code and driver in Google”, clicking on which will open a browser page with a search query for the name of the error and the problematic driver.

For example, your humble servant crashed Windows 8 with enviable frequency; after several hours of work, the computer showed a blue screen of death. A short investigation showed that the error was caused by the avgntflt.sys driver, which is part of the antivirus. Therefore, I had to temporarily uninstall Avira until it was adapted for Windows 8, and install an alternative antivirus.

There are no settings for regular BlueScreenView users

As practice has shown, BlueScreenView is a very useful utility that will help you determine what exactly causes the BSOD and in which direction to dig to solve the problem. The program interface is made very simply and rationally; the necessary information can be reached with one click of the mouse. True, you still have to think with your head and do everything carefully without slashing with a saber from your shoulder.

Works great on 32 and 64 bit operating systems. The program interface has been translated into several dozen languages, including Russian.

BlueScreenView free download page http://www.nirsoft.net/utils/blue_screen_view.html

Latest version at the time of writing BlueScreenView 1.46

Program size: installation file 137 KB

Compatibility: Windows Vista, Windows 7, 8 and Windows XP

Hello everyone, today is an article about how to use the BlueScreenView utility from NirSoft from the rescue disk if the Windows blue screen of death does not allow the system to even start. How can you use it to find out the cause of BSOD?

The article is an addition to the article “How to fix BSOD blue screen?” (link at the bottom of the page), so read it to complete the picture and clarify the scale of the tragedy.

SYMPTOMS: the blue screen of death appears before or during Windows boot, it is impossible to get into Windows, safe mode does not help. Let's try to find out the cause of the BSOD from the emergency disk.

The principle of operation of the program is to remove information from a file under the name MEMORY.DMP, which will appear inevitably (with the default checkbox opposite Write event to system log – see figure below) after the BSOD appears (no BSOD - no file). It is created by the system and will appear in the system root folder (for Windows 7 and later) at %SystemRoot%\MEMORY.DMP.

Don't be confused by this path - for the user's eyes it looks like C:\Windows\MEMORY.DMP. If you are not sure what the root folder of the system is, you can easily check it. Team set in the command console opens the main paths and directories of Windows. So, by typing

you will see the real names of your folders and subdirectories. And here's what it looks like:

Starting with Windows 7, information about BSOD is displayed in the Action Center, which, if such a problem occurs, can be easily accessed by clicking on the flag in the lower right corner of the system tray:

I repeat, the item with the ability to solve the problem appears only after a critical situation, and since the BSOD does not make it possible to even log into the system, there is no hope even for a much more informative system event log, which in a working system is located at:

Control Panel-Administration-Event Viewer-Windows Logs-System

Here it is (mine is clean, as you can see):

Windows has a habit of assigning a code to any event - whether it is critical or not. If you were able to log into the system after a BSOD, you would probably see a critical error warning with an assigned code similar to:

However, in any case, the appearance and reading of such errors registered by the system gives little concrete information to any of us. The codes often intersperse with each other, and in our case the system simply refuses to work.

Find out the cause of BSOD using BlueScreenView

I know of several utilities that can indicate the correct path. The program copes with problems very well WhoCrashed(home version is free). However, the presented task can be completed by the equally effective and included BlueScreenView.

We launch the utility in the image of the first picture in the article. Now in the window you need to specify the path to the specified file MEMORY.DMP. It will display a copy of the information displayed by the screen itself:

And the last line Dumping physical memory to disk means that the error was written to the mentioned file. So don’t rush to immediately turn off your computer after a BSOD freezes the system.

A line with the specified event will appear in the list of events:

Double clicking on the .dmp file will expand information about it:

However, pay attention to the fact that if the list of drivers at the bottom of the table (files .sys) is empty, then the reason most likely lies in Windows system files - such damage often occurs in Windows when forced to shut down or reboot while applying updates. In this case, the system recovery console rarely helps, since a whole chain of files critical for the system fails, but remains untouched for the user’s eyes.

Well... Congratulations... You're getting closer. But if “broken” drivers are found, then remember that they are found using a search in the same Hiren's Boot CD or search engine. Find it/them and delete it. They can belong to both the system itself and installed programs: games, antiviruses, etc. Try logging into Windows again.

One way or another, you have an error code, which, however, is not very informative. Take into account the information received from official and not so official sources, but take into account the tools used in the article. Do not rush inside the computer with a screwdriver; do not heed the advice of not always competent users on the Internet without looking back; start testing the hardware.

Find out the cause of BSOD - what else?

There are still some ways to find out the cause of the BSOD. There are several serious Internet resources that can give good advice on what caused the blue screen error. Some sites give the answer automatically. For example, here:

Http://www.osronline.com/page.cfm?name=analyze

The site is in English, but the interface of the buttons for adding a file containing a bug report is in Russian. Specify the path to the file and receive a detailed answer.

Read: 116

The appearance of the “blue screen of death,” also abbreviated as BSoD, comes as a shock to most users. Sometimes it can appear for no apparent reason, which an ordinary user cannot identify. For this purpose, a special BlueScreenView program was developed. In this review we will tell you how you can use this application. We will also touch on some theoretical issues related to the occurrence of such failures.

Causes of the Blue Screen of Death

To better understand the essence of the phenomenon, it is necessary to compare a computer with the human psyche. So, for example, if a person suddenly sees something scary, he will instantly get scared and faint. About the same thing happens with a computer. Only in this case, the cause is some kind of critical error, software or mechanical failure. The computer seems to be afraid. A “blue screen” is a sign of such a fainting state. In some cases, the appearance of a blue screen of death can also be interpreted as a defensive reaction. In this case, the system simply disables all processes that may threaten the security or performance of the computer system. Usually after rebooting the system everything starts working normally. However, if the blue screen of death occurs for the second or third time, then you need to urgently look for the cause of such failures and ways to eliminate the causes from their occurrence. Although the screen contains an indication of the failure that has occurred (a description of the error with a special stop code), the average user sometimes cannot understand what the cause of the failure was. The main causes of failure include mechanical damage to PC hardware components (most often problems arise with RAM, video and audio equipment). Conflicts can also arise at the level of incorrectly installed drivers or after installing software and games that do not match the computer configuration. Such situations arise when software requirements are obviously higher than those provided for by a particular computer system. A blue screen may also be caused by viruses and malicious codes.

With the BlueScreenView program, identifying errors and obtaining the most complete information on all conflicts that arise becomes an elementary task for those users who do not particularly understand the essence of the issue. What is BlueScreenView 1.42 and what is it for? BlueScreenView is one of the simplest tools for identifying specific causes of blue screens. Using this program, you can view crash dumps and find out which software or hardware component caused the situation. Based on the received report, you will be able to take appropriate measures to eliminate the situations that have arisen.

BlueScreenView: Presets

Before you figure out how to properly use BlueScreenView, you need to do some preliminary setup. Surely many users have noticed that information about a failure appears on the screen for only a few seconds. After this, the system automatically reboots. Sometimes the user does not even have time to read the critical error message. To prevent this from happening, you just need to disable rebooting. This is done very simply. First, you need to right-click on the computer icon to bring up the properties menu. Next, you need to go to the “Advanced” section and click on the options button on the boot and recovery line. In the new window, you need to uncheck the option that indicates the use of automatic reboot when the system crashes.

How to use BlueScreenView?

Now let's move on to looking at the program itself. The most important feature of this software product is that its current modification is available in the form of a portable version. This means that the program does not require installation on the user’s personal computer. The downloaded archive must simply be unpacked to any convenient location and launched from the main program folder. Versions for 32-bit and 64-bit systems are available for use, not to mention the fact that the system supports a huge number of language packs. The weight of the program is only 54 KB. Now let's talk about using the program in the most primitive case. The main BlueScreenView application window is divided into two large fields. Error dumps are displayed at the top, and problematic components and drivers are displayed at the bottom. To get the most complete information on the failure you are interested in, you need to select it in the upper window, and in the lower window, double-click on the problematic component that caused the critical error. Such problematic components are marked in red. As a result, a report window will be displayed, which indicates the file name, its description, location, version, and software developer. Thus, it immediately becomes clear what could have influenced the occurrence of problems. Next, you need to make a decision to eliminate the problems that have arisen. This could be reinstalling or updating the problematic driver.

BlueScreenView: additional tools

Additional features of the BlueScreenView program include a convenient system for sorting and organizing the displayed information. For example, a user can leave only the information that interests him at a given time. Everything else can be removed. If desired, it will also be possible to display the original “blue screen” below, which was shown on the monitor at the time of the system crash.

Generating and sending reports

Let's talk a little more about one more feature that is present in the BlueScreenView program. You should already understand how to use this utility. However, any user may have a situation when they do not want to analyze the crash report. Or the user may simply not understand the essence of the failure and not find the appropriate method to resolve the problem. For this purpose, the BlueScreenView application provides a special function for instantly sending a report in the form of an HTML document. You can send the report to one of your friends or specialists. To do this, you need to select the desired dump file in the top field, call up the context menu using the right mouse click, where you need to use the corresponding line to create an HTML report. There are also several possible options for action, such as searching for the error you are interested in in Google or a number of additional settings.

Possible startup errors

In some cases, an error occurs when launching the application itself. There are many reasons for this behavior. First, you need to pay attention to the fact that you only need to run the BlueScreenView program as an administrator. Also, during startup, an error may appear if the downloaded file did not initially contain all the components that are necessary for the application to function correctly. Also, the file may simply be damaged or “under-downloaded”. There may also be situations in which the bit depth of the operating system and application do not match. It's worth paying attention to such little things. It is better to download this application to your PC from trusted resources, since there are known cases where viruses were hidden in archives. As a last resort, before unpacking the file, it is better to immediately check it with an antivirus program.

Bottom line

That's all the information regarding the BlueScreenView program. Now you know how to use this utility. There is nothing supernatural about this. It remains only to note that on the Internet you can easily find the BlueScreenView utility in Russian. For many users, this will greatly facilitate the work not only with the main elements of the interface, but also with the description of reports issued by the system.

Appears on a Windows system after a system crash, when your operating system reaches a threshold where it can no longer function safely. The stop error gets its name as a blue screen error because the warning message is displayed on a blue screen with a sad emoji and a QR code that offers several possible fixes.

BSOD usually occurs due to several reasons such as corrupted Windows registries, bad drivers, misconfigured device drivers, corrupted files, outdated driver, memory issues, and system hardware issues. When you encounter a BSOD, your system will require a reboot to continue working. However, it is recommended that users write down the error message and error code before rebooting.

The BSOD error is mainly displayed when your system is unable to recover from an error at the kernel level. The error message usually displays driver data associated with the error and other information about the problem and their possible fixes. Also, when your system crashes with BSOD error, the system creates minidump files and all the memory data with error data is dumped to the hard drive for further debugging. There are many ways you can read minidump files for troubleshooting purposes. But the easiest way is to use the free and convenient BlueScreenView utility, which allows users to easily read the error report for troubleshooting.

BlueScreenView is a user-oriented utility that automatically scans all minidump files generated after a BSOD crash into one table. For each crash, BlueScreenView gives details of the driver that was loaded at the time of the crash and other crash information to easily troubleshoot problems and find suspected problematic drivers. Additionally, the free tool displays a blue screen error screen very similar to the one Windows displayed during the system crash.

Using Blue Screen View is quite simple. All you have to do is run executables that automatically scan all the minidump files that were created at the time of the crash. This basically displays the dump files generated by the crash in the top pane and displays the associated drivers in the bottom pane. In this article, we will explain how to use BlueScreenView to read a crash report.

Once you have downloaded and installed it, run BlueScreenView.exe launched file.

Once you run the executable, BlueScreenView will automatically scan your entire minidump folder to display the details of the crash. It displays the dump files generated by the crash in the top pane of the window and displays the associated drivers in the bottom pane of the window.

To view error properties, double-click the drivers that display error data in a table format.

Users can also submit an HTML report for troubleshooting purposes. To do this, right-click on the dump file and select HTML report - all elements or HTML report - selected elements in the drop-down menu.

You can also save reports to debug recurring problems. To do this, right-click on the dump file and select the option Save selected items.

BlueScreenView allows the user to customize the columns you want to make visible and change the order of the columns using Move up/move down Button.

It is also available in other languages. To change the BlueScreenView language, download the appropriate language zip file, extract "Bluescreenview_lng.ini", and place it in the same folder where you installed the utility.

BlueScreenView is designed to run on versions of Windows and can read minidump files generated by both 32-bit and x64 systems. The utility is available in different languages ​​and you can download it.

I hope you find this post helpful.