If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Tracking down Blue Screen log
How can I find the blue screen of death log? On booting I get a BSOD and
then an instant re-boot (via the screen offering safe mode) which come sup okay. This double booting seems to wipe any log files to show what's happening. There is nothing created the same day with the extension DMP. Event Viewer shows Event-ID 26 which suggests a machine check from an application but there's no further info. Where can I find other relevant logs, especially amything that shows the actual BSOD error code or which points to a failing bootup application? |
Ads |
#2
|
|||
|
|||
Tracking down Blue Screen log
Pamela wrote:
How can I find the blue screen of death log? On booting I get a BSOD and then an instant re-boot (via the screen offering safe mode) which come sup okay. This double booting seems to wipe any log files to show what's happening. There is nothing created the same day with the extension DMP. Event Viewer shows Event-ID 26 which suggests a machine check from an application but there's no further info. Where can I find other relevant logs, especially amything that shows the actual BSOD error code or which points to a failing bootup application? Someone here blames "HP software update". https://social.technet.microsoft.com...m=winservergen "Check the HKLM\software\microsoft\windows\current version\run" And if you're saying to yourself "how can I read registry when OS is dead?". There are ways. And since I'm a particularly lazy individual, I use the registry editor on a Kaspersky Rescue CD. That might have made its appearance on the discs, maybe four years ago or so. It helps if you already have a few KAV discs sitting around, rather than doing this for the first time (tracking down the URL will be fun). https://i.postimg.cc/3NBpbVnN/kasper...sc-regedit.gif The KAV editor doesn't edit all the registry files. Your own profile registry file, won't be in there, but you can see in my picture (which is why I looked), there is HKLM visible for "local machine", and that's one of the registry files in the central "CONFIG" directory. You can edit the registry from there. Editing the registry will invalidate the registry journal for that file, which I presume KAV is marking somehow so the OS finds out. If you're at all concerned about the C: in question, you might be able to back up the drive first, while the drive is plugged into another computer. Again, if you were lucky, and happened to have a Macrium ReflectFree disc, you can boot the WinXP machine with that, and make a backup of C: and send the image output file across the network to a second computer that has file sharing enabled. I make safety backups all the time, to avoid "sad panda syndrome" :-) ******* Preparing the OS for crashes, is an art. The OS isn't set up as well as it might be. You can set it up, such that the entire memory is dumped. And then you need to feed it to something like windbg to be assured it will have a stack trace of what was going on at a time. There was at least one guy in the Microsoft Social forum who could decode those. You're right that there should be a .dmp there somewhere. I have a ton of those in C:\Windows\Minidmp . I've got this one C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp And that, I think, is the "hijack mechanism" whereby the .dmp that *you* should have got, was sent to Microsoft instead. That's one of the steps for preparing a machine for crashing, is disabling the Microsoft gravy train so it doesn't grab your .dmp and run off with it. When your OS is broken, is (as I discovered), precisely the wrong time to need to reconfigure stuff like that. If you knew all the bits and pieces, you might be able to do it "offline". You can do a few things offline to an OS. But you really need a thorough recipe to get this kind of reconfiguration right. So the steps that would come to mind would be: 1) Disable Dr.Watson so it doesn't run off with the .dmp. 2) Optionally, disable minidumps, and have the machine save the entire memory image instead. But that is for cases, where perhaps, you've discovered the minidmp just doesn't have the information you expected, and you're getting desperate. Since the machine is as slow as a drunk, to dump the entire memory, this isn't such a pleasant thing anyway. The last time I tried that it probably took about ten minutes. 3) "disabling automatic restarts" has its plusses and minuses. A plus is, you get to read the message on the screen. A minus is, sometimes there is more "damage" if you don't let it automatically restart. That makes (1) the most profitable thing to start with. Index of file:///C:/Documents and Settings/All Users/Application Data/Microsoft/Dr Watson/ Name Size Last Modified File:drwtsn32.log 11540 KB 10/9/2019 11:03:20 PM File:user.dmp 55 KB 10/9/2019 11:03:20 PM So whatever broke in my case, left a hell of a big trace behind :-) And it probably tried to send that to Microsoft. (I had to nuke and pave my old OS, and my setup got removed in the process and Dr.Watson is back on again. That's why that is there.) If it successfully reaches Microsoft, it might clean out that folder leaving nothing for you. I don't think what is there in my example, is normal. Paul |
#3
|
|||
|
|||
Tracking down Blue Screen log
On Wed, 16 Oct 2019 09:59:48 +0100, Pamela
wrote: How can I find the blue screen of death log? On booting I get a BSOD and then an instant re-boot (via the screen offering safe mode) which come sup okay. This double booting seems to wipe any log files to show what's happening. There is nothing created the same day with the extension DMP. Event Viewer shows Event-ID 26 which suggests a machine check from an application but there's no further info. Where can I find other relevant logs, especially amything that shows the actual BSOD error code or which points to a failing bootup application? This is what I use: https://www.nirsoft.net/utils/blue_screen_view.html You can save the report to txt or csv. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#4
|
|||
|
|||
Tracking down Blue Screen log
OT for the thread, sorry.
In message , Paul writes: [] Name Size Last Modified File:drwtsn32.log 11540 KB 10/9/2019 11:03:20 PM File:user.dmp 55 KB 10/9/2019 11:03:20 PM [] Since you've left the year last, I don't know if that's the tenth of September or the ninth of October. I've configured my system with year first - AFAIK, no part of the world uses YYYY-d-m (or if any does, it's rare). (P. S.: at least you haven't gone for a two-digit year, which leads to even more ambiguity, or will for another dozen or so years!) -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf I don't like activity holidays. I like /inactivity/ holidays. - Miriam Margolyes, RT 2017/4/15-21 |
#5
|
|||
|
|||
Tracking down Blue Screen log
J. P. Gilliver (John) wrote:
OT for the thread, sorry. In message , Paul writes: [] Name Size Last Modified File:drwtsn32.log 11540 KB 10/9/2019 11:03:20 PM File:user.dmp 55 KB 10/9/2019 11:03:20 PM [] Since you've left the year last, I don't know if that's the tenth of September or the ninth of October. I've configured my system with year first - AFAIK, no part of the world uses YYYY-d-m (or if any does, it's rare). (P. S.: at least you haven't gone for a two-digit year, which leads to even more ambiguity, or will for another dozen or so years!) The weird part, is there was another one recently. Wednesday, October 16, 2019, 11:14:30 PM Which is almost exactly a week later than the first. Paul |
Thread Tools | |
Display Modes | |
|
|