A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Tracking down Blue Screen log



 
 
Thread Tools Display Modes
  #1  
Old October 16th 19, 09:59 AM posted to microsoft.public.windowsxp.general
Pamela[_3_]
external usenet poster
 
Posts: 2
Default Tracking down Blue Screen log

How can I find the blue screen of death log? On booting I get a BSOD and
then an instant re-boot (via the screen offering safe mode) which come sup
okay.

This double booting seems to wipe any log files to show what's happening.
There is nothing created the same day with the extension DMP.

Event Viewer shows Event-ID 26 which suggests a machine check from an
application but there's no further info.

Where can I find other relevant logs, especially amything that shows the
actual BSOD error code or which points to a failing bootup application?


Ads
  #2  
Old October 16th 19, 01:20 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 10,219
Default Tracking down Blue Screen log

Pamela wrote:
How can I find the blue screen of death log? On booting I get a BSOD and
then an instant re-boot (via the screen offering safe mode) which come sup
okay.

This double booting seems to wipe any log files to show what's happening.
There is nothing created the same day with the extension DMP.

Event Viewer shows Event-ID 26 which suggests a machine check from an
application but there's no further info.

Where can I find other relevant logs, especially amything that shows the
actual BSOD error code or which points to a failing bootup application?



Someone here blames "HP software update".

https://social.technet.microsoft.com...m=winservergen

"Check the HKLM\software\microsoft\windows\current version\run"

And if you're saying to yourself "how can I read registry
when OS is dead?". There are ways. And since I'm a particularly
lazy individual, I use the registry editor on a Kaspersky Rescue CD.
That might have made its appearance on the discs, maybe four years
ago or so. It helps if you already have a few KAV discs sitting
around, rather than doing this for the first time (tracking
down the URL will be fun).

https://i.postimg.cc/3NBpbVnN/kasper...sc-regedit.gif

The KAV editor doesn't edit all the registry files. Your
own profile registry file, won't be in there, but you can see
in my picture (which is why I looked), there is HKLM visible
for "local machine", and that's one of the registry files in the
central "CONFIG" directory.

You can edit the registry from there. Editing the registry
will invalidate the registry journal for that file, which
I presume KAV is marking somehow so the OS finds out.

If you're at all concerned about the C: in question, you might be able
to back up the drive first, while the drive is plugged into another
computer. Again, if you were lucky, and happened to have
a Macrium ReflectFree disc, you can boot the WinXP machine
with that, and make a backup of C: and send the image output file
across the network to a second computer that has file sharing
enabled.

I make safety backups all the time, to avoid "sad panda syndrome" :-)

*******

Preparing the OS for crashes, is an art.

The OS isn't set up as well as it might be.

You can set it up, such that the entire memory is dumped.
And then you need to feed it to something like windbg
to be assured it will have a stack trace of what
was going on at a time. There was at least one guy
in the Microsoft Social forum who could decode those.

You're right that there should be a .dmp there somewhere.
I have a ton of those in C:\Windows\Minidmp .

I've got this one

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

And that, I think, is the "hijack mechanism" whereby the .dmp
that *you* should have got, was sent to Microsoft instead.
That's one of the steps for preparing a machine for crashing,
is disabling the Microsoft gravy train so it doesn't
grab your .dmp and run off with it.

When your OS is broken, is (as I discovered), precisely
the wrong time to need to reconfigure stuff like that.
If you knew all the bits and pieces, you might be able
to do it "offline". You can do a few things offline to an
OS. But you really need a thorough recipe to get this
kind of reconfiguration right.

So the steps that would come to mind would be:

1) Disable Dr.Watson so it doesn't run off with the .dmp.
2) Optionally, disable minidumps, and have the machine
save the entire memory image instead. But that is for
cases, where perhaps, you've discovered the minidmp
just doesn't have the information you expected, and
you're getting desperate. Since the machine is as slow
as a drunk, to dump the entire memory, this isn't such
a pleasant thing anyway. The last time I tried that
it probably took about ten minutes.
3) "disabling automatic restarts" has its plusses and minuses.
A plus is, you get to read the message on the screen.
A minus is, sometimes there is more "damage" if you
don't let it automatically restart.

That makes (1) the most profitable thing to start with.

Index of file:///C:/Documents and Settings/All Users/Application Data/Microsoft/Dr Watson/

Name Size Last Modified

File:drwtsn32.log 11540 KB 10/9/2019 11:03:20 PM
File:user.dmp 55 KB 10/9/2019 11:03:20 PM

So whatever broke in my case, left a hell of a big trace behind :-)
And it probably tried to send that to Microsoft. (I had to nuke
and pave my old OS, and my setup got removed in the process and
Dr.Watson is back on again. That's why that is there.) If it
successfully reaches Microsoft, it might clean out
that folder leaving nothing for you. I don't think
what is there in my example, is normal.

Paul
  #3  
Old October 17th 19, 01:53 AM posted to microsoft.public.windowsxp.general
Shadow
external usenet poster
 
Posts: 1,424
Default Tracking down Blue Screen log

On Wed, 16 Oct 2019 09:59:48 +0100, Pamela
wrote:

How can I find the blue screen of death log? On booting I get a BSOD and
then an instant re-boot (via the screen offering safe mode) which come sup
okay.

This double booting seems to wipe any log files to show what's happening.
There is nothing created the same day with the extension DMP.

Event Viewer shows Event-ID 26 which suggests a machine check from an
application but there's no further info.

Where can I find other relevant logs, especially amything that shows the
actual BSOD error code or which points to a failing bootup application?


This is what I use:

https://www.nirsoft.net/utils/blue_screen_view.html

You can save the report to txt or csv.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
  #4  
Old October 19th 19, 01:45 AM posted to microsoft.public.windowsxp.general
J. P. Gilliver (John)[_7_]
external usenet poster
 
Posts: 290
Default Tracking down Blue Screen log

OT for the thread, sorry.

In message , Paul
writes:
[]
Name Size Last Modified

File:drwtsn32.log 11540 KB 10/9/2019 11:03:20 PM
File:user.dmp 55 KB 10/9/2019 11:03:20 PM

[]
Since you've left the year last, I don't know if that's the tenth of
September or the ninth of October. I've configured my system with year
first - AFAIK, no part of the world uses YYYY-d-m (or if any does, it's
rare).

(P. S.: at least you haven't gone for a two-digit year, which leads to
even more ambiguity, or will for another dozen or so years!)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)[email protected]+H+Sh0!:`)DNAf

I don't like activity holidays. I like /inactivity/ holidays.
- Miriam Margolyes, RT 2017/4/15-21
  #5  
Old October 19th 19, 03:34 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 10,219
Default Tracking down Blue Screen log

J. P. Gilliver (John) wrote:
OT for the thread, sorry.

In message , Paul
writes:
[]
Name Size Last Modified

File:drwtsn32.log 11540 KB 10/9/2019 11:03:20 PM
File:user.dmp 55 KB 10/9/2019 11:03:20 PM

[]
Since you've left the year last, I don't know if that's the tenth of
September or the ninth of October. I've configured my system with year
first - AFAIK, no part of the world uses YYYY-d-m (or if any does, it's
rare).

(P. S.: at least you haven't gone for a two-digit year, which leads to
even more ambiguity, or will for another dozen or so years!)


The weird part, is there was another one recently.

Wednesday, October 16, 2019, 11:14:30 PM

Which is almost exactly a week later than the first.

Paul
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 02:52 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright 2004-2019 PCbanter.
The comments are property of their posters.