How to Analyze a BSOD Crash Dump

Blue screens of death can be caused by a multitude of factors. There are many tools on the internet that can analyze these; however, Microsoft has its own tool. When a computer is exhibiting problems, most users are reluctant to download a 3rd party tool that "might make things worse." This is where the Windows Debugging Tools come into play.

23-12-31Update!

Microsoft has made the tool available for download without having to install it as part of a package. WooHoo! This package, according to their documentation, only works with Windows 10/11. I am currently running Linux, so I cant test it. ( side note: If you want to try Linux, id highly recommend this https://fedoraproject.org/spins/kde/ It's a Fedora spin called Plasma. Its a lot like Windows, but its ultra stable and secure out of the box, let me know if you're interested or need help.) I might make a tutorial; however, we are talking about Windows now, here's the link: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/ Download the tool and continue from Step 4.

This How to Will Instruct a User on How to Install the Tool and How to Analyze a Crash Dump to Determine the Cause.

Download the Debugging Tools for Windows

The tools are included as part of the Windows Software Development Kit (SDK) for Windows. We only want the tools.

Windows 7 and Newer: Navigate to the Windows Dev Center to download the Windows Software Development Kit downloader. This is not the tool, its only the downloader for the tool.
Windows Vista and XP: Download the Microsoft Windows SDK for Windows 7 and .NET Framework 4 as .NET Framework 4.5 is not supported on Windows XP.

Run the Setup for the SDK

The installer is a downloader for the complete SDK. We don't want all the extras, we just want the tools.

Click Next through the installer until you reach the screen that downloads the packages, labeled: "Select the features you want to install."
Deselect all the checkboxes next to all the packages except Debugging tools for Windows
Click Install.

Wait for the Installer

Wait for the installer to download the packages and install them. Once the installation is complete, click on Close.

Run WinDbg

Run Windbg as administrator. The screenshot is from Windows 8.1, but this step is the same for all Operating systems Vista and higher, run as Administrator.
1. On Windows 8.1, this is achieved by searching for the program, then Right Clicking it in the list to the right.
2. It is important that Windbg be ran as Administrator.
  1. On Windows 8 and higher machines, there are permission issues reading crash dumps when the user isn't elevated.

Set the Symbol Path

Windbg requires a symbol file path.

Click on File
Click on Symbol File Path ...

Input the Symbols File Path

Paste the following text into the Symbol Search Path Dialog
1. SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Click OK

Save the Workspace

Click on File
Click on Save Workspace

Open the Crash Dump

Click on File
Click on Open Crash Dump...
Navigate to: C:\Windows\
Select the file named MEMORY.DMP
Click Open

Analyze!

After opening the crash dump, a window will spawn. The window will rapidly fill with text.

At the bottom of the wall of text, you will notice a line with the text:
1. Probably caused by :
  1. If you can imagine, thats what caused the BSOD.
  2. Google the thing that caused your bsod
    1. For example: In this instance i would google
      1. BSOD Win8.1 NETIO.SYS

OPTIONAL
At the bottom of the block of text, there will be a blue link with the words !analyze -v

Click on the blue link named !analyze -v
This will give a further detailed analysis to post on a forum, or send to someone else.
It will also tell you what kind of fault it was, in this instance, my bsod was a
1. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

Optional: Save the Output

If you wish to save the output to a Text File:

Click on Edit
Click on Write Window Text to File...
Choose a location that is easy to remember, such as Documents.
Share the text file with people that can help!
Done!