Advice Request Site for Detailed Bluescreen Dump Analysis

Please provide comments and solutions that are helpful to the author of this topic.

AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Bluescreens since I "quarantined" Chrome with Comodo. Just using the native virtualization in CF, and I am not sure it is the cause of the bluescreens. Simple analysis is saying Ntoskrnl.exe is involved, but there isn't anything else to work with to resovle the issue. Thankfully, I remembered this site I had bookmarked long ago for detailed bug check analysis. Just upload the minidump and then wait while the analysis is put together. It is very effective and very fast.

Check this site out if you get a chance or have a bluescreen along the way. It will save you time getting to the bottom of things. This is not typical analysis.

Instant Online Crash Analysis

Here is an example. This bluescreen as seen in Bluescreenview has more to it, including the dump stack. This is not shown, but it is not revealing either. Here is the simple readout for the bluescreen, which shows no information for the cause:

Clipboard01.gif


For this same bluescreen, compare that to this analysis the site churns out:

Analysis.png

I knew the dump was ntoskrnl.exe related from other dump files, but I would never have known that chrome.exe was also involved without this analysis. Saves alot of time. Now I will upload some of the other dumps to see if those were related. Good site to know about and pass on to others with bluescreen problems. Just have them copy and paste the info into a notepad and they can post it anywhere.

BTW, the analysis is for driver devs to use, so it's nice to see a solid commitment like this being made available to anyone. Thx to osronline.com :)
 
  • Like
Reactions: Daviworld, conceptualclarity, roger_m and 5 others
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Really useful site. Many thanks for sharing.

However since my PC has been running Windows 10, I've not had any blue screens or any other colour screens for that matter.

Considering I'm currently running Voodooshield, OSA, ERP 4 and WD concurrently to me that's impressive. When I was on W7 I got blue screens regularly.

You might not like the GUI, but under the hood Windows 8.1 and 10 have been in my experience infinitely more reliable than any previous versions of Windows. And this is on a nine year old Core 2 Duo.
 
  • Like
Reactions: frogboy, upnorth and AtlBo
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
@askmark. Yes, it only makes sense. I think restrictions for writing on W10 are tighter for devs and the kernel more sophisticated in some good ways. Devs probably run into some difficulty making their W10 kernel level coding work in W7, especially considering the dated software written for W7 that is also running and the looser development practices of those times...
 
  • Like
Reactions: frogboy, upnorth and askmark
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
AtlBo said:
@askmark. Yes, it only makes sense. I think restrictions for writing on W10 are tighter for devs and the kernel more sophisticated in some good ways. Devs probably run into some difficulty making their W10 kernel level coding work in W7, especially considering the dated software written for W7 that is also running and the looser development practices of those times...
Click to expand...
I'm no expert but to me what you're saying sounds perfectly plausible. Thanks for the enlightenment.
 
  • Like
Reactions: frogboy, upnorth and AtlBo
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
@askmark. You a much more an expert than I, I promise. @Opcode has had a good bit to say about developers still using outdated methods for working in lower levels of Windows. At least, that's what I think he is saying generally, and he mentions broadly security writers a fair bit. Not to quote him, but my impressions are sort of built on what I have read in his posts...

askmark said:
Have you tried WhoCrashed from Resplendence Software?
Resplendence Software - WhoCrashed, automatic crash dump analyzer
It would be interesting to know if this software fares any better than BlueScreenView with the anlaysis of your dump?
Click to expand...

WhoCrashed I believe is a better program, but I find this online site to be better than both the two of those. Thanks for the tip, and I might give it a try. The dumps are literally in the most important sense 100% related to each other. All the parameters match and the header is the same and so forth. I let some devs know about them and sent some minidumps, so I hope I will hear back from them at some point.

Bluescreens are a nuisance, but I kind of enjoy the challenge of solving them. Hadn't had any issues in years, until this recent flurry of them...
 
Last edited:
  • Like
Reactions: roger_m, frogboy, askmark and 1 other person
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
AtlBo said:
@askmark
Bluescreens are a nuisance, but I kind of enjoy the challenge of solving them. Hadn't had any issues in years, until this recent flurry of them...
Click to expand...
I know what you mean as I'm the same. There's nothing quite like the satisfaction that comes from solving a particulary tricky problem with your PC.

upnorth said:
WhoCrashed seams much newer and updated then BlueScreenView : Blue screen of death (STOP error) information in dump files. Thanks for the share @askmark
Click to expand...
Your'e very welcome. I'd be interested in hearing your opinion if you try it out.
 
Last edited:
  • Like
Reactions: upnorth and AtlBo
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Just ran WhoCrashed. I think for typical use it would be better than Bluescreenview. The only problems are that it isn't more detailed and doesn't do the REAL analysis like the online site. Also, it requires being installed. I like the fact that it will load 10 of them at a time, that's nice.

Take a look at this site's output. If you can get your hands on a minidump someplace, look it over in WhoCrashed and then upload the dump here:

Instant Online Crash Analysis

I mean, this analysis is the best I have seen and probably what you get from WhoCrashed Pro. It is literally able to pinpoint a process even when none is mentioned in the simple minidump output. Such a nice thing to have access to on the internet. Great tool considering it's there to help driver writers get answers for their bug issues. (y)
 
  • Like
Reactions: harlan4096, upnorth and askmark
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
AtlBo said:
Just ran WhoCrashed. I think for typical use it would be better than Bluescreenview. The only problems are that it isn't more detailed and doesn't do the REAL analysis like the online site. Also, it requires being installed. I like the fact that it will load 10 of them at a time, that's nice.

Take a look at this site's output. If you can get your hands on a minidump someplace, look it over in WhoCrashed and then upload the dump here:

Instant Online Crash Analysis

I mean, this analysis is the best I have seen and probably what you get from WhoCrashed Pro. It is literally able to pinpoint a process even when none is mentioned in the simple minidump output. Such a nice thing to have access to on the internet. Great tool considering it's there to help driver writers get answers for their bug issues. (y)
Click to expand...
Thanks for taking it for a test run and reporting your findings. I had a feeling the online site was still going to be the best option and give the most detailed information.

I actually found a Windows 7 minidump from 2013 which i uploaded to the site. Very impressive how quickly the results came back. That site is a keeper.
 
  • Like
Reactions: upnorth, frogboy and AtlBo
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Sure, no problem. Even though bluescreens are kind of a passing ritual these days, I agree completely about the site being a keeper. Think I was referred to by someone at Major Geeks back some years ago. I had all but forgotten about it until I guess a week ago and then didn't have time to check into it until today. Glad to see it's still there and hope it remains available :LOL:

Now that I have tracked it down again, I think I will try a little harder to remember to have users with bs troubles run their bluescreens by the site, so they can post the results...:)
 
  • Like
Reactions: upnorth

Similar threads

Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Serious Discussion Pre-execution vs post-execution protections explained
Replies
6
Views
1,076
General Security Discussions
Trident
Trident
simmerskool
    • Like
    • Hundred Points
Question MS system files report as unsigned
Replies
20
Views
767
General Security Discussions
lokamoka820
lokamoka820
Nikos751
    • Like
Question Consumer & business products that upload unknown files for analysis by default
Replies
1
Views
518
General Security Discussions
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top