how to view minidump files in windows 7
BlueScreenView scans all your minidump files created during 'blue screen
of death' crashes, and displays the information about all crashes in
one table.
For each crash, BlueScreenView displays the minidump filename, the
date/time of the crash, the basic crash
information displayed in the blue screen (Bug Check Code and 4
parameters), and the details of the driver or module
that possibly caused the crash (filename, product name, file
description, and file version).
For each crash displayed in the upper pane, you can view the details of the device drivers loaded during the crash in the lower pane. BlueScreenView also mark the drivers that their addresses found in the crash stack, so you can easily locate the suspected drivers that possibly caused the crash.
Download links are on the bottom of this page
Crashes Information Columns (Upper Pane)
- Dump File: The MiniDump filename that stores the crash data.
- Crash Time: The created time of the MiniDump filename, which also matches to the date/time that the crash occurred.
- Bug Check String: The crash error string. This error string is determined according to the Bug Check Code, and it's also displayed in the blue screen window of Windows.
- Bug Check Code: The bug check code, as displayed in the blue screen window.
- Parameter 1/2/3/4: The 4 crash parameters that are also displayed in the blue screen of death.
- Caused By Driver: The driver that probably caused this crash. BlueScreenView tries to locate the right driver or module that caused the blue screen by looking inside the crash stack. However, be aware that the driver detection mechanism is not 100% accurate, and you should also look in the lower pane, that display all drivers/modules found in the stack. These drivers/modules are marked in pink color.
- Caused By Address: Similar to 'Caused By Driver' column, but also display the relative address of the crash.
- File Description: The file description of the driver that probably caused this crash. This information is loaded from the version resource of the driver.
- Product Name: The product name of the driver that probably caused this crash. This information is loaded from the version resource of the driver.
- Company: The company name of the driver that probably caused this crash. This information is loaded from the version resource of the driver.
- File Version: The file version of the driver that probably caused this crash. This information is loaded from the version resource of the driver.
- Crash Address:The memory address that the crash occurred. (The address in the EIP/RIP processor register) In some crashes, this value might be identical to 'Caused By Address' value, while in others, the crash address is different from the driver that caused the crash.
- Stack Address 1 - 3: The last 3 addresses found in the call stack. Be aware that in some crashes, these values will be empty. Also, the stack addresses list is currently not supported for 64-bit crashes.
Drivers Information Columns (Lower Pane)
- Filename: The driver/module filename
- Address In Stack: The memory address of this driver that was found in the stack.
- From Address: First memory address of this driver.
- To Address: Last memory address of this driver.
- Size: Driver size in memory.
- Time Stamp: Time stamp of this driver.
- Time String: Time stamp of this driver, displayed in date/time format.
- Product Name: Product name of this driver, loaded from the version resource of the driver.
- File Description: File description of this driver, loaded from the version resource of the driver.
- File Version: File version of this driver, loaded from the version resource of the driver.
- Company: Company name of this driver, loaded from the version resource of the driver.
- Full Path: Full path of the driver filename.
Lower Pane Modes
Currently, the lower pane has 4 different display modes. You can change the display mode of the lower pane from Options->Lower Pane Mode menu.- All Drivers: Displays all the drivers that were loaded during the crash that you selected in the upper pane. The drivers/module that their memory addresses found in the stack, are marked in pink color.
- Only Drivers Found In Stack: Displays only the modules/drivers that their memory addresses found in the stack of the crash. There is very high chance that one of the drivers in this list is the one that caused the crash.
- Blue Screen in XP Style: Displays a blue screen that looks very similar to the one that Windows displayed during the crash.
- DumpChk Output:
Displays the output of Microsoft DumpChk utility.
This mode only works when Microsoft DumpChk is installed on your computer and
BlueScreenView is configured to run it from the right folder (In the Advanced Options window).
You can get DumpChk from the installation CD/DVD of Windows or with the installtion of Debugging Tools for Windows.
Crashes of Remote Network Computer
If you have multiple computers on your network and you have full administrator access to them (e.g: you have access to \\ComputerName\c$), you can also view the crashes of the other computers on your network remotely. In order to do that, simply go to 'Advanced Options' (Ctrl+O) and type the MiniDump folder of the remote computer, for example: \\MyComp\c$\Windows\MiniDump. Notice: If you fail to get full administrator access to the remote computer, you should read the instructions in the following Blog post: How to connect a remote Windows 7/Vista/XP computer with NirSoft utilities.Watching the crashes of multiple computers on your network
If you have a network with multiple computers, and you have full admin access to these computers, you can view the blue screens list of all these computers in one table, and easily detect computers with recurring BSOD problems. In order to use this feature, prepare a list of all computer names/IP addresses that you want to inspect, and save it to a simple text file. The computer names in the list can be delimited by comma, semicolon, tab character, or Enter (CRLF).Example for computer names list:
comp01 comp02 192.168.0.1 192.168.0.2 192.168.0.4After you have a text file contains the computers list, you can go to Advanced Options window (Ctrl+O), choose the second option and type the computers list filename.
Command-Line Options
/LoadFrom | Specifies the source to load from.
1 -> Load from a single MiniDump folder (/MiniDumpFolder parameter) 2 -> Load from all computers specified in the computer list file. (/ComputersFile parameter) 3 -> Load from a single MiniDump file (/SingleDumpFile parameter) |
/MiniDumpFolder | Start BlueScreenView with the specified MiniDump folder. |
/MiniDumpFolder | Start BlueScreenView with the specified MiniDump folder. (For using with /LoadFrom 3) |
/ComputersFile | Specifies the computers list filename. (When LoadFrom = 2) |
/LowerPaneMode <1 -="" 3=""> 1> | Start BlueScreenView with the specified mode. 1 = All Drivers, 2 = Only Drivers Found In Stack, 3 = Blue Screen in XP Style. |
/stext | Save the list of blue screen crashes into a regular text file. |
/stab | Save the list of blue screen crashes into a tab-delimited text file. |
/scomma | Save the list of blue screen crashes into a comma-delimited text file (csv). |
/stabular | Save the list of blue screen crashes into a tabular text file. |
/shtml | Save the list of blue screen crashes into HTML file (Horizontal). |
/sverhtml | Save the list of blue screen crashes into HTML file (Vertical). |
/sxml | Save the list of blue screen crashes into XML file. |
/sort | This command-line option can be used with other save options for sorting by the desired column.
If you don't specify this option, the list is sorted according to the last sort that you made from the user interface.
The BlueScreenView.exe /shtml "f:\temp\crashes.html" /sort 2 /sort ~1 BlueScreenView.exe /shtml "f:\temp\crashes.html" /sort "Bug Check String" /sort "~Crash Time" |
/nosort | When you specify this command-line option, the list will be saved without any sorting. |
Translating BlueScreenView to other languages
In order to translate BlueScreenView to other language, follow the instructions below:- Run BlueScreenView with /savelangfile parameter:
BlueScreenView.exe /savelangfile
A file named BlueScreenView_lng.ini will be created in the folder of BlueScreenView utility. - Open the created language file in Notepad or in any other text editor.
- Translate all string entries to the desired language. Optionally, you can also add your name and/or a link to your Web site. (TranslatorName and TranslatorURL values) If you add this information, it'll be used in the 'About' window.
- After you finish the translation, Run BlueScreenView, and all translated
strings will be loaded from the language file.
If you want to run BlueScreenView without the translation, simply rename the language file, or move it to another folder.
S.G.Godwin Dinesh.MCA
Sr.System Administrator
No comments:
Post a Comment