Blog

The Blue Screen Error

 

If you’ve ever experienced the blue screen error, affectionately called the “Blue Screen of Death (BSOD),” then you’ll know that it isn’t the greatest experience in the world. It usually means that there’s something somewhat seriously wrong with your system. The problem with trying to come up with a blue screen error fix is that so many things can cause it. For the average computer user, this can mark the end of the computer.

Well, I’m here to walk you through a few blue screen errors and their causes. Sometimes, the problem isn’t quite as serious or complicated as people think. It could be as simple as the fact that some hardware you installed created a conflict. Maybe a virus messed up the registry. Or maybe a driver file is corrupt. I’m going to show you how you can check for the most common issues that cause this error.

If we look into the details, regardless of the reason for a system crash, the function that actually performs the crash is KeBug-CheckEx, documented in the Windows Driver Kit (WDK). This function takes a stop code (sometimes called a bugcheck code) and four parameters that are interpreted on a per–stop code basis. After KeBugCheckEx masks out all interrupts on all processors of the system, it switches the display into a low-resolution VGA graphics mode (one implemented by all Windows-supported video cards), paints a blue background, and then displays the stop code, followed by some text suggesting what the user can do. Finally, KeBugCheckEx calls any registered device driver bugcheck callbacks (registered by calling the KeRegisterBugCheckCallback function), allowing drivers an opportunity to stop their devices. It then calls registered reason callbacks (registered with KeRegisterBugCheckReasonCallback), which allow drivers to append data to the crash dump or write crash dump information to alternate devices.

Let’s take a sample blue screen error:

 

The first line in the Technical information section in the sample Windows blue screen lists the stop code and the four additional parameters passed to KeBugCheckEx. A text line near the top of the screen provides the text equivalent of the stop code’s numeric identifier. According to the example, the stop  code 0x00000050 is a PAGE_FAULT_IN_NONPAGED_AREA crash. When a parameter contains an address of a piece of operating system or device driver code (as in example), Windows displays the base address of the module the address falls in, the date stamp, and the file name of the device driver. This information alone might help you pinpoint the faulty component.

Although there are more than 300 unique stop codes, most are rarely, if ever, seen on production systems. Instead, just a few common stop codes represent the majority of Windows system crashes. Also, the meaning of the four additional parameters depends on the stop code(and not all stop codes have extended parameter information). Nevertheless, looking up the stop code and the meaning of the parameters (if applicable) might at least assist you in diagnosing the component that is failing (or the hardware device that is causing the crash).

Causes of Windows Crashes:

Based on data collected from the release of Windows 7 through the release of Windows 7 SP1, the top 20 stop codes account for 91 percent of crashes and can be grouped into the following categories:

Page fault: A page fault on memory backed by data in a paging file or a memory-mapped file occurs at an IRQL of DPC/dispatch level or above, which would require the memory manager to have to wait for an I/O operation to occur. The kernel cannot wait or reschedule threads at an IRQL of DPC/dispatch level or higher. The common stop codes are:

0xA – IRQL_NOT_LESS_OR_EQUAL
0xD1 – DRIVER_IRQL_NOT_LESS_OR_EQUAL

Power management: A device driver or an operating system function running in kernel mode is in an inconsistent or invalid power state. Most frequently, some component has failed to complete a power management I/O request operation within the default period of 10 minutes. The common stop code is:

0x9F – DRIVER_POWER_STATE_FAILURE

Exceptions and traps: A device driver or an operating system function running in kernel mode incurs an unexpected exception or trap. The common stop codes are:

0x1E – KMODE_EXCEPTION_NOT_HANDLED
0x3B – SYSTEM_SERVICE_EXCEPTION
0x7E – SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
0x7F – UNEXPECTED_KERNEL_MODE_TRAP
0x8E – KERNEL_MODE_EXCEPTION_NOT_HANDLED with P1 != 0xC0000005
STATUS_ACCESS_VIOLATION

Access violations: A device driver or an operating system function running in kernel mode incurs a memory access violation, which is caused either by attempting to write to a read-only page or by attempting to read an address that isn’t currently mapped and therefore is not a valid memory location. The common stop codes are:

0x50 – PAGE_FAULT_IN_NONPAGED_AREA
0x8E – KERNEL_MODE_EXCEPTION_NOT_HANDLED with P1 = 0xC0000005
STATUS_ACCESS_VIOLATION

Display: The display device driver detects that it can no longer control the graphics processing unit. This indicates that an attempt to reset the display driver failed. The common stop code is:

0x116 – VIDEO_TDR_FAILURE

Pool: The kernel pool manager detects a corrupt pool header or an improper pool reference. The common stop codes are:

0x19 – BAD_POOL_HEADER
0xC2 – BAD_POOL_CALLER
0xC5 – DRIVER_CORRUPTED_EXPOOL

Memory management: The kernel memory manager detects a corruption of memory management data structures or an improper memory management request. The common stop codes are:

0x1A – MEMORY_MANAGEMENT
0x4E – PFN_LIST_CORRUPT

Hardware: A hardware error, such as a machine check or a nonmaskable interrupt (NMI), occurs. This category also includes disk failures when the memory manager is attempting to read data to satisfy page faults. The common stop codes are:

0x7A – KERNEL_DATA_INPAGE_ERROR
0x124 – WHEA_UNCORRECTABLE_ERROR

USB: An unrecoverable error occurs in a universal serial bus operation. The common stop code is:

0xFE – BUGCODE_USB_DRIVER

Critical object: A fatal error occurs in a critical object without which Windows cannot continue to run. The common stop code is:

0xF4 – CRITICAL_OBJECT_TERMINATION

NTFS file system: A fatal error is detected by the NTFS file system. The common stop code is:

0x24 – NTFS_FILE_SYSTEM

The Bugcodes.h file in the WDK contains a complete list of the 300 or so stop codes, with some additional details on the reasons for some of them. Last but not least, these stop codes are listed and documented at https://msdn.microsoft.com/en-us/library/windows/hardware/hh994433(v=vs.85).aspx.

Thanks for reading. For more updates subscribe here. Your comments and feedback are always welcome.

9 / 22
WordPress Theme built by Shufflehound. Made with Complete Passion