tags:

views:

166

answers:

3
Q: 

How to track down a Blue Screen of Death triggered by an (usermode) application

We have a .Net application consisting of mixed managed and unmanaged code. We have a number of reports of users getting BSOD while using our application. These blue screens happen on different versions of Windows. Mostly XP but one user claims it happens on Windows 7. Some users see it happening when doing one thing, other see it happening when doing something completely different. Of course, we cannot reproduce the problem.

Needless to say, I'm stumped. A user mode application shouldn't be able to blue screen the OS so we are running into a bug in a common kernel space application, perhaps buggy antivirus software?

Does anyone have any tips on how to track something like this down? We don't have access to a computer where this is happening so we wouldn't be able to hook up a kernel debugger or anything like that.

+2  A: 

http://serverfault.com/questions/238/how-to-diagnose-a-windows-blue-screen

cdonner  2009-12-17 23:15:50
+1  A: 

About the only thing you can do is convince users to send you data:

  • Crash dumps. Post a walkthru on your website showing how to enable full/mini dumps and where to find them. Here's a KB article with the gory details -- probably want to simplify this with screenshots & so on.
  • Installed software. Best to find a tool that collects this info for them; humans aren't especially reliable or thorough. WinAudit looks good.
  • Installed hardware & drivers. (ditto)
Richard Berg  2009-12-17 23:16:28
I know how to generate a minidump when my application crashes, but how do you generate a minidump when the OS crashes? I mean, the OS has crashed so there's nothing to write out the dump.
mhenry1384  2009-12-18 14:07:37
Assuming it's truly an OS crash (kernel panic) and not someone tripping on the power cord, you can have the kernel itself do some primitive error handling. It's been in NT since the very beginning, far as I know. I've updated my answer with an additional link.
Richard Berg  2009-12-18 15:16:22
I'm embarrassed that I didn't know the OS created minidumps when it bluescreens (by default). I just tried reproducing using http://www.osronline.com/article.cfm?article=153 and it does.
mhenry1384  2009-12-21 16:48:13
A: 

Can you get a copy of the crash/mini dump?

If so you can use WinDbg and SOS to figure out where the code is at when it blows up.

Tess Fernandez has a good blog on managed debugging with low level tools.

GrayWizardx  2009-12-17 23:18:56

related questions

Bluescreen 0x0000003B during DownloadFileAsync?
General Protection Fault
BSoD when creating threads
Visual Studio 2008, Vista x64 and Kaspersky = blue screens (BSOD) ?
Are there any tools to read the contents of dump files created during BSoD in Windows?
Can a simple program be responsible for a BSOD?
Catching the dreaded Blue Screen Of Death...
RAM PerformanceCounter problems
How do I analyse a BSOD and the error information it will provide me?
Using HalDisplayString For Custom Blue Screen Of Death
Bluescreen of death during Java development on a Leopard - any ideas how to solve this?
Vista 64 bit BSOD when running a Delphi 2009 Application.
Overlapped serial port and Blue Screen of Death...
Simulating a BlueScreen
Invoke Blue Screen of Death using Managed Code
SerialPort and the BSOD
How do I know if Windows has just recovered from a BSOD?
Windows MiniDump files -- "Symbols can not be loaded" when trying to read with WinDbg