Tip & How-To about Computers & Internet
of all, you need to configure Windows to save these important log
files. Most of the time, this is already done automatically, however
follow these steps to make sure these log files are being saved.
1) Click on Start
2) Right-click on My Computer
3) Click on Properties
4) In Windows XP , click on the Advanced tab. In Windows Vista , click on the Advanced System Systems option on the left side of the screen.
5) Under Startup and Recovery, Click on the Setting button
6) Under the System Failure section, you'll see the options for the memory dump file. Write an event to the system log should be checked along with Send an Administrative Alert. The debugging information should be set to the Small Memory dump (64K) and generally the Small Dump Directory is set to %SystemRoot%\Minidump. In most cases this is the C:\Windows\Minidump directory.
As far as the third check box is concerned, if this is checked the computer will automatically restart when a blue screen error message is encountered. So, if your computer is booting into Windows, then rebooting automatically most likely you are getting some sort of blue screen error message and its forcing the computer to restart. If you uncheck this box, then the message itself will appear so you can retrieve important details about the error.
Download and Installing the Debugging Tools to Read Minidump Files
In order to view the Minidump files, you have to download the following tools.
Debugging Tools for Windows including WinDbg
Although most of the time its not necessary, you can download the Symbol packages as well as the Debugging Tools so you can read the Minidump logs easier. Once you've downloaded the Debugging Tools for the correct version of Windows and installed them, open the WinDbg program by following these steps.
1) Click on Start
2) Click on All Programs
3) Click on Debugging Tools for Windows group
4) Click on WinDbg to open
The screen should look similar to the one below.
Deciphering the Minidump Files
In the WinDbg program, click on File, then click on Open Crash Dump
Browse to the following directory on your hard drive and open a minidump log. The drive letter will be whichever drive you installed Windows on. In most cases, this is drive C.
After you open a minidump file in WinDbg, scroll to the bottom of the file. You should see a line that says Probably caused by:, followed by a filename. This is the problem file. In my case the file was related to the ELock Program in the Acer Empowering Technology set of tools. I simply uninstalled this program from the computer and the blue screen and problem went away.
Probably caused by : eLock2FSCTLDriver.sys ( eLock2FSCTLDriver+11332 )
Although you may not recognize the file that is causing the problem, it definitely helps in tracking down a solution for the blue screen error message and resolving the issues.
Posted by Ryan Murro on
Jul 13, 2010 | Microsoft Windows XP Professional
May 27, 2010 | Microsoft Windows XP Home Edition
Oct 19, 2008 | Computers & Internet
388 people viewed this tip
Usually answered in minutes!