of all, you need to configure Windows to save these important log
files. Most of the time, this is already done automatically, however
follow these steps to make sure these log files are being saved.1) Click on Start
2) Right-click on My Computer
3) Click on Properties
In Windows XP
, click on the Advanced tab. In Windows Vista
on the Advanced System Systems option on the left side of the screen.
5) Under Startup and Recovery, Click on the Setting button
Under the System Failure section, you'll see the options for the memory
dump file. Write an event to the system log should be checked
along with Send an Administrative Alert. The debugging information
should be set to the Small Memory dump (64K) and generally the Small
Dump Directory is set to %SystemRoot%\Minidump. In most cases this is
the C:\Windows\Minidump directory.
As far as the third check box
is concerned, if this is checked the computer will automatically
restart when a blue screen error message is encountered. So, if your
computer is booting into Windows, then rebooting automatically most
likely you are getting some sort of blue screen error message and its
forcing the computer to restart. If you uncheck this box, then the
message itself will appear so you can retrieve important details about
Download and Installing the Debugging Tools to Read Minidump Files
In order to view the Minidump files, you have to download the following tools.Debugging Tools for Windows including WinDbg
most of the time its not necessary, you can download the Symbol
packages as well as the Debugging Tools so you can read the Minidump
logs easier. Once you've downloaded the Debugging Tools for the correct
version of Windows and installed them, open the WinDbg program by
following these steps.
1) Click on Start
2) Click on All Programs
3) Click on Debugging Tools for Windows group
4) Click on WinDbg to open
The screen should look similar to the one below.Deciphering the Minidump Files
In the WinDbg program, click on File, then click on Open Crash Dump
to the following directory on your hard drive
and open a minidump log.
The drive letter will be whichever drive you installed Windows on. In
most cases, this is drive C.
you open a minidump file in WinDbg, scroll to the bottom of the file.
You should see a line that says Probably caused by:, followed by a
filename. This is the problem file. In my case the file was related to
the ELock Program in the Acer Empowering Technology set of tools. I
simply uninstalled this program from the computer and the blue screen
and problem went away.Probably caused by
: eLock2FSCTLDriver.sys ( eLock2FSCTLDriver+11332 )
you may not recognize the file that is causing the problem, it
definitely helps in tracking down a solution for the blue screen error
message and resolving the issues.