SECURITY TO THE CORE

Analyze Windows crashes with “WhoCrashed”


Many Years Ago, Microsoft Windows  had a very bad reputation regarding its stability. But after that Microsoft worked hard and released Windows NT  in July 1993 . It is overall improved  and stable version, but perhaps Windows XP was the first Windows version that could be called stable. Windows Vista’s stability suffered considerably because of its sloppy coding of third party device drivers. But Windows 7 was quite stable right from the beginning, thanks to Vista Failure and its background work.

Blue Screen of Death (BSoD)

The Blue Screen of Death (aka  BSoD) is a colloquialism used for the error screen displayed by Microsoft Windows, after encountering a critical system error that can cause the system to shut down to prevent irreversible damage to the system’s integrity. It serves to present information for diagnostic purposes that was collected as the operating system issued a bug check.

Whenever a computer running Windows suddenly reboots without displaying any notice or blue screen of death, the first thing that is often though about is a hardware failure. In reality, most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, most computers running Windows do not show a blue screen unless they are configured to do so. Instead these systems suddenly reboot without any notice.

It is really annoying if a system is continuously crashing with blue screen of death (BSoD). There are several ways to find the culprit and today i am gonna tell you how to track down the culprit with the help of a good tool named “WhoCrashed”

WhoCrashed shows the drivers which have been crashing your computer with a single click. In most cases it can pinpoint the offending drivers which have been causing misery on your computer system in the past. It does post-mortem crashdump analysis and presents all gathered information in a comprehensible way.

WhoCrashed is for for private use.

This tool relies on the Windows Debugging Package (WinDbg) from Microsoft. If this is not installed, WhoCrashed will download and extract this package automatically for you.

But don’t expect too much from this tool as it cannot be always 100% sure about the drivers which are responsible for crashing your computer. Because all kernel modules run in the same address space, a kernel module is able to corrupt another. Also, a driver may be able to cause problems to another driver which runs in the same device stack. So keep in mind this software is not guaranteed to identify the culprit in every case but most often it does.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s