Dealing With Blue Screens of Death (BSOD)

If blue is your favorite color, maybe there is a guaranteed way to start hating it – by seeing it five times a day, accompanies by really charming messages that gently inform you that any unsaved information might be loss or that there was a hardware failure and so on. You guess what I am talking about? Blue Screens of Death, of course. The effects of Blue Screens can vary from causing slight irritation for the user, to real disaster for the data on the computer, to rushing to the computer shop for buying new hardware, etc. I was joking about the negative feelings towards the blue color because of frequent Blue Screens but if you really want (or have reasons – for instance if you are color blind), you can open the system.ini file and change the Screen of Death to be in a different color. More information about what to do after you open the system.ini can be found here.

Anyway, colors of Screens of Death vary across devices and operating systems – from yellow (Mozilla XML parsing errors), to green (TiVo devices), to black (OS/2 and Windows), so it’s up to you to decide if you’ll keep it blue or change it. And as rumor goes, in Windows Vista there will be a red Screen of Death, too – for really serious stop errors. Nice color – a reminder for the one that has been used for centuries in corrida. Let’s just hope that users do not react like bulls.

Some humor (or sarcasm) certainly helps but now let’s get serious about the topic and start exploring why Blue Screens appear and what to do when you frequently see them.

Why Blue Screens Appear

Technically, Blue Screens appear to prevent the system from a more serious error and damage. They are displayed when the system detects an error or problem, from which it cannot recover. The system stops (that is why the official name of Blue Screens is “Stop Error”), writes the contents of memory on disk (memory dumps), if this is enabled for the system and displays a text-mode error message with information about the condition that caused the error. Blue Screens can appear at any time – during installation, at startup, or randomly without any apparent reason. Some of the most common reasons for BSoDs are:

  • drivers
  • hardware
  • conflicts between programs
  • file inconsistencies or registry errors

It is not normal for Blue Screens to happen often. In fact, Blue Screens are not supposed to be a “feature” of Windows. So if you see them often and you are still able to boot Windows, you’d better pay them attention before they force you to do it and above all – try to figure out what causes them. If you have recently made hardware changes, this is one possible reason for Blue Screens. Physical failures in all kinds of hardware – memory, disks, cards, etc. – can be a reason for blue screens.

The latest versions of Windows, like XP and 2003 are more stable and can recover after a couple of Blue Screens but sometimes even a single Blue Screen can make your Windows unbootable and you will have to reinstall your operating system. Generally, the information in a Blue Screen helps identify the possible reasons and sometimes even the exact reason (if you see a driver listed in the Blue Screen text message then you can be almost certain that this driver is the suspect) but there are also many cases when the text messages of the Blue Screens are so vague that it’s not possible to guess what went wrong. Have a look at the troubleshooting sections of this article for suggestions how to deal with Blue Screens.

What Is Common in BSoDs on Windows 2000, XP, and 2003?

Although there are some specifics in the occurrence, appearance, and dealing with Blue Screens on Windows 2000, XP, and 2003, there are many common things that are valid for all of them. For instance, one of the things they all have in common is the information they provide. The exact text of the messages differs but generally there is technical information, which includes data like the stop error number, some additional parameters in hex format, the name of the module (if applicable) that caused the error, and the memory address where the error occurred, as shown in the first screenshot below.

Very often the symbolic name of the stop error is shown near the stop error number. Symbolic names are pretty cryptic and some of the most common ones sound like “PAGE_FAULT_IN_NONPAGED_AREA”, “BAD_POOL_CALLER”, or “IRQL_NOT_LESS_OR_EQUAL” but sure there are a bit easier to understand than a stop message in hex format.

Another common section for all Windows versions is the recommendations section. It gives general advice about how to proceed. Sometimes the listed suggestions for recovery are exactly what is necessary to do in order to avoid new Blue Screens (for instance, if you have recently changed hardware or have updated drivers, disabling or removing them can be the solution). A general tip is to restart in Safe Mode. This also frequently helps, unless your Windows is so messed up that it is not possible to start it at all and there is only one remedy left – to reinstall it.

The last section lists data about the debug port and dump status. If neither of them is enabled, you will not see this. When memory dump file saves are enabled, the progress of writing it (in percentage) is displayed.

Besides the sections in a typical Blue Screen, many of the stop messages are the same (or similar in meaning and troubleshooting, though the words might vary a little) for Windows 2000, XP, and 2003. I am certainly not going to list messages here, especially having in mind that one stop error message number actually can mean several different things, when the hex parameters in brackets are different. The best place to look for explanation of the stop error message code is the site of Microsoft – as they say, get information from the horse’s mouth.

What is Different in BSoDs on Windows 2000, XP, and 2003?

Well, the first obvious difference is the “design”. Its artistic advantages are outside the scope of this article but if you are interested in seeing several varieties of BSoDs, check here: http://en.wikipedia.org/wiki/Blue_screen_of_death. There are examples of BSoDs for all Windows flavors but 2003, including veterans like Windows 3.x, NT, and 9.x when BSoDs were certainly more frequent than in 2000, XP, or 2003.

Another difference is the stop messages that are specific for only one version of Windows (or for a given version of Windows (e.g. XP) and a particular Service Pack (e.g. XP with SP2)). Therefore, when you encounter a stop message, have in mind to check its meaning and suggested troubleshooting for the version of Windows you are running. At the end of each support page for a particular stop error, Microsoft states for which versions of Windows it applies, so you will always know at least this. One place you can get a list of error messages and explanation from is the site of Microsoft. For Windows 2000 – check here; for Windows XP – look here and here are the stop messages for Windows 2003.

Delving into the technical details of what is changed in a particular version or service pack of Windows is hardly the stuff that the general user, or even system administrator needs to know. For instance, SP2 for XP introduces changes in memory management and the kernel of Windows 2003 was considerably modified in comparison to previous versions. As a result, applications that were running on Windows XP before the SP2 has been applied or before you upgraded to Windows 2003 might either not start at all, or hang (with or without a Blue Screen). Even if you know that the reason is kernel incompatibility, unless you are the developer who wrote the problematic program, you can hardly modify it to fix it, so you must look for alternatives. The wisest thing you can do is find an updated version (if any), which is tested under the version of Windows you need it for – XP with SP2 or 2003. Or you can choose to remove the problematic program from this machine – for instance SP2 for XP includes a firewall, which is known to have had conflicts with some other firewall software (and not only). Some of the other firewalls are pretty jealous to load first and I personally had a similar case with two other firewalls and Blue Screens on a Windows 2003 machine. The problem was solved only after one of the firewalls was removed.

A very common reason for Blue Screens are drivers. Maybe they are even more common than physical hardware failure. Changes in memory management or the kernel affect drivers more than applications. Third-party vendors generally do not manage to deliver a new driver the moment a new version of Windows or a new Service Pack is released, even when they are making the efforts to do it. And in some cases they just never deliver a driver for a particular version of the operating system!

It seems that hardware vendors largely skip Windows 2003 – even manufacturers of high-end hardware components say that Windows 2003 is not for the general public, so why bother delivering a separate driver for that? And probably from a sales point of view they are right. I could not find precise and up-to-date data about the percentage of installations each of the three operating systems (Windows 2000, XP, and 2003) has but a relatively recent article states that “XP May Catch Up to Win 2000 By Year’s End”, which makes me think that even if XP has already dethroned 2000 as the most widely installed operating system, Windows 2003 is hardly in the game at all and my guess is that it makes hardly 10 percent of so from the overall number of Windows installations.

Anyway, Windows is a server operating system and is not supposed to be running on kitchen PCs, so it’s not a surprise that hardware vendors are not interested in it very much. The low market penetration of Windows 2003, together with its architectural changes from XP, explain why hardware vendors generally skip Windows 2003 in their driver assortment. And having in mind that Vista is over the horizon, it is not difficult to predict that there will not be many new drivers for Windows 2003 in the coming months. So, if you are running 2003 and have frequent Blue Screens because a driver (even if it is written specifically for Windows 2003) of a device misbehaves, you’d better consider downgrading to XP, while Vista (or Longhorn) officially arrives. I’ll be talking more about (the downsides of) this in the next section.

Steps for Preventing BSoDs and Minimizing Damage (And Avoiding Nervous Breakdown)

Before I go on with handling Blue Screens, I would like to say a few words on how to prevent them. It is much wiser to prevent (when possible) than to handle a disaster.

Do Not Pull the Devil by the Tail

Having frequent Blue Screens is hardly a kind of entertainment and dealing with their consequences is not fun, either. But there are many things that one can do to minimize the risk of having them and the damage they can do. There are simple steps that are very helpful:

  • Get the appropriate drivers for the operating system you were running. And check for driver updates – although this might prove a double-edged sward because I can recall cases when the older version of a driver was working better than the latest one (not only in terms of stability).
  • Generally it is better to make copies of the driver disks that come with your hardware but if you have already lost them and the vendor site does not offer suitable drivers for download, be very wary when solving the driver problem with a generic driver – in many cases it works perfectly but this is especially risky for causing Blue Screens.
  • If you can’t find drivers that are working, consider changing the hardware or the operating system. If you have just bought an expensive card you will hardly want to throw it, so maybe you should sacrifice the operating system (especially if it is Windows 2003 – there might never be a driver for it).
  • If you can’t find a driver but you don’t want to part with a beloved piece of hardware, you could install 2 versions of Windows on your computer – the one that you currently use and the one that the hardware works with – and boot whichever is needed. This is a clumsy workaround but sometimes it might work – a friend of mine keeps Windows 2000 because this was the last operating system that has a driver for one of the recorders and this recorder is beloved because it manages to read almost any disk that the other devices can’t even open.
  • If you know that BSoDs are caused by some of the programs you are running (and the program is for the version of Windows you are using), try to replace these programs with something else. Or check for an update. I remember that I simply did not believe that a browser (FireFox) could really cause a Blue Screen, until I saw it with my own eyes once or twice. This was more than a year ago and I have never experienced it again but I just quote it as an example of an innocent program that might pull the devil by the tail.
  • In the previous sections I recommended downgrading to XP or waiting for Vista (or Longhorn), if you have constant driver problems with Windows 2003. Well, It can be very exciting to be a beta-tester but when you want to have a reliable computer, jumping into the muddy waters of a new version can be too much of excitement. My experience with the early Windows XP shows that it is better to wait for the release of a service pack than to become a beta-tester – a colleague of mine, on whose computer an early build of XP has been installed, experienced Blue Screens several times a day and it’s needless to say that after some time she was happy to downgrade to 2000.

When Reinstalling Is Faster than Repairing

Unless the Blue Screen appears during installation, it might turn out that reinstalling Windows is faster than repairing. There are some cases when as a result of Blue Screens system files in Windows have been deleted and you can either try to repair them or directly reinstall. It is obvious but it is important to note that reinstalling will not help in case of faulty hardware or lack of appropriate driver (unless the driver is included in the Windows installation). Reinstalling will help only if you have tried some of the other means of troubleshooting – e.g. Safe Mode, Last Known Good Configuration and they were not successful. But if Blue Screens start, have in mind that you might need to reinstall, so be prepared. The following list certainly does not exhaust the topic of being prepared for reinstalling Windows, but for the purposes of this article, will do:

  • Make regular backups of all valuable data – this way if you do lose information, you will not lose everything
  • It is recommended to have a separate system and data partitions – you will appreciate the convenience of such a separation if you have to reinstall Windows, cannot get to your only partition to rescue your data and your most recent backup is an year old.
  • If you have made an image of the system partition, this will save you the time and trouble to reinstall everything – you just need to recover the system from the image and install some additional programs, if they were not included in the image.

Handling Blue Screens

The first mandatory step in handling Blue Screens is identifying the reason for them. Looking at the Technical Information part of the Blue Screen could be enough but sometimes additional steps are necessary to reach the core of the problem. And if you do not know the reason for the Blue Screens, any measures you take are simply shots in the dark. There are more advanced approaches to diagnosing the reason than merely reading the text in the blue screen. For instance, memory dumbs and error records in the system logs provide useful information when searching for clues, but correctly reading them requires more advanced skills than the general user has.

First, it is important when blue screens appear – after a hardware change or driver update, after you have just reinstalled your computer or even during installation, or they just appear out of nowhere? Each of these cases has a different troubleshooting scenario. Here are some clues for common cases. For instance, for driver changes try to boot in Safe Mode or use the Last Known Good Configuration. In case of physical hardware fault, you might need to replace the unit with a good one, or try the supposedly faulty unit on another computer. You could also run various tests – for instance if you suspect that memory blocks cause BSoDs, there are diagnostic tools to check if RAM is OK or not. For conflicting programs, check which ones are problematic and remove (or at least do not run) one or all of them. If system files are missing or damaged, you could run reinstall with Repair option and hope that this will solve the problem. Besides repair, there are many ways to prevent Blue Screens, so you’ve got choice!

Try Safe Mode or Last Known Good Configuration

One of the first life-belts to resort to when Blue Screens appear, is to boot into Safe Mode. Safe Mode is one of the multiple advanced choices that you have at startup. To boot into Safe Mode, restart your computer, wait the memory test to pass and press F8 to open the Advanced Options menu. Select “Safe Mode” and press Enter. Go on with booting and when your Windows finally loads, you might not recognize it because Safe Mode is actually a mode with minimal set of drivers and programs. But it is more important that Safe Mode allows access to drivers and Windows configuration, so if you manage to boot in Safe Mode, you can deinstall a crashy driver or application, make some other changes (for instance configure that the system is not restarted after a BSoD and that memory dump files are written), or even rescue your data, if you have no recent backup.

If Safe Mode does not help, there is something else you can try – Last Known Good Configuration. As the name implies, Windows will load the most recent settings that worked. This is useful for immediate reaction after new hardware, software or applications have been installed. Last Known Good Configuration is another option in the Advanced Options menu at startup, so you already know where to look for it. If you have successfully booted in Safe Mode, you can go to Programs -> Accessories -> System Tools -> System Restore and choose a restore point (it might be not the most recent good configuration but another one prior to it).

Reading Memory Dump Files

Reading memory dump files is generally for more advanced users or developers who need to understand what exactly went wrong. There are three levels of verboseness for memory dumps – small, kernel and complete. To configure that a memory dump file is written, the location where it is written and the level of verboseness, you need to go Control Panel, choose System, and then click the Advanced tab. Then select Startup and Recovery and click Settings. This will display the following dialog box, from where you can also disable automatic system restart after a stop error.



Select the location of the memory dump file and whether an existing file will be overwritten. If you enable Complete Memory Dump and keep all dump files, you will have the files for all stop errors but you will need plenty of space on the hard disk, so check this in advance.

After you have the memory dump files, you need to get a kernel debugger like Kernel Debugger (Kd.exe) or WinDbg Debugger (WinDbg.exe) as well as symbol files (all these can be downloaded from the site of Microsoft) for the particular version of Windows you are using. And if you are really determined to have a look at a memory dump file from the inside, I suggest that you first read a lot about the debugging tools – you can start from here.

And finally, if you already miss Blue Screens or, on the contrary, you experience them frequently but you are still in the mood for jokes, here is a link you’ll appreciate – a very popular screensaver, which goes to extremes in mimicing a real Blue Screen. For instance, it shows information, which is obtained from the system itself, like the Windows build number, loaded drivers and addresses, etc. and I think it is an incredibly cute joke (although system administrators panic at first, before they see that it is not a real BSoD). Enjoy – in this case the imitation is better than the original!

Posted in System | Tagged , , | Comments Off