Another approach to boot problems (incl. BSOD)

mgrzeg · Feb 4, 2014

It's just an idea. Some of the boot BSODs leave no dump files and the analysis is quite hard. The same is for other startup problems, when the boot never ends and you have no idea what happens. I think this might be a good place for Global Logger; enabling it is just a small change in the SYSTEM hive (HKLM\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger), which can be (easily) done offline. After that we have active 'procmon' in the system, that can dump lots of events, incl. user mode providers. As an example, I've written analysis of the 0xc000021a BSOD, available [here] (sorry, in Polish, you may need to use google translate or ask me for help).

m.g.

Search

Search

Another approach to boot problems (incl. BSOD)

mgrzeg

BSOD Kernel Dump Senior Analyst