44 lines
2.9 KiB
Plaintext
44 lines
2.9 KiB
Plaintext
|
Episode: 380
|
||
|
|
Title: HPR0380: Troubleshooting Blue screens of Death
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0380/hpr0380.mp3
|
||
|
|
Transcribed: 2025-10-07 19:24:47
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
working.
|
||
|
|
Hey guys, it's Winter here, today I'm going to be telling you how to troubleshoot the
|
||
|
|
blue screen of death on Windows.
|
||
|
|
It's not a very hard thing to do, although some of the error messages, even when you
|
||
|
|
look up the hex codes, can be a little unclear, even if they give you an explanation, which
|
||
|
|
if you look up the code on the MSDN, they do.
|
||
|
|
Next to the stop message, it will give you a hex code, which if you go to the MSDN, you
|
||
|
|
can look it up and it will give you what it means and give you suggestions on why it's
|
||
|
|
happening, like there is one called IRQL less than or equal to less than or equal, and
|
||
|
|
that means that the process or the driver or whatever tried to execute code outside of its
|
||
|
|
privilege level in the x86 architecture, the x86 protection mechanism specifies that
|
||
|
|
you can't execute code outside of your privilege level.
|
||
|
|
If you do say you're running in ring zero, so you're running in ring zero, which is the
|
||
|
|
most privilege level, you can basically execute any code you want, but if you're running
|
||
|
|
in ring three, which is the least privilege level, you cannot execute system level code
|
||
|
|
directly and you have to go through a gateway, you have to go through a gateway, which will
|
||
|
|
do it, so that's how that works, and in my show notes, I'll provide you some an abbreviated
|
||
|
|
list of these hex codes and the rest you can go on MSDN and look up, but if you get
|
||
|
|
the IRQL error, you should definitely go and update whatever driver or whatever driver
|
||
|
|
or application that is doing that because it's definitely a bug, but anyway, what you
|
||
|
|
do is you go and download the debugging tools for Windows, and I'll include a link to
|
||
|
|
that in my show notes, and then you, generally by default, on Vista, anyway, it will automatically
|
||
|
|
do a dump of what is in memory at the time the blue screen happened, and by default, it'll
|
||
|
|
automatically reboot, so what you do is you take that dump file and you configure the debugger
|
||
|
|
to use the Microsoft debugging symbols so that it knows what the function signature is of
|
||
|
|
all the system, all the internal Windows stuff that they don't publish, but it still exists
|
||
|
|
anyway. So you load that and you click the BN option to do a detailed analysis, and generally
|
||
|
|
it will tell you what was in memory and what the offending driver or process was that caused
|
||
|
|
the blue screen at that particular moment in time, and that's pretty much it. It's not a terribly
|
||
|
|
difficult thing to do, and I'll include some links to some common debugging tools
|
||
|
|
and some common messages that you will find if you do run into a blue screen. So, yeah, it's pretty
|
||
|
|
much it. Thanks for listening, I hope you enjoyed this, hope you find this useful. If you want to
|
||
|
|
contact me, if you have any questions, my email address will be up on the website, you can email me.
|
||
|
|
Okay, thank you. Bye.
|
||
|
|
Bye.
|
||
|
|
Bye.
|