Interpretation of Win 2000/XP blue screen solution practical skills

  
Although the stability of Windows 2000/XP system based on NT architecture has been greatly enhanced, even Windows XP claims to "never crash", but we will still see from time to time as shown in Figure 1. The blue alert message, this is what is commonly referred to as "blue screen", what is going on? First, the reason for the blue alarm of Windows 2000/XP outbreak
Windows 2000/XP adopts a layered structure, and its two layers are also called modes, namely User Mode and Kernel Mode (Kernel). Mode), the application is unable to directly access the hardware device, and can only be accessed directly by means of the driver. However, even if the NT architecture is stable, it may cause drivers or for some reasons, such as hardware conflicts, hardware problems, registry errors, insufficient virtual memory, loss of dynamic link library files, and exhausted resources. The application has an error and even spreads to the kernel layer in severe cases. In this case, Windows will abort the system and start a function called KeBugCheck. After checking all the interrupted processing and comparing it with the preset stop code and parameters, the screen will turn blue and display the corresponding Error messages and fault prompts, because of this phenomenon actually means a crash, so often referred to as "Blue Screen of Death" (BSOD), also known as "STOP information" or "stop information". Second, know the hidden information in the blue alarm
The BSOD window of Windows 2000/XP is very different from the previous BOSD window of Windows NT4. The biggest difference is that the BSOD window of NT only includes a general stop. The message code, but the BSOD of Windows 2000/XP contains two types of stop messages and hardware messages. The former is the error message generated when an unrecoverable software error is found, and the latter is the error message generated when a serious hardware error is found. . Although the information in the window of Figure 1 seems complicated, it generally consists of the following three parts: 1. Error message
The content between “*** Stop:” to “****** wdmaud.sys” is the so-called error message, error code, custom parameter, error symbol The composition of the three parts, the meaning of each part is as follows: Error code: hexadecimal number after STOP; Custom parameters: the composition of the error code characters, defined by the programmer, the general user is difficult to understand; Error symbol: KMODE_EXCEPTION_NOT_HANDLED in the error symbol Later, here is also a memory location and file name to understand the memory location and source files when an error occurs. For us, the most useful thing is the previous error code information, which will be used when searching the Microsoft Knowledge Base.
2. Recommended actions This shows the actions and steps taken by the system recommended users, such as uninstalling the program in safe mode, rolling back the driver, updating the BIOS, installing the patch, etc. However, in most cases, the system needs to be restarted before further consideration can be considered. operating. 3. Debug Port Information
This shows how the kernel debugger should be set up, including whether the memory dump image has been written to disk and what port is used to complete this debug. In fact, according to the author's experience, in addition to the error code is more useful in the blue alarm, for the average user, most of the rest of the information does not have much practical significance, just for reference. In order to debug the system, after the BSOP error occurs in the Windows system, KeBugCheck will automatically generate a debug file named Memory.dmp, which is located in the C:WindowsMinidump folder. By default, the file size and system physical memory. The capacity is the same, we can compress the file and send it to Microsoft's technical support department to get the corresponding solution, but the capacity of the file is so huge, how to send is a big problem, so few users really do it. Tip: Open the "System Properties & Rarr; Advanced & Rarr; Startup and Recovery" window, where you can see the "write debugging information" generation method: small memory dump, core memory dump, full memory transfer Storage, no, based on the above analysis, it is recommended to choose here "no".

Copyright © Windows knowledge All Rights Reserved