如果您的 Windows PC 遇到蓝屏死机 (BSOD) 错误^{(Blue Screen of Death (BSOD) error)}，将会发生几件事。最明显的是您的 PC 被迫重新启动，因为BSOD是Windows完全崩溃的结果。但是， BSOD^(BSOD)错误的一个不太明显的结果是创建的错误日志，可让您事后对问题进行故障排除。

这称为内存转储文件，以DMP文件格式保存。这些文件包含有关问题的各种信息，包括您当前的Windows版本、出现^(Windows)BSOD时任何正在运行的应用程序和驱动程序，以及错误代码本身。为了帮助您分析内存转储文件，您需要执行以下操作。

什么是 Windows 10 上的内存转储文件？^{(What are Memory Dump Files on Windows 10?)}

蓝屏^{(Blue Screen)}死机^(Death)是Windows PC 上的一个严重且不可恢复的错误，但这些错误的原因可能会有所不同。例如，意外的内核模式陷阱蓝屏死机^{(unexpected kernel mode trap BSOD)}通常是由不兼容或超频的硬件引起的，而关键进程死机蓝屏死机^{(critical process died BSOD)}可能有多种原因，包括损坏的系统文件。

为了帮助您解决问题，Windows会自动生成一个内存转储文件。这通常包含停止代码名称和值（例如系统服务异常停止代码）、崩溃时所有正在运行的驱动程序的列表，以及一些可用于识别原因的附加技术信息。

这些转储文件（使用DMP文件格式）会自动保存在根C:、C:\minidump或C:\Windows\minidump 文件夹中。为了帮助您分析它们，您可以从Microsoft Store安装 Microsoft 的调试应用WinDbg。这有助于您分析内存转储文件并找到停止代码信息。

您还可以使用NirSoft BlueScreenView等较旧的工具来快速分析在您的 PC 上创建的转储文件。这也将帮助您识别停止代码值和可能的原因（例如特定的驱动程序文件）。

一旦您知道停止代码值，您就可以在线搜索有关该问题的其他信息。例如，如果您从转储文件中发现内存管理BSOD，您可以查看我们的BSOD 错误指南^{(BSOD error guide)}以获取有关如何解决问题的更多建议。

由于BSOD错误可能会阻止您的 PC 工作，您可能需要尝试在安全模式下重新启动 Windows。在安全模式下^{(Safe Mode)}运行Windows可将活动系统进程和驱动程序的数量减少到最低限度，让您可以进一步调查。

但是，如果您根本无法启动Windows，那么您的选择是有限的。目前，如果Windows本身无法正常工作以分析BSOD转储文件，则没有可以运行的独立工具。如果发生这种情况，您需要使用 Linux live CD使用DVD或便携式USB闪存棒 来恢复转储文件。^{(recover the dump files using a Linux live CD)}

然后，您可以按照以下步骤在正常工作的Windows PC 或笔记本电脑上使用^(Windows)WinDbg或NirSoft BlueScreenView分析文件。^{(NirSoft BlueScreenView)}

在 Windows 设置中更改内存转储文件设置^{(Changing Memory Dump File Settings in Windows Settings)}

内存^(Memory)转储文件是自动创建的，但您可以在Windows 设置^{(Windows Settings)}中设置内存转储文件中包含的详细程度。这仅适用于更改此设置后^{(after )}发生的蓝屏死机^(BSODs)，但如果您的 PC 出现问题，您可以按照以下步骤将其他信息添加到转储文件中。

1. 要开始，请右键单击“开始^(Start)”菜单并选择“设置”^(Settings)。

1. 在设置^(Settings)菜单中，选择系统^{(System )}>关于。^{(About. )}在“相关设置^{(Related settings )}”面板的“系统^{(System )}” > “关于^(About)”菜单中，选择“高级系统设置^{(Advanced system settings)}”选项。

1. 在“系统属性^{(System Properties)}”菜单中，选择底部“启动和恢复^{(Startup and Recovery )}”部分中列出的“设置”选项。^{(Settings )}

1. 要在BSOD发生时更改内存转储文件记录的详细程度，请使用“^(BSOD)启动和恢复^{(Startup and Recovery )}”窗口中的“写入调试信息^{(Write debugging information )}”下拉菜单选择可用选项之一。Microsoft 文档网站^{(Microsoft documentation website)}上提供了有关每个内存转储中包含的内容的完整^(Full)信息。选择确定^(OK)>确定^(OK)以保存您的选择。

进行此更改后，您可能需要重新启动 PC 以确保应用设置。将来发生的任何BSOD错误都会生成一个内存转储文件，其中包含您在上面选择的信息级别。

如何使用 WinDbg 分析 Windows 内存转储文件^{(How to Analyze Windows Memory Dump Files Using WinDbg)}

如果遇到BSOD错误，可以使用WinDbg分析内存转储文件。这个由 Microsoft 创建的开发工具是分析内存文件的最佳方式，但您也可以按照以下步骤使用较旧的NirSoft BlueScreenView作为替代方案。^{(NirSoft BlueScreenView)}

这些步骤假定您的 PC 运行良好，可以安装和使用WinDbg。如果不是，您需要使用Linux live CD 或USB从硬盘驱动器中检索转储文件，以便在其他地方分析它们。Live CD 环境可以使用大多数Linux 发行版^{(Linux distributions)}的安装介质启动，包括 Ubuntu 和 Debian。

1. 首先，您需要从Microsoft Store安装 WinDbg Preview^{(install WinDbg Preview)}。在WinDbg商店页面上，选择Get开始安装。

1. 安装WinDbg后^(WinDbg)，通过在商店页面上选择启动^(Launch)或从开始^(Start)菜单启动它来启动它。如果您无法访问转储文件，则需要在开始^(Start)菜单中找到WinDbg ，然后^(WinDbg)右键单击^{(right-click )}并选择更多^{(More )}>以管理员身份运行^{(Run as administrator)}以授予它必要的访问权限。

1. 在WinDbg窗口中，选择文件^{(File )}>开始调试^{(Start debugging )}>打开转储文件^{(Open dump file)}。使用内置的文件资源管理器^{(File Explorer)}菜单打开最新的转储文件，该文件通常保存在根C:\ 文件夹、C:\minidump或C:\Windows\minidump文件夹中。

1. 打开DMP文件将导致WinDbg调试器运行并加载文件。这可能需要一些时间，具体取决于文件的大小和保存的详细程度。完成此操作后，在命令^(Command)选项卡底部的命令框中键入!analyze -v ，然后按Enter运行命令。

1. !analyze -v 命令将需要一些时间来加载和分析由BSOD错误创建的日志文件- 等待此过程完成。完成后，您可以在“命令^(Command)”选项卡中分析完整的输出。特别是，搜索错误检查分析^{(Bugcheck Analysis)}部分下列出的停止代码名称和值（例如DRIVER_IRQL_NOT_LESS_OR_EQUAL和d1） 。与停止代码一起，将列出提供原因（例如驱动程序问题）的简要说明，以便您进一步排除故障。

1. 您还可以查看WinDbg分析中列出的其他相关信息（例如MODULE_NAME值）以确定原因。在此示例中，BSOD代码是由运行NotMyFault 系统测试工具^{(NotMyFault system testing tool)}引起的。

一旦您确定了停止代码和BSOD错误的可能原因，您可以进一步研究该问题以确定可能的修复。

如何使用 NirSoft BlueScreenView 分析 Windows 内存转储文件^{(How to Analyze Windows Memory Dump Files Using NirSoft BlueScreenView)}

虽然WinDbg不包含在Windows中，但它是由Microsoft生产的，用于解决BSOD错误。但是，如果您愿意，可以使用较旧的NirSoft BlueScreenView工具从您的 PC（或从另一台 PC，如果您有相关转储文件的副本）分析内存转储文件。

BlueScreenView可能看起来过时了，但它会继续提供有关您的BSOD转储文件的所有相关信息。这包括您可以用来识别原因的停止代码名称和值（例如DRIVER_IRQL_NOT_LESS_OR_EQUAL ）。

1. 首先，在您的 Windows PC 上下载并安装 NirSoft BlueScreenView 工具。^{(download and install the NirSoft BlueScreenView tool)}安装该工具后，从“开始^(Start)”菜单启动它。

1. BlueScreenView将自动定位来自已知来源的任何内存转储文件，例如C:/ 和C:/Windows/minidump。但是，如果您想手动加载文件，请选择选项^{(Options )}>高级选项^{(Advanced Options)}。

1. 在“高级选项”菜单中，通过选择“^{(Advanced Options)}从以下 MiniDump 文件夹加载”^{(Load from the following MiniDump folder)}框旁边的“浏览^{(Browse )}”按钮切换到包含转储文件的文件夹。要将其返回到默认位置，请选择Default。选择确定^(OK)以保存您的选择并加载您的文件。

1. 在BlueScreenView主窗口中，将出现您保存的内存转储文件的列表。选择^{(Select one)}列出的文件之一以查看有关它的更多信息。停止代码名称将出现在Bug Check String列中，让您可以进一步研究问题。

1. 选择内存转储文件后，下方将列出活动文件和驱动程序的完整列表。以红色突出显示的文件将直接链接到BSOD错误的原因。例如，myfault.sys与NotMyFault系统测试工具有关，而ntoskrnl.exe是Windows系统内核进程。

虽然BlueScreenView是用于快速识别BSOD错误名称的有用工具，但它不是像WinDbg这样的完整调试工具。如果使用此工具无法解决问题，则需要尝试使用WinDbg进行更详细的分析。

使用内存转储文件排除 BSOD 错误^{(Troubleshooting BSOD Errors Using Memory Dump Files)}

使用您恢复的内存转储文件信息，您可以通过搜索停止代码或相关的BSOD错误文件来解决BSOD错误。^(BSOD)特别是错误停止代码可以帮助您找到BSOD背后的原因，从错误的系统配置信息 BSOD^{(bad system config info BSOD)}到意外的存储异常错误 BSOD^{(unexpected store exception error BSOD)}。

蓝屏错误是由从故障硬件^{(faulty hardware)}到损坏的系统文件的一切引起的。为了帮助阻止它们，您应该定期检查您的 PC 是否存在恶意软件，并在^{(check your PC for malware)}Windows安装损坏时使用 SFC 等工具^{(use tools like SFC)}修复它。如果一切都失败了，您可以随时重置或重新安装 Windows 10^{(reset or reinstall Windows 10)}以将您的 PC 恢复到完整的工作状态。

How to Analyze Memory Dump Files (.dmp) in Windows 10

If your Windows PC suffers a Blue Screen of Death (BSOD) error, several things will happen. The most obvious is that your PC is forced to restart, as a BSOD is a result of Windows completely crashing. One less obvious result of a BSOD error, however, is the error log that is created that allows you to troubleshoot the issue afterward.

This is called a memory dump file, saved in the DMP file format. These files contain various information on the problem, including your current Windows version, any running apps and drivers at the time of the BSOD, and the error code itself. To help you analyze memory dump files, here’s what you’ll need to do.

What are Memory Dump Files on Windows 10?

A Blue Screen of Death is a critical and unrecoverable error on a Windows PC, but the cause of these errors can vary. For example, an unexpected kernel mode trap BSOD is usually caused by incompatible or overclocked hardware, while a critical process died BSOD can have various causes, including corrupt system files.

To help you troubleshoot the problem, Windows automatically generates a memory dump file. This usually contains the stop code name and value (e.g. a system service exception stop code), a list of any running drivers at the time of the crash, and some additional technical information that you can use to identify the cause.

These dump files (using the DMP file format) are saved automatically in either the root C:\, C:\minidump, or C:\Windows\minidump folders. To help you analyze them, you can install Microsoft’s debugging app WinDbg from the Microsoft Store. This helps you analyze the memory dump files and locate the stop code information.

You can also use older tools like NirSoft BlueScreenView to quickly analyze the dump files created on your PC. This will also help you identify the stop code value and the possible cause (such as a specific driver file).

Once you know the stop code value, you can then search for additional information online about the issue. For instance, if you discovered from your dump file that you suffered a memory management BSOD, you can check out our BSOD error guide for additional advice on how to resolve the issue.

Because a BSOD error can stop your PC from working, you may need to try and restart Windows in Safe Mode. Running Windows in Safe Mode reduces the number of active system processes and drivers to the bare minimum, allowing you to investigate things further.

If you can’t boot into Windows at all, however, your options are limited. Currently, there are no standalone tools that you can run if Windows itself isn’t working properly to analyze BSOD dump files. If this happens, you’ll need to recover the dump files using a Linux live CD using a DVD or a portable USB flash memory stick. 

You can then analyze the file using WinDbg or NirSoft BlueScreenView on a working Windows PC or laptop by following the steps below.

Changing Memory Dump File Settings in Windows Settings

Memory dump files are created automatically, but you can set the level of detail included in a memory dump file in Windows Settings. This will only work for BSODs that occur after changing this setting, but if your PC is having problems, you can follow these steps to add additional information to the dump files.

1. To start, right-click the Start menu and select Settings.

1. In the Settings menu, select System > About. In the Related settings panel, in the System > About menu, select the Advanced system settings option.

1. In the System Properties menu, select the Settings option listed in the Startup and Recovery section at the bottom.

1. To change the level of detail recorded by memory dump files when a BSOD occurs, select one of the available options using the Write debugging information drop-down menu in the Startup and Recovery window. Full information on what is included in each memory dump is available at the Microsoft documentation website. Select OK > OK to save your choice.

You may need to restart your PC after making this change to ensure the setting is applied. Any future BSOD errors that occur will generate a memory dump file containing the level of information you selected above.

How to Analyze Windows Memory Dump Files Using WinDbg

If you suffer a BSOD error, you can use WinDbg to analyze the memory dump file. This Microsoft-created development tool is the best way to analyze your memory files, but you can also use the older NirSoft BlueScreenView as an alternative, following the steps below.

These steps assume your PC is working well enough to install and use WinDbg. If it isn’t, you’ll need to retrieve the dump files from your hard drive using a Linux live CD or USB to analyze them elsewhere. Live CD environments can be booted using the installation media of most Linux distributions, including Ubuntu and Debian.

1. To begin, you’ll need to install WinDbg Preview from the Microsoft Store. On the WinDbg store page, select Get to begin the installation.

1. Once WinDbg is installed, launch it by selecting Launch on the store page or by launching it from the Start menu. If you can’t access your dump files, you’ll need to locate WinDbg in the Start menu, then right-click and select More > Run as administrator to grant it the necessary access.

1. In the WinDbg window, select File > Start debugging > Open dump file. Use the built-in File Explorer menu to open your latest dump file, which is typically saved in the root C:\ folder, C:\minidump, or C:\Windows\minidump folder.

1. Opening the DMP file will cause the WinDbg debugger to run and load the file. This could take some time, depending on the size of the file and the level of detail saved. Once this is done, type !analyze -v into the command box at the bottom of the Command tab, then press Enter to run the command.

1. The !analyze -v command will take some time to load and analyze the log file created by the BSOD error—wait for this process to complete. Once it’s done, you can analyze the full output in the Command tab. In particular, search for the stop code name and value (e.g. DRIVER_IRQL_NOT_LESS_OR_EQUAL and d1) listed under the Bugcheck Analysis section. Along with the stop code, a brief description offering a cause (such as driver issues) will be listed, allowing you to troubleshoot further.

1. You can also look at other relevant information listed in the WinDbg analysis (such as the MODULE_NAME value) to identify the cause. In this example instance, the BSOD code was caused by running the NotMyFault system testing tool.

Once you’ve identified the stop code and possible cause of the BSOD error, you can research the issue further to determine a possible fix.

How to Analyze Windows Memory Dump Files Using NirSoft BlueScreenView

While WinDbg isn’t included with Windows, it’s produced by Microsoft to troubleshoot BSOD errors. If you’d prefer, however, you can analyze memory dump files from your PC (or from another PC if you have a copy of the relevant dump files) using the older NirSoft BlueScreenView tool.

BlueScreenView may look dated, but it continues to offer all of the relevant information about your BSOD dump files. This includes the stop code name and value (such as DRIVER_IRQL_NOT_LESS_OR_EQUAL) that you can then use to identify the cause.

1. To start, download and install the NirSoft BlueScreenView tool on your Windows PC. Once the tool is installed, launch it from the Start menu.

1. BlueScreenView will automatically locate any memory dump files from known sources such as C:/ and C:/Windows/minidump. If you want to load a file manually, however, select Options > Advanced Options.

1. In the Advanced Options menu, switch to the folder containing your dump files by selecting the Browse button positioned next to the Load from the following MiniDump folder box. To return this to the default location, select Default. Select OK to save your choice and load your files.

1. In the main BlueScreenView window, a list of your saved memory dump files will appear. Select one of the files listed to view more information about it. The stop code name will appear in the Bug Check String column, allowing you to research the issue further.

1. With the memory dump file selected, a full list of active files and drivers will be listed underneath. Files that are highlighted red will have a direct link to the cause of the BSOD error. For instance, myfault.sys is related to the NotMyFault system testing tool, while ntoskrnl.exe is the Windows system kernel process.

While BlueScreenView is a useful tool for quickly identifying the BSOD error name, it isn’t a full debugging tool like WinDbg. If you can’t troubleshoot the problem using this tool, you’ll need to try WinDbg for a more detailed analysis.

Troubleshooting BSOD Errors Using Memory Dump Files

Using the memory dump file information you recover, you can troubleshoot the BSOD errors by searching for the stop codes or related BSOD error files. The error stop codes, in particular, can help you find the cause behind a BSOD, from a bad system config info BSOD to an unexpected store exception error BSOD.

BSOD errors are caused by everything from faulty hardware to corrupt system files. To help stop them, you should check your PC for malware regularly and use tools like SFC to repair your Windows installation if it becomes corrupted. If all else fails, you can always reset or reinstall Windows 10 to restore your PC to full working order.

Related posts

• 如何在 Windows 10 中读取内存转储文件

• 在Crash Dump文件Windows 10物理Memory Limits

• Analyze Windows Memory Dump .dmp带WhoCrashed的文件

• 如何在Windows 10计算机上打开.aspx文件

• 如何在Windows 10转换PDF至MOBI

• 如何在Windows 10 Bulk中重命名Multiple Files

• 在Windows 10中启用或禁用Encrypted Files的索引

• 如何使用PowerISO在Windows 10打开CUE & BIN文件

• 如何在Windows 10上共享Setup Network Files

• 如何在Windows 10到Repair Corrupted System Files

• Advanced Renamer是一个免费的软件，用于Windows 10中的批量重命名文件

• FileTypesman：查看，edit file Windows 10中的延伸和类型

• Multiple Files在Bulk Windows 10中的Find and Replace Text

• Windows 10中Files and Folders的有效Permissions Tool

• 6 Ways至Windows 10中的Show Hidden Files and Folders

• 如何重置Windows 10中的NTFS file权限

• 在Windows 10中自动将文件从一个文件夹移动到另一个文件夹

• Windows 10中Fix Unable至Delete Temporary Files

• Best免费Dummy File Generator software为Windows 10

• 如何在Windows 10中Delete Win Setup Files [指南]