Debugging a memory dump and finding out what drivers are loaded in Windows
I recently decided I’d try my hand at debugging a windows memory dump. For the uninitiated, the following article by Dirk A. D. Smith, is geek gold!: http://www.networkworld.com/news/2005/041105-windows-crash.html.
Contrary to what you might think (and depending on your OS-affinity, hold as a dear belief), most Windows crashes are caused by buggy third-party drivers, and not by the OS itself. When the system crashes, if Windows is configured correctly, then a memory dump file will be created. Follow the instructions in the link above to debug it. When I did so with my system in question, I discovered that the driver at fault was one which I thought was no longer active on the box. So, to verify, I needed to list what drivers were loaded on the system.
Open a cmd prompt (Start -> Run -> Cmd -> OK) and run ‘driverquery’. This will list all of the drivers that you have installed on your Windows machine. This works under Windows XP, 2003, and Vista.
Once you’ve identified if the pesky driver you’re looking for is there (which it was, oh no!), the next thing you’ll want to ascertain is whether it’s actually running. To find out, run ‘driverquery /v’. This will list all installed drivers and details like when they load (i.e. at boot) and what their current status is (i.e. Running or stopped).
What I discovered is that taking the step of disabling the service with this particular program was not enough, I actually needed to uninstall it completely from the system and reboot.
