Analyze crash dumps with WhoCrashed
Ah, not the Blue Screen of Death (BSOD) again! We've all been there - it is so difficult to understand what causes Windows to crash.
Luckily, there is a solution - WhoCrashed (free for home users only) is able to analyze memory dump files that Windows creates. The program prepares an overview of what caused the crash(es) so that you are able to find out whether you need to update driver software, Windows, some programs or even replace RAM (memory modules) or other hardware components.
In case you want to find out why applications or programs crash or stop responding, use Reliability Monitor instead.
Verifying that crash dumps are enabled in Windows
First, there must be something to analyze. By default, Windows creates kernel memory dumps that are enough for troubleshooting. To verify the setting is still correct, use keyboard shortcut Windows Key+Pause/Break to open System Properties.
Alternatively, right-click (My) Computer (or This PC icon in Windows 8.1) icon on Desktop or Start menu/screen and select Properties.
In Windows Vista, 7, 8 and 8.1, click Advanced system settings on the left.
Next, make sure Advanced tab of System Properties window is open. Then click Settings button in the Startup and Recovery section.
In the Startup and Recovery window, make sure all check boxes (Write an event to the system log, Automatically restart, etc) in the System failure section are ticked. Then verify that the Write debugging information combo box says Kernel memory dump. If not, select it from the list.
Click OK twice to close Startup and Recovery and System Properties windows.
You should also check if Windows paging file meets minimum requirements for creating crash dumps: Set paging file to a fixed size in Windows.
Open WhoCrashed download page at Resplendence Software Projects, scroll down to the Crash Analysis Tools section and click Download free home edition to the right of WhoCrashed.
After the download is complete, WhoCrashed Home Edition Setup Wizard opens. Yup, many Next buttons coming up!
First, click Next in the Welcome screen.
In the License Agreement page, click I accept the agreement and then click Next. If you want to get a free headache, read the license agreement thoroughly first.
Click Next in the Select Destination Location screen.
As the Start Menu Folder is also fine, you get to click Next again. Wow, and it's all for free!
In the Select Additional Tasks page, click... wait for it... Next.
You do not need WhoCrashed that often to create a desktop icon for it.
Now WhoCrashed Home Edition is Ready to Install. Since it has run out of Next buttons, click Install here.
After the installation is complete, click Finish to run WhoCrashed right away.
Windows XP users will probably see the Required Windows Debugging package not found dialog. Click Download the required file from Microsoft site now to download and install the missing package automatically. Please stand by until the process is complete.
After WhoCrashed opens, click Analyze (the leftmost button) on Toolbar.
Depending on the number of available memory dumps, the process might take up to a minute. Information dialog appears after the analysis is complete - click OK.
In case there are no memory dumps available, WhoCrashed is quite sad to report that no valid crash dumps have been found. Please verify that the line above states "Crash dumps are enabled on your computer" - if not, scroll to the beginning of this tutorial and enable Kernel memory dumps.
Please note that Disk Cleanup and CCleaner can also delete stored crash dump files, so do not use these tools until you have located the source of Windows crashes. After you've resolved the problems, you can safely remove memory dumps, since they can occupy quite a chunk of disk space.
If one or more memory dumps are available, WhoCrashed sorts these by date and time. Please do check the year of the crashes, since there is absolutely no need to make wrong assumptions on very old crashes!
Each crash analysis contains detailed information, please read the description and suggestions thoroughly.
Here is a bad example of a Blue Screen of Death (BSOD): everything is unknown, except that the crash was probably not caused by hardware. You can still search the Bugcheck code on Google or Bing - you might not be alone with this problem.
Please note that this analysis is based on a minidump, so Kernel memory dump might still reveal the cause.
And here's the Kernel memory dump for the problem above - this time it is certain that the crash was caused by a third party driver ntkrpamp.exe. WhoCrashed was not able to determine the manufacturer and type of the driver (this usually means the driver is not digitally signed and should be updated ASAP), but googling "What is ntkrpamp.exe" reveals that this is a part of Realtek ethernet (network) driver - so seek for a driver update; or if you just upgraded the driver, roll it back in Safe Mode. You can also use SlimDrivers Free to update problematic driver software.
Here's another example: Microsoft's own standard module caused a crash. You can either run Windows Update or revert any system configuration changes you might have made lately.
Back to third party drivers - this time BSOD was caused by Intel graphics/video driver. But there is also a suggestion that the problem might have been caused by a thermal issue (read: overheating).
First, look for an updated driver again. Second, verify your computer is not very hot - if it is, check or upgrade cooling.
In the end of each WhoCrashed report there is the Conclusion section that contains links to related Google searches. In case you are not really good at searching, use these links instead.
In case you see problems related to hardware (sorry, no examples at the moment), you need to replace the faulty components. If your computer is still under warranty, you are in luck. If not, you still need to take it to some repair shop unless you are an IT specialist.
Good luck with troubleshooting and updating!