Sometimes I have to answer support calls responding to PC crashes with blue screens. How can I effectively narrow down the problem giving the information on that screen? What are the most important questions I have to ask the user?
Edit: By "diagnose" I mean, how can I interpret the information on the blue screen in order to narrow down the cause of the problem?
Best Answer
When the computer bluescreens it'll most likely create a dump of the memory. The content from memory is written to the Pagefile as the system is going down. It uses the Pagefile as placeholder for the data since it is too dangerous to try to create a new file on disk.
When the machine starts up again it'll detect the dump, and move the data into a separate dump file (typically C:\Windows\Memory.dmp or C:\Windows\Minidumps*.dmp).
Install WinDbg and open the .dmp file. Click the !Analyze link. Now it'll show you the stack from the thread that killed Windows, and show you which files that were involved. Often WinDbg will point you directly at a specific driver file. You can find step-by-step instructions here.
I can recommend reading Mark Russinovich's blog and books. You can download WinDbg from Microsoft.
So the question to the user is: "Can you e-mail me your dump file?"