Sometimes I have to answer support calls responding to PC crashes with blue screens. How can I effectively narrow down the problem giving the information on that screen? What are the most important questions I have to ask the user?
Edit: By "diagnose" I mean, how can I interpret the information on the blue screen in order to narrow down the cause of the problem?
When the computer bluescreens it'll most likely create a dump of the memory. The content from memory is written to the Pagefile as the system is going down. It uses the Pagefile as placeholder for the data since it is too dangerous to try to create a new file on disk.
When the machine starts up again it'll detect the dump, and move the data into a separate dump file (typically C:\Windows\Memory.dmp or C:\Windows\Minidumps*.dmp).
Install WinDbg and open the .dmp file. Click the !Analyze link. Now it'll show you the stack from the thread that killed Windows, and show you which files that were involved. Often WinDbg will point you directly at a specific driver file. You can find step-by-step instructions here.
I can recommend reading Mark Russinovich's blog and books. You can download WinDbg from Microsoft.
So the question to the user is: "Can you e-mail me your dump file?"
Mark Russinovich (of SysInternals fame) has an excellent blog entry where he describes how one can use the debugging tools to track down the module name and even the stack frame (i.e. function call) during which the blue screen occurred.
It's illustrated, well written, and has helped me get my feet under me when I started learning how to debug Blue Screen messages.
The error code in the top left. By googling that, you can often narrow it down to whether it's a hardware or software issue. Proceed from there (the Google results).
If they have the Bluescreen still open: The Actual Message near the top (i.e. IRQL_DRIVER_LESS_OR_EQUAL) and the Error Code at the Bottom (0x.......) with the module that crashed (i.e. nvdisp4.dll).
There are some common approaches here, but in my example, it's a Bluescreen caused by the nVidia Graphics Driver. If you analyze a few bluescreens, there are some common messages, codes and modules that regularly pop up, so after some time you should be able to narrow down issues more easily simply through experience.
These are the things I look for since 1.) the PC that bluescreens, is normally my internet connection. 2.) bluescreens flash by too fast for even an experienced user like myself. So I rely heavily on questions.
It goes without saying that if the answer to three above is yes then undo which ever of one and two above is yes. If both one and two are yes, handle the undo stepwise by doing one then testing before you do the other.
Try checking the event viewer, if you don't see anything obvious there (wouldn't surprise me) try giving the MS debugging tools a try:
http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx
