How to Use Minilyzer to Find Out Why Windows Crashed

January 24, 2009

You are sitting at your PC, relaxed and minding your own business. Happy. Suddenly and without warning, Windows decides to throw a fit and bombards you with the infamous Blue Screen of Death! You get angry — furious, in fact — and perhaps a little scared. You never got a chance to see what happened at the dreadful moment.

With Minilyzer and Microsoft’s Debugging Tools for Windows, you can easily and quickly figure out what caused a blue screen (or a seemingly spontaneous reboot), by analyzing what is called a Minidump, a file that is created by Windows whenever there is a STOP error (blue screen).

Analyzing the Minidump

Follow the steps below to generate a report containing the details of the blue screen.

  1. Download and install the 32-bit or 64-bit version of Microsoft’s Debugging Tools for Windows. If you are not sure what version to get, get the 32-bit version.
  2. Download the minilyzer.cmd script to somewhere convenient (like the desktop).
  3. If you want to analyze the latest blue screen and are running Windows XP (or Vista/Windows 7 with UAC disabled), run minilyzer.cmd and skip to step 6.
  4. Navigate to the C: folder and find the latest Minidump file, e.g. Mini012309-01.dmp.
  5. Copy the Minidump file to your desktop, then click and drag it onto the minilyzer.cmd script that you downloaded.
  6. Don’t be frightened by all of the information displayed in the window that pops up. If it’s the first time you are using Minilyzer, this will take a while. Relax, grab a drink and a powerbar, and wait until the Minilyzer report is opened.

Finding the Cause

When the report is opened, scroll to the very bottom and look at the last three lines: DEFAULT_BUCKET_ID, MODULE_NAME and IMAGE_NAME. These are what will usually tell you what has happened. Here’s what they might look like:
  • DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
  • MODULE_NAME: L1E60X64
  • IMAGE_NAME: L1E60X64.sys

Okay, so there’s something wrong with one of our drivers, but what is L1E60X64? A quick search on Google will show that it is the 64-bit version of the Atheros AR8121/AR8113/AR8114 ethernet driver. We have our culprit!

Fixing the Problem

In most cases, a simple driver update will fix problems like these. You can usually find drivers on your PC manufacturer’s website, the manufacturer of your motherboard, or directly from the manufacturer of the device itself. In the case above, installing the Atheros AR81Family 1.0.0.40 driver from Atheros’ drivers page solved the problem.

Of course, not every blue screen happens because of a driver issue. If you are not able to find out what caused a crash, the reports generated by Minilyzer are detailed enough to send to a geeky friend and/or a technical support service. You can find the reports in the folder where you saved minilyzer.cmd.

Cleaning Up

When you are done using Minilyzer, you can safely delete minilyzer.cmd and the Debugging Symbols folder that was created. If you think you might need to analyze more Minidumps in the future, you can keep minilyzer.cmd and the Debugging Symbols folder in the same folder to speed up any future analyses.

To find out more about Minilyzer, have a look at the Minilyzer project page.