____ _ ____ _
| __ )| |_ _/ ___|| | ___ __ ___ ___ _ __ ___ _ __
| _ \| | | | \___ \| |/ / '__/ _ \/ _ \ '_ \ / _ \ '__|
| |_) | | |_| |___) | <| | | __/ __/ | | | __/ |
|____/|_|\__,_|____/|_|\_\_| \___|\___|_| |_|\___|_| This guide explains how to use the Windows BSOD Root Cause Triage Tool for analyzing and identifying the causes of system crashes in Windows 11.
The Windows BSOD Root Cause Triage Tool is designed to automate the analysis of crash dumps, identify problematic drivers, and provide actionable recommendations based on bugcheck codes. It combines several key components:
- Crash Dump Analysis: Extracts metadata from Windows memory dumps.
- Driver Analysis: Cross-references loaded drivers against a database of known problematic drivers.
- Bugcheck Knowledge Base: Provides information about common bugcheck codes and their probable causes.
- System Event Correlation: Examines system events around the time of the crash for additional context.
Before using the tool, ensure you have:
- Windows 11 operating system
- PowerShell 5.1 or later
- Administrator privileges
- Windows Debugging Tools installed (recommended but not required)
- These are part of the Windows SDK, which can be downloaded from the Microsoft website
-
Download all three files to the same directory:
BSODRootCauseTriage.ps1(main script)BugcheckKB.json(bugcheck knowledge base)KnownBadDrivers.json(problematic drivers database)
-
If you do not have Windows Debugging Tools installed, the script will still function but with reduced capabilities.
To analyze the most recent crash dump file on your system:
- Open PowerShell as Administrator
- Navigate to the directory containing the script
- Execute the script:
.\BSODRootCauseTriage.ps1The script will:
- Locate the most recent dump file in the default location (
%SystemRoot%\Minidump) - Extract crash information
- Analyze the bugcheck code
- Check for problematic drivers
- Generate an HTML report and open it in your default browser
- Export analysis data to JSON for programmatic use
To analyze a specific crash dump file:
.\BSODRootCauseTriage.ps1 -TargetDumpFile "C:\Path\To\Your\Crash.dmp"You can specify custom output directories for the analysis results:
.\BSODRootCauseTriage.ps1 -OutputPath "D:\BSOD_Analysis"The script supports several parameters:
-DumpPath: Directory to search for dump files (default:%SystemRoot%\Minidump)-KnowledgeBasePath: Path to bugcheck knowledge base JSON file-DriversDBPath: Path to known bad drivers JSON file-GenerateReport: Set to $false to skip HTML report generation (default: $true)
The HTML report is divided into several sections:
Provides an overview of the crash, including:
- Crash dump file name and creation time
- Bugcheck code and description
- System information
Details about the specific bugcheck code, including:
- Common causes
- General recommendations
For each potentially problematic driver:
- Driver details (name, vendor, type, version)
- Known issues with version ranges
- Whether the current driver version is affected
- Resolution steps
Shows relevant system events that occurred around the time of the crash, which may provide additional context.
Prioritized actions to resolve the issue, including:
- Driver updates for identified problematic drivers
- General recommendations based on the bugcheck code
- System maintenance steps
You can update the BugcheckKB.json file to add new bugcheck codes or modify existing entries. Each entry contains:
- Name: The symbolic name of the bugcheck
- Description: A brief explanation of what the bugcheck means
- CommonCauses: An array of common causes
- Recommendations: An array of recommended actions
The KnownBadDrivers.json file can be updated with new problematic driver information. Each entry contains:
- Driver name as the key
- VendorName: The driver's manufacturer
- DriverType: Category of driver
- KnownIssues: Array of specific issues, including:
- VersionRange: Min and max affected versions
- IssueDescription: Description of the problem
- Resolution: How to fix the issue
- AffectedOS: Which Windows versions are affected
- Run the script to analyze the latest crash dump
- Check the Driver Analysis section for recently updated drivers
- Follow the recommended steps to update or roll back problematic drivers
- Run the script against multiple crash dumps by specifying different files
- Look for patterns in the bugcheck codes or implicated drivers
- Check the System Event Log section for recurring errors
- Run the analysis to identify if bugcheck codes point to hardware issues
- Pay special attention to recommendations regarding memory tests, overclocking, or thermal issues
If you encounter issues with the tool:
- Missing Windows Debugger: The script will function with limited capabilities; consider installing the Windows SDK to get full functionality.
- No Crash Dumps Found: Ensure your system is configured to create memory dumps on crash. The script includes functionality to configure this automatically.
- Empty Analysis Results: Some crash dumps may not contain enough information for a complete analysis. Try using a complete memory dump rather than a minidump if available.
The tool exports its analysis to JSON, making it suitable for integration with other systems or automation tools:
$analysis = .\BSODRootCauseTriage.ps1
# Access analysis data programmatically
$bugcheckCode = $analysis.CrashInfo.BugcheckCode
$problematicDrivers = $analysis.DriverAnalysis | Where-Object { $_.KnownIssues.CurrentVersionAffected -eq $true }You can incorporate this into scheduled tasks or monitoring solutions to automatically analyze new crash dumps as they occur.