Last December, it was Word 2007. Two weeks later, it was Outlook 2003. Out of the blue, a program that worked just fine yesterday freezes up today.
A few days ago, I described how to force Windows to close hung applications faster at shutdown. That fix might get you out the door quicker, but it doesn't address the source of the problem.
Unfortunately, determining the source of a hung application usually requires quite a bit of detective work. If the problem is widespread, chances are Microsoft and any other hardware or software vendors affected will do their best to make a fix available as quickly as possible--at least in the computer utopia that exists in my dreams. Most of these mystery freezes are uncommon and specific to a particular PC configuration, such as the driver for a certain model printer conflicting with a recent Windows security update, causing some functions in Windows Explorer to stop working (an instance described in a recent Microsoft knowledgebase article).
Step one: search the error code
When a program conks out, you usually see a window open with some error message, often including a code number. Enter the message and number in your favorite Web search engine and look for a link to an explanation, which may include a fix. This approach is more miss than hit, unfortunately. Gregory Braun's free Error Messages for Windows utility lists Windows error messages by their code numbers, but it doesn't help you find the source of the error.
Look up Windows error messages via the free Error Messages for Windows utility.
(Credit: Software Design--Gregory Braun)
The usual suspects
The most obvious thing to check is for a malware infestation. Update your antivirus program's definitions and perform a full system scan. You're far from certain to discover any problems, but at least you can rule out a virus as the cause.
Often the problem is not the software's fault. Bad memory modules cause many programs to hang. Chris Brady's Memtest86 is a free program that diagnoses memory problems, though it requires that you copy its files to a floppy disk or disk partition, and then run the program from there. Microsoft's Windows Memory Diagnostic loads easier onto a floppy or CD from which you boot to run its tests automatically.
Another common crash culprit is an out-of-date video driver. To find your video-display make and model, right-click My Computer (XP) or Computer (Vista) and choose Manage > Device manager > Display adapters. Double-click the entry, choose the Driver tab, and note the driver version. Now visit the vendor's site and look for an update for the driver. (This also applies to drivers for other hardware devices.)
If your browser is crashing, disable your toolbar add-ons one at a time to determine whether one of them is causing the problem. You can disable add-ons in Internet Explorer 7 by clicking Tools > Manage Add-ons > Enable or disable add-ons, and then selecting them one at a time and choosing Disable. When you're done, click OK.
To disable add-ons and toolbars in Mozilla Firefox 2, click Tools > Add-ons, select the add-ons one at a time, and choose Disable.
Find the cause of problems in Internet Explorer 7 by disabling add-ons and toolbars one at a time.
(Credit: Microsoft)
Determine whether an add-on or toolbar is the source of problems in Firefox by disabling them one at a time.
(Credit: Mozilla Foundation)
To report or not to report
The Microsoft Online Crash Analysis site lets you upload your error reports and view an analysis of them, but it requires a Microsoft Passport account (Hotmail, Live, or MSN). You must also send your error reports to Microsoft whenever a crash occurs; most of us click Don't Send out of habit when the dialog box pops up. I had high hopes for this service, but after a recent crash of my XP system (caused by a bad program uninstall), it was no help whatsoever.
To disable error reporting in Windows XP, right-click My Computer, choose Properties > Advanced > Error Reporting, and click Disable error reporting. In Vista, press the Windows key, type Problem Reports and Solutions, and press Enter. Click Change settings in the left pane, choose Advanced settings, and click Change setting to the right of "For all users and programs, problem reporting is set to On." Choose Off, and close all the dialog boxes.
Tomorrow: Microsoft's one-stop shutdown-maintenance utility for XP.
Like many of you, my copies of Windows XP crash with the now-classic "blue screen of death" (BSOD). When this happened a couple times recently to a new ThinkCentre A61 tower, I called Lenovo tech support. As the title of this posting suggests, it did not go well.
When Windows XP crashes, the default behavior is to create a minidump, a small file (only 88K) with a summary of, hopefully, the most important information about the failure. I wrote about minidumps back in November (see Dealing with software crashes, Part 2). If your copy of Windows has crashed (aka "blue-screened") in the past, you may find a minidump describing the problem in the C:\WINDOWS\Minidump folder. The format of the filename is MiniMMDDYY-99.DMP (the last two numbers being a sequence number).
Minidumps are in a binary format, opening them with Notepad is a waste of time. Windows XP doesn't include the necessary software (program Dumpchk.exe) to open a minidump file. The target audience for a minidump is a tech support person.
But, it seems Lenovo didn't get the memo.
When I spoke to a Lenovo technician on the phone, I was told they don't do that. That is, they aren't allowed to accept minidump files from customers. Instead, the debugging session is totally verbal. Been there, done that. Verbal debugging of computer problems over the phone is all but guaranteed to be a waste of time. It was in this case.
Although the minidump can be impenetrable, the Windows event log, specifically the System event log, also has information about Windows crashes. Shown below is the identifying information about the two Windows crashes I experienced.
The bugcheck was: 0x0000001a (0x00041284, 0xd7817001, 0x00003fde, 0xc0e00000)
A dump was saved in: C:\WINDOWS\Minidump\Mini021508-01.dmp
The computer has rebooted from a bugcheck.
The bugcheck was: 0x1000000a (0x00000010, 0x00000002, 0x00000001, 0x8051b0c8)
A dump was saved in: C:\WINDOWS\Minidump\Mini021508-02.dmp
At this point you have more information than the Lenovo tech support person assisting me had. He was only interested in the two error codes, not any of the additional data fields shown above in parentheses, which provide additional information about the problem.
While the System event log doesn't provide much information about the crash itself, taken together, the six event logs can provide a wealth of information about the overall goings-on inside Windows. Like the minidump files, the event logs are not very big; in XP they max out at 512K by default. You can see them below for the computer in question.
Lenovo's technicians are also not allowed to accept event logs from customers.
What's Your Experience?
Lenovo is only one company of many offering technical support for Windows. What has been your experience in trying to get a technician to review either a minidump or an event log?
Do other computer manufacturers also refuse to accept these small files when offered?
Has a support person ever asked for them?
Is there an equivalent situation with Macs?
Either leave a comment below, or e-mail me at minidump at michaelhorowitz dot com.
And, if anyone works for Lenovo, is this, in fact, the normal procedure or did the person I dealt with not follow the rules?
Debugging operating system crashes can be hard to impossible, especially with the small amount of information in a minidump. But not even trying is disgraceful.
See a summary of all my Defensive Computing postings.
The first part of this posting on dealing with software crashes covered preventing the leakage of personal information, portable applications, and controlling the programs that run automatically when Windows starts up. Here we look at dumps, event logs, and disk checking, but first, we pick up on the topic of drivers.
Driver Verifier
In Windows, the term "driver" refers to software used by the operating system to control the hardware in the computer. Each piece of hardware (sound, video, printer) has an associated driver program.
The last topic in the previous posting was an airplane analogy to illustrate the potential for problems with Windows drivers. They run alongside the most critical parts of Windows itself and a bug in the driver can crash Windows.
Considering this, it should come as no surprise that Microsoft has a utility program designed to weed out bugs in drivers. The program is called Driver Verifier, and it is included in all recent versions of Windows (Windows 2000 and later).
Driver Verifier does extra checking on the actions of drivers, while they are running, looking for potential problems. Think of it as super-debugging mode. Quoting Microsoft: "Driver Verifier monitors kernel-mode drivers and graphics drivers to detect illegal function calls or actions that might corrupt the system. It can subject the drivers to a variety of stresses and tests to find improper behavior."
I bring this up because it can be a useful thing for debugging. When working with a tech-support person, ask them if drivers are a possible cause of the software problem you are experiencing (video drivers were a suspect in the problem described in The Wall Street Journal story). If so, then ask if Drive Verifier would be helpful. If nothing else, use Driver Verifier to gauge the reaction of the person assisting you.
There is a performance cost to the extra error checking Windows does on the drivers being verified. If verification is turned on for all drivers, Windows may be noticeably slower. Hopefully, the tech-support person can limit the verifying to a small number of drivers.
But, every PC has a different set of drivers. Fortunately, Driver Verifier can list the installed drivers, their version number, and the company that produced them. To run it, open a Command Prompt window (aka DOS window) and type "verifier" without the quotes. You can then close the Command Prompt window. In Vista, a security dialog will ask for permission.
I suggest starting with the radio button that displays existing settings. If this is the first time Driver Verifier has been used, there should be no drivers listed in the right side of the resulting window.
This window also shows different types of tests that will all be set to "No" initially. Windows XP offers eight types of verification tests; Vista has a few more.
Click the back button, turn on the radio button to create standard settings, and then click the Next button. If you "Select driver names from a list," you can see all the installed drivers.
Unless you are a serious Windows techie, driver verifier does not produce any output that is of use to you. It is best used when working with assistance from professional tech support.
Minidumps
Another thing to look for when Windows software crashes is a minidump--a snapshot of the state of the system at the time of the failure.
Dumps can be invaluable to a tech-support person. I spent many years doing technical support and can attest that verbal descriptions of a problem over the phone are not much to go on. Dumps and event logs (the next topic) give a picture of the problem that no person can.
Windows dumps are only useful to someone familiar with the internal working of the operating system. Normal users can't even look at the contents of a dump, Windows does not include the necessary program (Dumpchk.exe) to format it.
Minidumps are small (88K) so sending them to tech support should not be a problem. If you're not asked to look for, or provide, a dump, it would make me wonder how capable the support person is.
By default, Windows XP writes dumps to folder C:\WINDOWS\Minidump. If this folder is empty on your computer, consider yourself lucky.
You can control a number of dump-related options. To do so in Windows XP, start at the Control Panel, then System, then the Advanced tab, and finally click on the Settings button in the start-up and recovery section.
In the system failure section (the bottom half of the resulting window, shown above), I suggest enabling the option to write an event to the system log and turning off the option of automatic restart.
In the write debugging information section, "small memory dump 64K" is the default and should be fine. Only if a tech-support person says this small/minidump doesn't provide enough information, would I chose one of the other options.
The small dump directory defaults to %SystemRoot%\Minidump, which normally translates to C:\WINDOWS\Minidump. There is no need to change it.
Minidumps have a file type of .DMP. The format of the filename is MiniMMDDYY-99 where the last two numbers are a sequence number. For example, Mini110407-01.dmp is the first dump taken on November 4, 2007.
Event Logs
Event logs provide a history of problems and thus can be very helpful in debugging software problems.
To look at the event logs in Windows XP, start at the Control Panel, select Administrative Tools, then Event Viewer. There are at least three different logs: Application, Security, and System. Each log is separate file. To determine the filename and location, right-click on the name of the log, get the Properties, and look for the "Log name." By default, the Application, Security, and System log files are respectively:
C:\WINDOWS\system32\config\AppEvent.Evt
C:\WINDOWS\System32\config\SecEvent.Evt
C:\WINDOWS\system32\config\SysEvent.Evt
A tech-support person should be interested in some, if not all of these files. Event logs shouldn't be that big; in XP they max out at 512K by default.
Check Disk
A corrupted file system may play a part in any software failure. One of the first steps to take when dealing with a software crash should be to run the Windows Check Disk utility.
To do so, open My Computer and get the properties of the C disk. Then go to the Tools tab and click on the Check Now button. This opens a windows with two Check Disk options; I suggest turning on both options. When you click the Start button, Windows will say it can't check a disk that's in use and ask if you want to schedule the checking for the next restart. Say yes and then restart Windows.
Checking a disk can take a long time and Windows does not stop when it's done to let you view any messages. But there is no need to watch the thing run since a summary of the disk checking is written to the Application log. Just after Windows starts up, look at the top of the Application log (where the most recent events should be) for an event with a source of "Winlogon" and a type of "Information." Double-click on it to see the results of the disk check. In my experience, minor inconsistencies are the rule rather than the exception.
May your Minidump folder be forever empty.
Our review of Mac OS X 10.5 Leopard last Thursday lauded its lovely interface innovations but withheld judgment about the operating system's speed until we could put it through its paces.
Tests returned from CNET Labs on Saturday show that Leopard didn't perform noticeably faster than Mac OS 10.4.6 Tiger. (See the chart in CNET's review of Tiger.). Because Leopard's improved speeds of between 1 percent and 3 percent fall within the 5 percent margin of error, it's fair to call Leopard and Tiger even.
GarageBand wouldn't run the first time we opened it in Leopard.
Lab tests explored Leopard's boot time, multimedia multitasking, and handling of the Quake 3 game. Similarly, the 2005 release of Tiger did not demonstrate vast speed improvements over Panther, a previous version of Mac OS X.
Still, some users commenting on Leopard-related message boards and stories at CNET and elsewhere swore that they detected faster performance with Leopard.
Unfortunately, CNET Labs could not vouch for the performance of Adobe Systems' Photoshop CS3, which, for reasons not yet understood, wouldn't run on Leopard in our usual battery of automated tests. Don't jump to conclusions, however; the photo-editing application seemed to behave under normal conditions, and Adobe insists that Photoshop can run in Leopard.
However, full Leopard support for all versions of Adobe Creative Suite 3 won't become available until Adobe releases updates in three to four months. Among the applications needing updates are AfterEffects, Premiere, Soundbooth, and Acrobat Pro 8.1.2 (PDF). Sadly, Adobe fans cannot count on running earlier iterations of the Creative Suite or Macromedia Studio uneventfully within Leopard.
Although we find Leopard's interface relatively seamless, the same can't be said for everyone's experience getting started. Some people reported installation headaches, including the famed "blue screen of death," which historically has made so many love to hate the rival Microsoft Windows. Apple has acknowledged that issue as a glitch with third-party software.
Another application that won't run properly in Leopard yet is FileMaker Pro 9, due for an update next month. Some at CNET have found other applications, such as Groupcal and Parallels, failing unexpectedly in Leopard. And although only Safari was also running at the time, GarageBand wouldn't run in our first two attempts to open it in Leopard. A reboot seemed to do the trick.
Leopard also appeared to be converting some Mail settings from administrator to standard accounts; MacFixIt explains a solution. We're looking into these and other issues, and will continue to update our Leopard review as we learn more.
Our conclusion remains that you must have Leopard if you need to run Boot Camp, and you'll want it if you eagerly await Time Machine's elegant backup system. Developers will also like the full, native 64-bit support for both Intel- and PowerPC-based Macs.
Yet the majority of obvious improvements are on Leopard's surface. That isn't necessarily a bad thing; interface tweaks like Cover Flow, Quick Look, Spaces and Stacks offer powerful, practical improvements that make it easier to multitask. The operating system overall is a treat to use, even if it's unlikely to deliver preternatural speed.
So unless $129 feels like a trifle to spend, holding off on this upgrade wouldn't hurt. Depending upon your software toolkit of choice, waiting for third-party applications to catch up to Leopard might even save some frustration.
According to a report in EE Times, the software maker has been privately circulating a white paper that claims errors from standard memory are now among the top 10 causes for system crashes.
The issue was discussed at last week's Windows Hardware Engineering Conference (WinHEC) in Los Angeles, though the EE Times report said memory chip makers and computer manufacturers were not necessarily all in agreement about whether so-called error-correcting code (ECC) memory was, in fact, needed.
- prev
- 1
- next
