Microsoft Windows NT in general, and Windows 2000, XP , and now Vista in particular, are increasingly more "user friendly". Continually, Microsoft adds wizards to help us do things, or to help us figure out why something didn't work the way that it should have. But all the wizards imaginable can not cover every possible problem; and occasionally our computer will encounter a problem that leaves no recourse other than for it to simply shut down.
This shut down condition is commonly referred to as a STOP error, or a Black (Blue) Screen of Death, aka BSOD.
Many times, looking at the contents of the STOP error message will show the address where the error occurred. First look up the detailed information about the specific STOP code in order to determine if the address is included, and if, so where in the error message might the address be found.
You can identify the meaning of each of the parameters for your specific STOP code, using the Microsoft Developer Network: Bug Check Codes as a reference. For an example, we might look at the 0xA: IRQL_NOT_LESS_OR_EQUAL STOP, which tells us that the address of the offending module can be found in the fourth parameter. Note this address, for later reference.
Having noted the address of the offending module, now list the addresses at which each active process is being loaded. The Pstat utility will provide this information. On some systems the Pstat utility may already be present. Check this by opening a Command Prompt window, and entering the following command:
If Pstat is not on your computer, you can download it free from Microsoft, as part of the
Microsoft Windows XP Service Pack 2 Support Tools.
With Pstat installed on your computer, next open a Command Prompt window, and generate a report. Because you need only a part of the information from this report, it is best to create the report as a text file. In the Command Prompt window enter the following command:
C:\>pstat > C:\temp\pstat.txt
You may change c:\temp to whatever drive and folder that you want to save the report into.
Now open the saved file in Notepad.
Scroll down the file, about 80% of the way to the end of the file and you will find a header line:
ModuleName Load Addr Code Data Paged LinkDate
Delete everything above the header line. Save this file under a different name. I use pstat2.txt, and put it into the same c:\temp folder.
Now launch Microsoft Excel, and do File - Open, to bring the pstat2.txt file into Excel. Excel will parse the file into columns. Once this is done, do Data - Sort, and sort the entire spreadsheet based on the value in Column B (Load Addr).
Now, simply read Column B, until you find the highest value that is less than the address noted above. That module name, in column A, is the prime suspect for the cause of your error.
Instructions courtesy of Ron Martell, MVP.