# Error Diagnosis

# Enable and Locate Memory Dumps

### Enable Memory Dumps

Press Windows-Key + R and enter `SystemPropertiesAdvanced`

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-09/scaled-1680-/RWuimage.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-09/RWuimage.png)

go to Tab *Advanced* and click on *Settings* in the Section *Startup and Recovery*

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-09/scaled-1680-/45Fimage.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-09/45Fimage.png)

1. At the Dropdown in System Errors, select *Complete Memory Dump*

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-09/scaled-1680-/DlKimage.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-09/DlKimage.png)

### Locate Memory Dumps

The Path is visible in the last Screenshot as Location on the Windows Disk.

As per Default, it is `%SystemRoot%\MEMORY.DMP` or `C:\Windows\MEMORY.DMP`

# System File Integrity Check

The System File Integrity Check (SFC) in Windows is used to validate (and repair) System Files.

#### Usage

```
SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<Datei>] [/VERIFYFILE=<Datei>]
    [/OFFWINDIR=<Windows-Offlineverzeichnis> /OFFBOOTDIR=<Offlinestartverzeichnis> [/OFFLOGFILE=<Protokolldateipfad>]]

/SCANNOW        Überprüft die Integrität aller geschützten Systemdateien und
                repariert ggf. problematische Dateien.
/VERIFYONLY     Überprüft die Integrität aller geschützten Systemdateien.
                Es erfolgt keine Reparatur.
/SCANFILE       Überprüft die Integrität der angegebenen Datei und repariert ggf. die Datei, wenn Probleme gefunden werden.
                Geben Sie den vollständigen Pfad zur <Datei> an.
/VERIFYFILE     Überprüft die Integrität der Datei mit dem vollständigen Pfad zur <Datei>.  Es erfolgt
                keine Reparatur.
/OFFBOOTDIR     Gibt den Speicherort des Offlinestartverzeichnisses für Offlinereparaturen an.
/OFFWINDIR      Gibt den Speicherort des Windows-Offlineverzeichnisses für Offlinereparaturen an.
/OFFLOGFILE     Durch Angabe eines Protokolldateipfads kann bei Offlinereparaturen optional die Protokollierung aktiviert werden.

Beispiel:

        sfc /SCANNOW
        sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
        sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows
        sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows /OFFLOGFILE=c:\log.txt
        sfc /VERIFYONLY
```

- Use `sfc /verifyonly` to <span style="text-decoration: underline;">only </span>Verify Files and not attempt to repair them. This is generally preferred to be the first stop when suspecting damaged/corrupted system files as there is no possibility in harming the system.
- use `sfc /scannow` to<span style="text-decoration: underline;"> both Verify and attempt Repair</span>. This is a destructive Operation so it is suggested to run this only when knowing that this can very well brick the system. While i had only a few occurences where this happened, but nevertheless.

There are also the Options to write a log File using `/OFFLOGFILE`. The Options `/OFFBOOTDIR` and `/OFFWINDIR` are used when a System repair is wanted but Network is not available. These work as offline sources to repair the Files

# BSOD in Log Event Viewer

Windows Blue-Screen-of-Death' (BSOD), generally, produce System Log Events of Type *Kernel-Power* and Level *Critical*. Based on them, futher Diagnosis like [Memory Dumps](https://kb.oliver-karger.de/books/windows/page/enable-and-locate-memory-dumps "Enable and Locate Memory Dumps") or [Integrity Checks](https://kb.oliver-karger.de/books/windows/page/system-file-integrity-check "System File Integrity Check") can be performed.

#### How to Filter System Event Logs

1\. Press Windows-Key + R and enter `eventvwr`

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/scaled-1680-/image.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/image.png)

Go to *Windows-Protocols* and select *System*

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/scaled-1680-/8gLimage.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/8gLimage.png)

Click on *Filter current Protocol*

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/scaled-1680-/37Himage.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/37Himage.png)

Select Event Level *Critical* and set a Timeframe

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/scaled-1680-/VMDimage.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/VMDimage.png)

[![image.png](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/scaled-1680-/eOrimage.png)](https://kb.oliver-karger.de/uploads/images/gallery/2025-10/eOrimage.png)

If any BSODs occured, they would be shown here.