How to read the small memory dump file that is created by Windows if a crash occurs

  • Article
  • 6 minutes to read

This article describes how to examine a small memory dump file. A small retentivity dump file can help you determine why your estimator crashed.

Applies to: Windows ten - all editions, Windows Server 2012 R2
Original KB number: 315263

Minor retention dump files

If your calculator crashes, how can you find out what happened, set the upshot and it forestall it from happening over again? You may find the small memory dump file useful in this situation. The small-scale memory dump file contains the smallest corporeality of useful data that could help you place why your computer crashed. The memory dump file contains the following information:

  • The End bulletin, its parameters, and other information
  • A list of loaded drivers
  • The processor context (PRCB) for the processor that stopped
  • The process information and kernel context (EPROCESS) for the process that stopped
  • The process information and kernel context (ETHREAD) for the thread that stopped
  • The Kernel-manner call stack for the thread that stopped

To create a retention dump file, Windows requires a paging file on the boot book that is at least ii megabytes (MB) in size. On computers that are running Microsoft Windows 2000, or a later on version of Windows, a new memory dump file is created each fourth dimension that a computer crash may occur. A history of these files is stored in a binder. If a 2d problem occurs and if Windows creates a second modest memory dump file, Windows preserves the previous file. Windows gives each file a singled-out, appointment-encoded file name. For instance, Mini022900-01.dmp is the first memory dump file that was generated on February 29, 2000. Windows keeps a list of all the small memory dump files in the %SystemRoot%\Minidump folder.

The small memory dump file tin be useful when hard disk space is limited. However, because of the limited data that is included, errors that were non straight caused past the thread that was running at the fourth dimension of the problem may not exist discovered by an assay of this file.

Configure the dump type

To configure startup and recovery options to apply the small memory dump file, follow these steps.

Annotation

Because there are several versions of Microsoft Windows, the following steps may exist unlike on your computer. If they are, see your product documentation to complete these steps.

  1. Click Commencement, and then click Control Panel.

  2. Double-click System, and so click Advanced system settings.

  3. Click the Avant-garde tab, and so click Settings under Startup and Recovery.

  4. In the Write debugging information list, click Small-scale memory dump (256k).

    Screenshot of the Small memory dump (256k) option in the Write debugging information list in the Startup and Recovery window.

To alter the binder location for the small-scale memory dump files, type a new path in the Dump File box or in the Small dump directory box, depending on your version of Windows).

Utilise the Dump Cheque Utility (Dumpchk.exe) to read a retentiveness dump file or verify that the file has been created correctly.

Note

The Dump Check Utility does non require access to debugging symbols. Symbol files concord a variety of data which are not actually needed when running the binaries, but which could exist very useful in the debugging process.

For more information about how to use Dump Bank check Utility in Windows NT, Windows 2000, Windows Server 2003 or Windows Server 2008, run across Microsoft Cognition Base article 156280: How to Use Dumpchk.exe to check a retentiveness dump file.

For more information about how to employ Dump Check Utility in Windows XP, Windows Vista or Windows 7, run across Microsoft Noesis Base article 315271: How to apply Dumpchk.exe to check a Memory Dump file.

Or, y'all can use the Windows Debugger (WinDbg.exe) tool or the Kernel Debugger (KD.exe) tool to read small memory dump files. WinDbg and KD.exe are included with the latest version of the Debugging Tools for Windows packet.

To install the debugging tools, meet the Download and Install Debugging Tools for Windows webpage. Select the Typical installation. By default, the installer installs the debugging tools in the following folder:

C:\Program Files\Debugging Tools for Windows

This Web folio also provides access to the downloadable symbol packages for Windows. For more information near Windows symbols, see Debugging with Symbols, and the Download Windows Symbol Packages webpage.

For more than information well-nigh dump file options in Windows, see Overview of retention dump file options for Windows.

Open the dump file

To open up the dump file after the installation is complete, follow these steps:

  1. Click Start, click Run, type cmd, then click OK.

  2. Change to the Debugging Tools for Windows binder. To exercise this, type the post-obit at the control prompt, so press ENTER:

                      cd c:\program files\debugging tools for windows

  3. To load the dump file into a debugger, type ane of the post-obit commands, and and so press ENTER:

                      windbg -y SymbolPath -i ImagePath -z DumpFilePath

    or

                      kd -y SymbolPath -i ImagePat -z *DumpFilePath

The following table explains the employ of the placeholders that are used in these commands.

Placeholder Explanation
SymbolPath Either the local path where the symbol files accept been downloaded or the symbol server path, including a cache folder. Because a small memory dump file contains limited data, the actual binary files must exist loaded together with the symbols for the dump file to be correctly read.
ImagePath The path of these files. The files are contained in the I386 binder on the Windows XP CD-ROM. For instance, the path may be C:\Windows\I386.
DumpFilePath The path and file name for the dump file that you are examining.

Sample commands

You can use the following sample commands to open up the dump file. These commands presume the post-obit:

  • The contents of the I386 binder on the Windows CD-ROM are copied to the C:\Windows\I386 binder.
  • Your dump file is named C:\Windows\Minidump\Minidump.dmp.

Sample ane:

              kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Sample 2. If yous prefer the graphical version of the debugger instead of the command-line version, type the post-obit command instead:

              windbg -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Examine the dump file

At that place are several commands that yous can utilize to gather data in the dump file, including the post-obit commands:

  • The !analyze -show control displays the Cease error code and its parameters. The Stop fault code is too known as the bug check code.
  • The !analyze -v command displays verbose output.
  • The lm Northward T command lists the specified loaded modules. The output includes the status and the path of the module.

Note

The !drivers extension control displays a listing of all drivers that are loaded on the destination computer, together with summary information nigh their memory use. The !drivers extension is obsolete in Windows XP and subsequently. To brandish information about loaded drivers and other modules, utilise the lm control. The lm Northward T command displays information in a format that is similar to the quondam !drivers extension.

For assist with other commands and for complete command syntax, see the debugging tools Assist documentation. The debugging tools Help documentation can be found in the post-obit location:

C:\Program Files\Debugging Tools for Windows\Debugger.chm

Note

If you have symbol-related problems, use the Symchk utility to verify that the right symbols are loaded correctly. For more information about how to utilise Symchk, see Debugging with Symbols.

Simplify the commands by using a batch file

After you identify the command that you must take to load memory dumps, you can create a batch file to examine a dump file. For example, create a batch file and proper name it Dump.bat. Salvage it in the folder where the debugging tools are installed. Blazon the following text in the batch file:

              cd "c:\program files\debugging tools for windows"  kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z %1

When you desire to examine a dump file, type the following command to pass the dump file path to the batch file:

              dump c:\windows\minidump\minidump.dmp