How to read the small memory dump file that is created by Windows if a crash occurs

This article describes how to examine a pocket-size retentivity dump file. A small memory dump file tin aid you make up one's mind why your computer crashed.

Applies to: Windows ten - all editions, Windows Server 2012 R2
Original KB number: 315263

Small memory dump files

If your figurer crashes, how can y'all find out what happened, ready the issue and it prevent it from happening over again? Y'all may find the minor retentivity dump file useful in this situation. The modest memory dump file contains the smallest corporeality of useful data that could assist yous place why your reckoner crashed. The memory dump file contains the following information:

  • The Stop bulletin, its parameters, and other information
  • A list of loaded drivers
  • The processor context (PRCB) for the processor that stopped
  • The process data and kernel context (EPROCESS) for the process that stopped
  • The process information and kernel context (ETHREAD) for the thread that stopped
  • The Kernel-mode call stack for the thread that stopped

To create a memory dump file, Windows requires a paging file on the kick volume that is at least two megabytes (MB) in size. On computers that are running Microsoft Windows 2000, or a later version of Windows, a new retentivity dump file is created each time that a estimator crash may occur. A history of these files is stored in a folder. If a 2d problem occurs and if Windows creates a second small retention dump file, Windows preserves the previous file. Windows gives each file a distinct, engagement-encoded file name. For example, Mini022900-01.dmp is the first retention dump file that was generated on February 29, 2000. Windows keeps a list of all the pocket-size retention dump files in the %SystemRoot%\Minidump folder.

The pocket-size memory dump file can exist useful when hard disk space is limited. All the same, considering of the limited data that is included, errors that were non straight caused by the thread that was running at the fourth dimension of the problem may not exist discovered past an analysis of this file.

Configure the dump type

To configure startup and recovery options to use the small retentivity dump file, follow these steps.

Annotation

Because there are several versions of Microsoft Windows, the following steps may be dissimilar on your figurer. If they are, see your product documentation to complete these steps.

  1. Click Outset, and and then click Control Console.

  2. Double-click System, and and so click Advanced system settings.

  3. Click the Advanced tab, and and so click Settings nether Startup and Recovery.

  4. In the Write debugging information list, click Minor memory dump (256k).

    Screenshot of the Small memory dump (256k) option in the Write debugging information list in the Startup and Recovery window.

To change the binder location for the small-scale memory dump files, type a new path in the Dump File box or in the Small dump directory box, depending on your version of Windows).

Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file has been created correctly.

Notation

The Dump Cheque Utility does not require access to debugging symbols. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process.

For more data about how to utilise Dump Check Utility in Windows NT, Windows 2000, Windows Server 2003 or Windows Server 2008, see Microsoft Knowledge Base article 156280: How to Use Dumpchk.exe to cheque a retentivity dump file.

For more than data about how to utilize Dump Check Utility in Windows XP, Windows Vista or Windows 7, see Microsoft Knowledge Base article 315271: How to use Dumpchk.exe to check a Memory Dump file.

Or, you tin use the Windows Debugger (WinDbg.exe) tool or the Kernel Debugger (KD.exe) tool to read pocket-size memory dump files. WinDbg and KD.exe are included with the latest version of the Debugging Tools for Windows packet.

To install the debugging tools, run into the Download and Install Debugging Tools for Windows webpage. Select the Typical installation. Past default, the installer installs the debugging tools in the following folder:

C:\Program Files\Debugging Tools for Windows

This Web page likewise provides access to the downloadable symbol packages for Windows. For more information virtually Windows symbols, see Debugging with Symbols, and the Download Windows Symbol Packages webpage.

For more information about dump file options in Windows, meet Overview of retentiveness dump file options for Windows.

Open the dump file

To open up the dump file after the installation is complete, follow these steps:

  1. Click Start, click Run, type cmd, and and then click OK.

  2. Change to the Debugging Tools for Windows folder. To do this, blazon the following at the control prompt, and so press ENTER:

                      cd c:\programme files\debugging tools for windows                                  
  3. To load the dump file into a debugger, blazon one of the following commands, and then press ENTER:

                      windbg -y SymbolPath -i ImagePath -z DumpFilePath                                  

    or

                      kd -y SymbolPath -i ImagePat -z *DumpFilePath                                  

The following table explains the use of the placeholders that are used in these commands.

Placeholder Caption
SymbolPath Either the local path where the symbol files take been downloaded or the symbol server path, including a cache folder. Because a minor retentivity dump file contains limited information, the actual binary files must exist loaded together with the symbols for the dump file to be correctly read.
ImagePath The path of these files. The files are contained in the I386 folder on the Windows XP CD-ROM. For example, the path may be C:\Windows\I386.
DumpFilePath The path and file proper noun for the dump file that you are examining.

Sample commands

You lot can use the following sample commands to open the dump file. These commands assume the following:

  • The contents of the I386 folder on the Windows CD-ROM are copied to the C:\Windows\I386 binder.
  • Your dump file is named C:\Windows\Minidump\Minidump.dmp.

Sample 1:

              kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp                          

Sample ii. If you prefer the graphical version of the debugger instead of the command-line version, type the post-obit command instead:

              windbg -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp                          

Examine the dump file

At that place are several commands that you tin employ to get together information in the dump file, including the following commands:

  • The !analyze -bear witness command displays the Stop error code and its parameters. The Stop error code is likewise known as the issues check code.
  • The !clarify -5 command displays verbose output.
  • The lm N T command lists the specified loaded modules. The output includes the status and the path of the module.

Note

The !drivers extension control displays a list of all drivers that are loaded on the destination computer, together with summary data about their memory use. The !drivers extension is obsolete in Windows XP and later. To display data about loaded drivers and other modules, use the lm command. The lm N T command displays data in a format that is like to the sometime !drivers extension.

For help with other commands and for complete control syntax, see the debugging tools Assist documentation. The debugging tools Assistance documentation can be found in the following location:

C:\Program Files\Debugging Tools for Windows\Debugger.chm

Note

If you have symbol-related issues, employ the Symchk utility to verify that the right symbols are loaded correctly. For more data about how to use Symchk, see Debugging with Symbols.

Simplify the commands past using a batch file

After you identify the command that you must have to load retention dumps, y'all can create a batch file to examine a dump file. For case, create a batch file and proper noun it Dump.bat. Relieve information technology in the binder where the debugging tools are installed. Type the following text in the batch file:

              cd "c:\programme files\debugging tools for windows"  kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z %ane                          

When you desire to examine a dump file, type the following command to laissez passer the dump file path to the batch file:

              dump c:\windows\minidump\minidump.dmp