How to read the small retention dump file that is created by Windows if a crash occurs

  • Article
  • 6 minutes to read

This article describes how to examine a small memory dump file. A small memory dump file can help you determine why your figurer crashed.

Applies to: Windows 10 - all editions, Windows Server 2012 R2
Original KB number: 315263

Modest retention dump files

If your computer crashes, how can you observe out what happened, gear up the issue and it preclude it from happening again? You may discover the small-scale retention dump file useful in this situation. The small retentiveness dump file contains the smallest amount of useful information that could assist you identify why your computer crashed. The retentiveness dump file contains the following information:

  • The Stop bulletin, its parameters, and other information
  • A list of loaded drivers
  • The processor context (PRCB) for the processor that stopped
  • The process data and kernel context (EPROCESS) for the procedure that stopped
  • The process information and kernel context (ETHREAD) for the thread that stopped
  • The Kernel-style telephone call stack for the thread that stopped

To create a memory dump file, Windows requires a paging file on the boot volume that is at to the lowest degree 2 megabytes (MB) in size. On computers that are running Microsoft Windows 2000, or a subsequently version of Windows, a new memory dump file is created each fourth dimension that a computer crash may occur. A history of these files is stored in a folder. If a second problem occurs and if Windows creates a second small retention dump file, Windows preserves the previous file. Windows gives each file a distinct, appointment-encoded file proper noun. For example, Mini022900-01.dmp is the first retentiveness dump file that was generated on February 29, 2000. Windows keeps a list of all the small memory dump files in the %SystemRoot%\Minidump binder.

The small memory dump file can exist useful when hard disk space is limited. However, considering of the limited information that is included, errors that were not directly acquired by the thread that was running at the time of the trouble may not exist discovered by an assay of this file.

Configure the dump type

To configure startup and recovery options to use the modest memory dump file, follow these steps.

Notation

Because there are several versions of Microsoft Windows, the post-obit steps may be different on your estimator. If they are, meet your product documentation to complete these steps.

  1. Click Offset, and then click Control Panel.

  2. Double-click System, and then click Avant-garde system settings.

  3. Click the Advanced tab, and then click Settings under Startup and Recovery.

  4. In the Write debugging information list, click Pocket-size memory dump (256k).

    Screenshot of the Small memory dump (256k) option in the Write debugging information list in the Startup and Recovery window.

To change the folder location for the pocket-sized retention dump files, type a new path in the Dump File box or in the Small-scale dump directory box, depending on your version of Windows).

Use the Dump Check Utility (Dumpchk.exe) to read a retention dump file or verify that the file has been created correctly.

Notation

The Dump Check Utility does not crave admission to debugging symbols. Symbol files hold a multifariousness of data which are not really needed when running the binaries, but which could be very useful in the debugging procedure.

For more information most how to utilise Dump Check Utility in Windows NT, Windows 2000, Windows Server 2003 or Windows Server 2008, see Microsoft Noesis Base of operations commodity 156280: How to Use Dumpchk.exe to check a memory dump file.

For more than information almost how to employ Dump Check Utility in Windows XP, Windows Vista or Windows 7, see Microsoft Noesis Base of operations article 315271: How to use Dumpchk.exe to check a Memory Dump file.

Or, you can use the Windows Debugger (WinDbg.exe) tool or the Kernel Debugger (KD.exe) tool to read small memory dump files. WinDbg and KD.exe are included with the latest version of the Debugging Tools for Windows packet.

To install the debugging tools, meet the Download and Install Debugging Tools for Windows webpage. Select the Typical installation. By default, the installer installs the debugging tools in the following folder:

C:\Program Files\Debugging Tools for Windows

This Web folio likewise provides access to the downloadable symbol packages for Windows. For more information about Windows symbols, come across Debugging with Symbols, and the Download Windows Symbol Packages webpage.

For more than information well-nigh dump file options in Windows, see Overview of memory dump file options for Windows.

Open up the dump file

To open the dump file after the installation is consummate, follow these steps:

  1. Click Start, click Run, type cmd, and and so click OK.

  2. Change to the Debugging Tools for Windows folder. To practice this, type the following at the command prompt, so press ENTER:

                      cd c:\program files\debugging tools for windows

  3. To load the dump file into a debugger, type one of the following commands, and then press ENTER:

                      windbg -y SymbolPath -i ImagePath -z DumpFilePath

    or

                      kd -y SymbolPath -i ImagePat -z *DumpFilePath

The following table explains the use of the placeholders that are used in these commands.

Placeholder Explanation
SymbolPath Either the local path where the symbol files have been downloaded or the symbol server path, including a cache folder. Because a small retention dump file contains limited information, the actual binary files must exist loaded together with the symbols for the dump file to be correctly read.
ImagePath The path of these files. The files are independent in the I386 folder on the Windows XP CD-ROM. For instance, the path may be C:\Windows\I386.
DumpFilePath The path and file name for the dump file that you are examining.

Sample commands

You can use the following sample commands to open the dump file. These commands assume the following:

  • The contents of the I386 folder on the Windows CD-ROM are copied to the C:\Windows\I386 folder.
  • Your dump file is named C:\Windows\Minidump\Minidump.dmp.

Sample 1:

              kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Sample 2. If yous prefer the graphical version of the debugger instead of the command-line version, type the following command instead:

              windbg -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Examine the dump file

There are several commands that y'all can use to gather information in the dump file, including the following commands:

  • The !clarify -show command displays the Finish error code and its parameters. The Terminate mistake code is too known as the problems check code.
  • The !analyze -five control displays verbose output.
  • The lm North T command lists the specified loaded modules. The output includes the status and the path of the module.

Note

The !drivers extension control displays a list of all drivers that are loaded on the destination computer, together with summary information about their memory employ. The !drivers extension is obsolete in Windows XP and subsequently. To display information most loaded drivers and other modules, employ the lm command. The lm N T command displays data in a format that is like to the sometime !drivers extension.

For help with other commands and for complete control syntax, meet the debugging tools Help documentation. The debugging tools Assistance documentation can be found in the following location:

C:\Programme Files\Debugging Tools for Windows\Debugger.chm

Note

If you take symbol-related issues, use the Symchk utility to verify that the correct symbols are loaded correctly. For more information almost how to use Symchk, see Debugging with Symbols.

Simplify the commands by using a batch file

After you identify the command that you must have to load memory dumps, yous can create a batch file to examine a dump file. For example, create a batch file and name it Dump.bat. Save it in the binder where the debugging tools are installed. Type the following text in the batch file:

              cd "c:\program files\debugging tools for windows"  kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z %i

When you desire to examine a dump file, blazon the following command to pass the dump file path to the batch file:

              dump c:\windows\minidump\minidump.dmp