How to use Dumpchk.exe to check a Memory Dump file

For a Microsoft Windows NT and Microsoft Windows 2000 version of this article, see 156280 .

Summary

This article describes Dumpchk.exe, which is a command-line utility that you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.

More Information

Dumpchk is a command-line utility you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols. You can download debugging tools for Windows products from the following Microsoft Web site:
http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx
Note For Windows XP, Dumpchk is located on the Windows XP CD-ROM. Install the Support Tools by running Setup.exe from the Support\Tools folder on the CD-ROM. By default, Dumpchk.exe is installed to the Program Files\Support Tools folder.


Dumpchk has the following command-line options:


DUMPCHK [options] <CrashDumpFile>

-? Displays the command syntax.

-p Prints the header only (with no validation).

-v Specifies verbose mode.

-q Performs a quick test. Not available in Windows XP.
Additional options are available in the Windows XP version of Dumpchk.exe:


-c Does dump validation.

-x Does extra file validation; takes several minutes.

-e Does dump exam.

-y <Path> Sets the symbol search path for a dump exam.
If the symbol search path is empty, the CD-ROM
is used for symbols.

-b <Path> Sets the image search path for a dump exam.
If the symbol search path is empty, %SystemRoot%\System32
is used for symbols.

-k <File> Sets the name of the kernel to File.

-h <File> Sets the name of the HAL to File.
Dumpchk displays some basic information from the memory dump file, then verifies all the virtual and physical addresses in the file. If any errors are found in the memory dump file, Dumpchk reports them. The following is an example of the output of a Dumpchk command:


Filename . . . . . . .Memory.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .1057
DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0xffbae000
PsLoadedModuleList . .0x801463d0
PsActiveProcessHead. .0x801462c8
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x80146e1c

NumberOfRuns . . . . .0x3
NumberOfPages. . . . .0x1f5e
Run #1
BasePage . . . . . .0x1
PageCount. . . . . .0x9e
Run #2
BasePage . . . . . .0x100
PageCount. . . . . .0xec0
Run #3
BasePage . . . . . .0x1000
PageCount. . . . . .0x1000


**************
**************--> Validating the integrity of the PsLoadedModuleList
**************

**************
**************--> Performing a complete check (^C to end)
**************
**************
**************--> Validating all physical addresses
**************
**************
**************--> Validating all virtual addresses
**************
**************
**************--> This dump file is good!
**************
If there is an error during any portion of the output, the dump file is corrupted and analysis cannot be performed.


In this example, the most important information (from a debugging standpoint) is the following portion of the Dumpchk output:


MajorVersion . . . . .free system
MinorVersion . . . . .1057
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000
You can use this information to determine what kernel Stop error occurred and, to a certain extent, what version of Windows was in use.
Properties

Article ID: 315271 - Last Review: Sep 23, 2011 - Revision: 1

Microsoft Windows XP Home Edition, Microsoft Windows XP Professional, Microsoft Windows XP Professional x64 Edition, Windows Vista Enterprise 64-bit Edition, Windows Vista Home Basic 64-bit Edition, Windows Vista Home Premium 64-bit Edition, Windows Vista Ultimate 64-bit Edition, Windows 7 Beta, Windows Vista Business, Windows Vista Business 64-bit Edition, Windows Vista Business N, Windows Vista Business N 64-bit Edition, Windows Vista Enterprise, Windows Vista Home Basic, Windows Vista Home Basic N, Windows Vista Home Basic N 64-bit Edition, Windows Vista Home Premium, Windows Vista Ultimate

Feedback