How to read the small memory dump file that is created by Windows if a crash occurs
If you are looking for debug information for Windows 8 or later, please check http://msdn.microsoft.com/en-US/library/windows/hardware/ff551063(v=vs.85).aspx
For more information about small memory dump, please check http://msdn.microsoft.com/en-us/library/windows/hardware/ff556895(v=vs.85).aspx
Small memory dump files
If your computer crashes, how can you find out what happened, fix the issue and it prevent it from happening again? You may find the small memory dump file useful in this situation. The small memory dump file contains the smallest amount of useful information that could help you identify why your computer crashed. The memory dump file contains the following information:
- The Stop message, its parameters and other data
- A list of loaded drivers
- The processor context (PRCB) for the processor that stopped
- The process information and kernel context (EPROCESS) for the process that stopped
- The process information and kernel context (ETHREAD) for the thread that stopped
- The Kernel-mode call stack for the thread that stopped
The small memory dump file can be useful when hard disk space is limited. However, because of the limited information that is included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this file.
Configure the dump type
To configure startup and recovery options to use the small memory dump file, follow these steps.
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
- Click Start, and then click Control Panel.
- Double-click System, and then click Advanced system settings.
- Click the Advanced tab, and then click Settings under Startup and Recovery.
- In the Write debugging information list, click Small memory dump (64k).
To change the folder location for the small memory dump files, type a new path in the Dump File box (or in the Small dump directory box, depending on your version of Windows).
Tools to read the small memory dump file
Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file has been created correctly.
Note: The Dump Check Utility does not require access to debugging symbols. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process.
For more information about how to use Dump Check Utility in Windows NT, Windows 2000, Windows Server 2003 or Windows Server 2008, see Microsoft Knowledge Base article 156280: How to Use Dumpchk.exe to check a memory dump file.
For more information about how to use Dump Check Utility in Windows XP, Windows Vista or Windows 7, see Microsoft Knowledge Base article 315271: How to use Dumpchk.exe to check a Memory Dump file.
Or, you can use the Windows Debugger (WinDbg.exe) tool or the Kernel Debugger (KD.exe) tool to read small memory dump files. WinDbg and KD.exe are included with the latest version of the Debugging Tools for Windows package.
To install the debugging tools, see the Download and Install Debugging Tools for Windows webpage. Select the Typical installation. By default, the installer installs the debugging tools in the following folder: C:\Program Files\Debugging Tools for Windows
This Web page also provides access to the downloadable symbol packages for Windows. For more information about Windows symbols, see Microsoft Knowledge Base article 311503: Use the Microsoft Symbol Server to obtain debug symbol files311503: Use the Microsoft Symbol Server to obtain debug symbol files, and the Download Windows Symbol Packages webpage.
For more information about dump file options in Windows, see Microsoft Knowledge Base article 254649: Overview of memory dump file options for Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Open the dump file
To open the dump file after the installation is complete, follow these steps:
- Click Start, click Run, type cmd, and then click OK.
- Change to the Debugging Tools for Windows folder.To do this, type the following at the command prompt, and then press ENTER:cd c:\program files\debugging tools for windows
- To load the dump file into a debugger, type one of the following commands, and then press ENTER:windbg -y SymbolPath -i ImagePath -z DumpFilePathkd -y SymbolPath -i ImagePath -z DumpFilePath
|SymbolPath||Either the local path where the symbol files have been downloaded or the symbol server path, including a cache folder. Because a small memory dump file contains limited information, the actual binary files must be loaded together with the symbols for the dump file to be correctly read.|
|ImagePath||The path of these files. The files are contained in the I386 folder on the Windows XP CD-ROM. For example, the path may be C:\Windows\I386.|
|DumpFilePath||The path and file name for the dump file that you are examining.|
You can use the following sample commands to open the dump file. These commands assume the following:
- The contents of the I386 folder on the Windows CD-ROM are copied to the C:\Windows\I386 folder.
- Your dump file is named C:\Windows\Minidump\Minidump.dmp.
Examine the dump file
There are several commands that you can use to gather information in the dump file, including the following commands:
- The !analyze -show command displays the Stop error code and its parameters. The Stop error code is also known as the bug check code.
- The !analyze -v command displays verbose output.
- The lm N T command lists the specified loaded modules. The output includes the status and the path of the module.
For help with other commands and for complete command syntax, see the debugging tools Help documentation. The debugging tools Help documentation can be found in the following location:
Simplify the commands by using a batch file
After you identify the command that you must have to load memory dumps, you can create a batch file to examine a dump file. For example, create a batch file and name it Dump.bat. Save it in the folder where the debugging tools are installed. Type the following text in the batch file:
kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z %1
Article ID: 315263 - Last Review: 04/23/2015 08:18:00 - Revision: 12.1
- kbhowto kbenv kbinfo KB315263