How to read the small memory dump file that is created by Windows if a crash occurs

Summary

This step-by-step article describes how to examine a small memory dump file. A small memory dump file can help you determine why your computer crashed. 

If you are looking for debug information for Windows 8 or later, please check http://msdn.microsoft.com/en-US/library/windows/hardware/ff551063(v=vs.85).aspx

For more information about small memory dump, please check http://msdn.microsoft.com/en-us/library/windows/hardware/ff556895(v=vs.85).aspx

Small memory dump files

Click here to show/hide information
For more information about dump file options in Windows, see Microsoft Knowledge Base article 254649: Overview of memory dump file options for Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 

Open the dump file

Click here to show/hide information
 

To open the dump file after the installation is complete, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. Change to the Debugging Tools for Windows folder. To do this, type the following at the command prompt, and then press ENTER:
    cd c:\program files\debugging tools for windows
  3. To load the dump file into a debugger, type one of the following commands, and then press ENTER:
    windbg -y SymbolPath -i ImagePath -z DumpFilePath
    kd -y SymbolPath -i ImagePath -z DumpFilePath
The following table explains the use of the placeholders that are used in these commands.
PlaceholderExplanation
SymbolPathEither the local path where the symbol files have been downloaded or the symbol server path, including a cache folder. Because a small memory dump file contains limited information, the actual binary files must be loaded together with the symbols for the dump file to be correctly read.
ImagePathThe path of these files. The files are contained in the I386 folder on the Windows XP CD-ROM. For example, the path may be C:\Windows\I386.
DumpFilePathThe path and file name for the dump file that you are examining.

Sample Commands

Click here to show/hide information
 

You can use the following sample commands to open the dump file. These commands assume the following: 
  • The contents of the I386 folder on the Windows CD-ROM are copied to the C:\Windows\I386 folder.
  • Your dump file is named C:\Windows\Minidump\Minidump.dmp.
Sample 1:

kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Sample 2. If you prefer the graphical version of the debugger instead of the command line version, type the following command instead:

windbg -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Examine the dump file

Click here to show/hide information
 

There are several commands that you can use to gather information in the dump file, including the following commands: 
  • The !analyze -show command displays the Stop error code and its parameters. The Stop error code is also known as the bug check code.
  • The !analyze -v command displays verbose output.
  • The lm N T command lists the specified loaded modules. The output includes the status and the path of the module.
Note The !drivers extension command displays a list of all drivers that are loaded on the destination computer, together with summary information about their memory use. The !drivers extension is obsolete in Windows XP and later. To display information about loaded drivers and other modules, use the lm command. The lm N T command displays information in a format that is similar to the old !drivers extension.

For help with other commands and for complete command syntax, see the debugging tools Help documentation. The debugging tools Help documentation can be found in the following location:
C:\Program Files\Debugging Tools for Windows\Debugger.chm
Note If you have symbol-related issues, use the Symchk utility to verify that the correct symbols are loaded correctly.For more information about how to use Symchk, see Microsoft Knowledge Base article 311503: Use the Microsoft Symbol Server to obtain debug symbol files.

Simplify the commands by using a batch file

Click here to show/hide information
 

After you identify the command that you must have to load memory dumps, you can create a batch file to examine a dump file. For example, create a batch file and name it Dump.bat. Save it in the folder where the debugging tools are installed. Type the following text in the batch file: 
cd "c:\program files\debugging tools for windows"

kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z %1


When you want to examine a dump file, type the following command to pass the dump file path to the batch file:
dump c:\windows\minidump\minidump.dmp
Proprietăți

ID articol: 315263 - Ultima examinare: 23 apr. 2015 - Revizie: 1

Feedback