How to read the small retentiveness dump file that is created past Windows if a crash occurs

  • Article
  • half-dozen minutes to read

This article describes how to examine a modest retention dump file. A small-scale memory dump file tin can help you decide why your reckoner crashed.

Applies to: Windows 10 - all editions, Windows Server 2012 R2
Original KB number: 315263

Modest memory dump files

If your estimator crashes, how can yous find out what happened, gear up the result and it prevent it from happening again? Y'all may detect the small retention dump file useful in this situation. The small memory dump file contains the smallest amount of useful information that could help y'all identify why your reckoner crashed. The retention dump file contains the post-obit information:

  • The Stop bulletin, its parameters, and other data
  • A list of loaded drivers
  • The processor context (PRCB) for the processor that stopped
  • The process information and kernel context (EPROCESS) for the procedure that stopped
  • The process information and kernel context (ETHREAD) for the thread that stopped
  • The Kernel-mode call stack for the thread that stopped

To create a retention dump file, Windows requires a paging file on the boot volume that is at to the lowest degree 2 megabytes (MB) in size. On computers that are running Microsoft Windows 2000, or a later version of Windows, a new retentivity dump file is created each time that a computer crash may occur. A history of these files is stored in a folder. If a second trouble occurs and if Windows creates a second small retentivity dump file, Windows preserves the previous file. Windows gives each file a distinct, date-encoded file proper name. For example, Mini022900-01.dmp is the first retentivity dump file that was generated on Feb 29, 2000. Windows keeps a listing of all the small-scale memory dump files in the %SystemRoot%\Minidump folder.

The pocket-size retentivity dump file can be useful when difficult disk space is limited. However, because of the limited data that is included, errors that were not directly acquired by the thread that was running at the fourth dimension of the trouble may not be discovered by an analysis of this file.

Configure the dump type

To configure startup and recovery options to use the small memory dump file, follow these steps.

Annotation

Considering there are several versions of Microsoft Windows, the following steps may be unlike on your calculator. If they are, run across your product documentation to complete these steps.

  1. Click Start, and so click Control Panel.

  2. Double-click System, and so click Advanced system settings.

  3. Click the Advanced tab, so click Settings under Startup and Recovery.

  4. In the Write debugging information list, click Small memory dump (256k).

    Screenshot of the Small memory dump (256k) option in the Write debugging information list in the Startup and Recovery window.

To alter the folder location for the small memory dump files, type a new path in the Dump File box or in the Minor dump directory box, depending on your version of Windows).

Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file has been created correctly.

Note

The Dump Cheque Utility does not crave access to debugging symbols. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging procedure.

For more information about how to utilise Dump Check Utility in Windows NT, Windows 2000, Windows Server 2003 or Windows Server 2008, see Microsoft Cognition Base article 156280: How to Use Dumpchk.exe to check a memory dump file.

For more than information well-nigh how to use Dump Check Utility in Windows XP, Windows Vista or Windows 7, run into Microsoft Knowledge Base article 315271: How to use Dumpchk.exe to check a Memory Dump file.

Or, yous tin use the Windows Debugger (WinDbg.exe) tool or the Kernel Debugger (KD.exe) tool to read small-scale memory dump files. WinDbg and KD.exe are included with the latest version of the Debugging Tools for Windows parcel.

To install the debugging tools, see the Download and Install Debugging Tools for Windows webpage. Select the Typical installation. By default, the installer installs the debugging tools in the following folder:

C:\Program Files\Debugging Tools for Windows

This Web page also provides access to the downloadable symbol packages for Windows. For more than information well-nigh Windows symbols, see Debugging with Symbols, and the Download Windows Symbol Packages webpage.

For more information about dump file options in Windows, see Overview of memory dump file options for Windows.

Open the dump file

To open the dump file later on the installation is complete, follow these steps:

  1. Click Offset, click Run, type cmd, and so click OK.

  2. Modify to the Debugging Tools for Windows folder. To do this, type the following at the command prompt, so printing ENTER:

                      cd c:\programme files\debugging tools for windows

  3. To load the dump file into a debugger, type 1 of the following commands, and then press ENTER:

                      windbg -y SymbolPath -i ImagePath -z DumpFilePath

    or

                      kd -y SymbolPath -i ImagePat -z *DumpFilePath

The following table explains the utilize of the placeholders that are used in these commands.

Placeholder Explanation
SymbolPath Either the local path where the symbol files have been downloaded or the symbol server path, including a cache folder. Because a small memory dump file contains express data, the bodily binary files must be loaded together with the symbols for the dump file to be correctly read.
ImagePath The path of these files. The files are independent in the I386 binder on the Windows XP CD-ROM. For example, the path may be C:\Windows\I386.
DumpFilePath The path and file proper name for the dump file that you are examining.

Sample commands

You lot can use the following sample commands to open the dump file. These commands assume the following:

  • The contents of the I386 folder on the Windows CD-ROM are copied to the C:\Windows\I386 folder.
  • Your dump file is named C:\Windows\Minidump\Minidump.dmp.

Sample 1:

              kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Sample two. If you adopt the graphical version of the debugger instead of the control-line version, blazon the following control instead:

              windbg -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Examine the dump file

At that place are several commands that you can apply to get together information in the dump file, including the following commands:

  • The !analyze -show command displays the Stop mistake code and its parameters. The Stop fault code is as well known as the bug check code.
  • The !analyze -five command displays verbose output.
  • The lm N T command lists the specified loaded modules. The output includes the status and the path of the module.

Note

The !drivers extension command displays a listing of all drivers that are loaded on the destination computer, together with summary information about their memory apply. The !drivers extension is obsolete in Windows XP and later. To display information about loaded drivers and other modules, utilise the lm command. The lm N T command displays information in a format that is similar to the old !drivers extension.

For help with other commands and for complete command syntax, see the debugging tools Help documentation. The debugging tools Help documentation can be constitute in the following location:

C:\Program Files\Debugging Tools for Windows\Debugger.chm

Note

If you have symbol-related issues, use the Symchk utility to verify that the correct symbols are loaded correctly. For more information about how to use Symchk, see Debugging with Symbols.

Simplify the commands past using a batch file

Later you identify the command that yous must have to load memory dumps, you tin can create a batch file to examine a dump file. For example, create a batch file and name it Dump.bat. Salve information technology in the folder where the debugging tools are installed. Blazon the following text in the batch file:

              cd "c:\plan files\debugging tools for windows"  kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z %1

When you lot want to examine a dump file, type the following command to pass the dump file path to the batch file:

              dump c:\windows\minidump\minidump.dmp