- Windows Internals, Part 2: Covering Windows Server 2008 R2 and Windows 7 (6th Edition) Windows Internals, Part 1: System architecture, processes, threads, memory management, and more (7th Edition) Debugging Microsoft.NET 2.0 Applications. Writing High-Performance.NET Code. Advanced.NET Debugging. Advanced Windows RT Memory Dump Analysis, ARM.
- Mar 11, 2014 I've got a Server 2012 R2 physical box running as a Hyper-V 2012 R2 Host. Yesterday I logged into it and saw the prompt to enter the reason why the machine unexpectedly restarted. Back on Server 08 R2 I could use dumpchk.exe or a bluescreen utility that would help isolate the reason for the unexpected restart.
- See full list on docs.microsoft.com.
Aug 01, 2016 Hi Mussa, Your original PowerShell statement is on the right track, however, you need to understand that disk space won't be reclaimed unless you also use the '-Remove' parameter.
-->This article describes how to examine a small memory dump file. A small memory dump file can help you determine why your computer crashed.
Original product version: Windows 10 - all editions, Windows Server 2012 R2
Original KB number: 315263
Note
If you are looking for debug information for Windows 8 or later, please check Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).For more information about small memory dump, please check Small Memory Dump.
Small memory dump files
If your computer crashes, how can you find out what happened, fix the issue and it prevent it from happening again? You may find the small memory dump file useful in this situation. The small memory dump file contains the smallest amount of useful information that could help you identify why your computer crashed. The memory dump file contains the following information:
- The Stop message, its parameters, and other data
- A list of loaded drivers
- The processor context (PRCB) for the processor that stopped
- The process information and kernel context (EPROCESS) for the process that stopped
- The process information and kernel context (ETHREAD) for the thread that stopped
- The Kernel-mode call stack for the thread that stopped
To create a memory dump file, Windows requires a paging file on the boot volume that is at least 2 megabytes (MB) in size. On computers that are running Microsoft Windows 2000, or a later version of Windows, a new memory dump file is created each time that a computer crash may occur. A history of these files is stored in a folder. If a second problem occurs and if Windows creates a second small memory dump file, Windows preserves the previous file. Windows gives each file a distinct, date-encoded file name. For example, Mini022900-01.dmp is the first memory dump file that was generated on February 29, 2000. Windows keeps a list of all the small memory dump files in the %SystemRoot%Minidump
folder.
The small memory dump file can be useful when hard disk space is limited. However, because of the limited information that is included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this file.
Configure the dump type
To configure startup and recovery options to use the small memory dump file, follow these steps.
Note
Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
Click Start, and then click Control Panel.
Double-click System, and then click Advanced system settings.
Click the Advanced tab, and then click Settings under Startup and Recovery.
In the Write debugging information list, click Small memory dump (64k).
To change the folder location for the small memory dump files, type a new path in the Dump File box or in the Small dump directory box, depending on your version of Windows).
Tools to read the small memory dump file
Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file has been created correctly.
Note
The Dump Check Utility does not require access to debugging symbols. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process.
For more information about how to use Dump Check Utility in Windows NT, Windows 2000, Windows Server 2003 or Windows Server 2008, see Microsoft Knowledge Base article 156280: How to Use Dumpchk.exe to check a memory dump file.
For more information about how to use Dump Check Utility in Windows XP, Windows Vista or Windows 7, see Microsoft Knowledge Base article 315271: How to use Dumpchk.exe to check a Memory Dump file.
Or, you can use the Windows Debugger (WinDbg.exe) tool or the Kernel Debugger (KD.exe) tool to read small memory dump files. WinDbg and KD.exe are included with the latest version of the Debugging Tools for Windows package.
To install the debugging tools, see the Download and Install Debugging Tools for Windows webpage. Select the Typical installation. By default, the installer installs the debugging tools in the following folder:
C:Program FilesDebugging Tools for Windows
This Web page also provides access to the downloadable symbol packages for Windows. For more information about Windows symbols, see Debugging with Symbols, and the Download Windows Symbol Packages webpage.
For more information about dump file options in Windows, see Overview of memory dump file options for Windows.
Open the dump file
To open the dump file after the installation is complete, follow these steps:
Click Start, click Run, type
cmd
, and then click OK.Change to the Debugging Tools for Windows folder. To do this, type the following at the command prompt, and then press ENTER:
To load the dump file into a debugger, type one of the following commands, and then press ENTER:
or
The following table explains the use of the placeholders that are used in these commands.
Placeholder | Explanation |
---|---|
SymbolPath | Either the local path where the symbol files have been downloaded or the symbol server path, including a cache folder. Because a small memory dump file contains limited information, the actual binary files must be loaded together with the symbols for the dump file to be correctly read. |
ImagePath | The path of these files. The files are contained in the I386 folder on the Windows XP CD-ROM. For example, the path may be C:WindowsI386 . |
DumpFilePath | The path and file name for the dump file that you are examining. |
Sample commands
You can use the following sample commands to open the dump file. These commands assume the following:
- The contents of the I386 folder on the Windows CD-ROM are copied to the
C:WindowsI386
folder. - Your dump file is named
C:WindowsMinidumpMinidump.dmp
.
Sample 1:
Sample 2. If you prefer the graphical version of the debugger instead of the command-line version, type the following command instead:
Examine the dump file
There are several commands that you can use to gather information in the dump file, including the following commands:
- The
!analyze -show
command displays the Stop error code and its parameters. The Stop error code is also known as the bug check code. - The
!analyze -v
command displays verbose output. - The
lm N T
command lists the specified loaded modules. The output includes the status and the path of the module.
Note
The !drivers extension command displays a list of all drivers that are loaded on the destination computer, together with summary information about their memory use. The !drivers extension is obsolete in Windows XP and later. To display information about loaded drivers and other modules, use the lm
command. The lm N T
command displays information in a format that is similar to the old !drivers extension.
For help with other commands and for complete command syntax, see the debugging tools Help documentation. The debugging tools Help documentation can be found in the following location:
C:Program FilesDebugging Tools for WindowsDebugger.chm
Note
If you have symbol-related issues, use the Symchk utility to verify that the correct symbols are loaded correctly. For more information about how to use Symchk, see Debugging with Symbols.
Simplify the commands by using a batch file
After you identify the command that you must have to load memory dumps, you can create a batch file to examine a dump file. For example, create a batch file and name it Dump.bat. Save it in the folder where the debugging tools are installed. Type the following text in the batch file:
Dumpchk.exe Windows Server 2012
When you want to examine a dump file, type the following command to pass the dump file path to the batch file:
-->This article describes how to check a memory dump file by using Dumpchk.
Original product version: Windows 10 - all editions, Windows Server 2012 R2
Original KB number: 156280
Note
For a Microsoft Windows XP version of this article, see 315271.
Summary
Dumpchk is a command-line utility you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.
Dumpchk is located in the following locations:
Marvel's Avengers Assemble Season 4 Hindi Dubbed Episodes Download/Watch Online Dubbed By Disney XD Series Info. Name: Marvel's Avengers Assemble Release Year: 2017 Quality: 720p Language: Hindi Size: 720P – 250MB Synopsis: After defeating world-shattering threats like Ultron and Thanos, the Avengers have less reason to come back together to fight smaller villains as a team. Avengers Assemble Hindi Episodes List. Episode 1 – The Avengers Protocol Part 1. Episode 2 – The Avengers Protocol Part 2 (English) Episode 3 – Ghost of a Chance. Episode 4 – The Serpent of Doom. Episode 5 – Blood Feud. Episode 6 – Super-Adaptoid. Avengers Cartoon In Hindi Full Episodes Download Avengers Assemble Season 2 Hindi Dubbed Episodes Download. Marvel Avengers Hindi Season 3 Episode 22 In Hindi. Avengers Assemble Season 4 Secret Wars Hindi Dubbed. Avengers Endgame Full Movie Leaked By Tamilrockers Before. Avengers assemble cartoon full episodes in hindi.
Windows NT 4.0 CD-ROM: SupportDebugDumpchk.exe
Windows 2000 CD-ROM: Install the Support Tools by running Setup.exe from the SupportTools folder on the CD-ROM. By default, Dumpchk.exe is installed to the Program FilesSupport Tools folder.
Windows 8 Server
Dumpchk command-line switches
Dumpchk has the following command-line switches:
DUMPCHK [options]
-? Display the command syntax.
-p Prints the header only (with no validation).
-v Specifies verbose mode.
-q Performs a quick test. Not available in the Windows 2000.
Additional switches that are only available in Windows 2000 Dumpchk.exe version:
C:Program FilesDebugging Tools for WindowsDebugger.chm
Note
If you have symbol-related issues, use the Symchk utility to verify that the correct symbols are loaded correctly. For more information about how to use Symchk, see Debugging with Symbols.
Simplify the commands by using a batch file
After you identify the command that you must have to load memory dumps, you can create a batch file to examine a dump file. For example, create a batch file and name it Dump.bat. Save it in the folder where the debugging tools are installed. Type the following text in the batch file:
Dumpchk.exe Windows Server 2012
When you want to examine a dump file, type the following command to pass the dump file path to the batch file:
-->This article describes how to check a memory dump file by using Dumpchk.
Original product version: Windows 10 - all editions, Windows Server 2012 R2
Original KB number: 156280
Note
For a Microsoft Windows XP version of this article, see 315271.
Summary
Dumpchk is a command-line utility you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.
Dumpchk is located in the following locations:
Marvel's Avengers Assemble Season 4 Hindi Dubbed Episodes Download/Watch Online Dubbed By Disney XD Series Info. Name: Marvel's Avengers Assemble Release Year: 2017 Quality: 720p Language: Hindi Size: 720P – 250MB Synopsis: After defeating world-shattering threats like Ultron and Thanos, the Avengers have less reason to come back together to fight smaller villains as a team. Avengers Assemble Hindi Episodes List. Episode 1 – The Avengers Protocol Part 1. Episode 2 – The Avengers Protocol Part 2 (English) Episode 3 – Ghost of a Chance. Episode 4 – The Serpent of Doom. Episode 5 – Blood Feud. Episode 6 – Super-Adaptoid. Avengers Cartoon In Hindi Full Episodes Download Avengers Assemble Season 2 Hindi Dubbed Episodes Download. Marvel Avengers Hindi Season 3 Episode 22 In Hindi. Avengers Assemble Season 4 Secret Wars Hindi Dubbed. Avengers Endgame Full Movie Leaked By Tamilrockers Before. Avengers assemble cartoon full episodes in hindi.
Windows NT 4.0 CD-ROM: SupportDebugDumpchk.exe
Windows 2000 CD-ROM: Install the Support Tools by running Setup.exe from the SupportTools folder on the CD-ROM. By default, Dumpchk.exe is installed to the Program FilesSupport Tools folder.
Windows 8 Server
Dumpchk command-line switches
Dumpchk has the following command-line switches:
DUMPCHK [options]
-? Display the command syntax.
-p Prints the header only (with no validation).
-v Specifies verbose mode.
-q Performs a quick test. Not available in the Windows 2000.
Additional switches that are only available in Windows 2000 Dumpchk.exe version:
-c Do dump validation.
-x Extra file validation. Takes several minutes.
-e Do dump exam.
-y Set the symbol search path for dump exam.
- If the symbol search path is empty, the CD-ROM
- is used for symbols.
-b Set the image search path for dump exam.
- If the symbol search path is empty, system32
- is used for symbols.
-k Set the name of the kernel to File.
-h Set the name of the hal to File.
Dumpchk displays some basic information from the memory dump file, then verifies all the virtual and physical addresses in the file. If any errors are found in the memory dump file, Dumpchk reports them. The following is an example of the output of a Dumpchk command:
Filename . . . . . . .memory.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .1057
DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0xffbae000
PsLoadedModuleList . .0x801463d0
PsActiveProcessHead. .0x801462c8
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000
ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x80146e1c
NumberOfRuns . . . . .0x3
NumberOfPages. . . . .0x1f5e
Run #1
BasePage . . . . . .0x1
PageCount. . . . . .0x9e
Run #2
BasePage . . . . . .0x100
PageCount. . . . . .0xec0
Run #3
BasePage . . . . . .0x1000
PageCount. . . . . .0x1000
**************--> Validating the integrity of the PsLoadedModuleList
**************--> Performing a complete check (^C to end)
**************--> Validating all physical addresses
**************--> Validating all virtual addresses
**************--> This dump file is good!
Dumpchk Windows Server 2012 Download
If there is an error during any portion of the output displayed above, the dump file is corrupted and analysis cannot be performed.
In this example, the most important information (from a debugging standpoint) is the following:
MajorVersion . . . . .free system
MinorVersion . . . . .1057
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000
This information can be used to determine what Kernel STOP Error occurred and, to a certain extent, what version of Windows was in use.
Dumpchk Path
The information in this article is from the Windows NT Resource Kit. For more information on Dumpchk.exe and other debugging utilities, see Appendix A in the Windows NT 3.51 Resource Kit Update and Update 2.