2009 – Revision: 5.3
To continue receiving security
updates for Windows, make sure you’re running Windows XP with Service
Pack 3 (SP3).
For more information, refer to this Microsoft web page: Support
is ending for some versions of Windows(http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs)
On This Page
SUMMARYThis step-by-step article describes how to
examine a small memory dump file. Yo…
examine a small memory dump file. Yo…
Dump Check Utility Download
This step-by-step article describes how to examine a small memory dump
file. You can use this file to determine why your computer has stopped
responding.
One such tool is called dumpchk, a command-line utility you can use to verify and find out what’s been collected during a system crash. It’s part of Windows 7 or 8 debugging tools that you can download from WDK and WinDbg downloads page. First published on TECHNET on Jan 27, 2015 Hello AskPerf! Today’s post is a quick one that points to one of Bob' Golding's Windows Troubleshooting videos. He talks about how to download/run Dumpchk.exe on your dump files to check for corruption. Check it out below: DumpCheck – youtube video D. Related topics DumpChk (the Microsoft Crash Dump File Checker tool) is a program that performs a quick analysis of a crash dump file. This enables you to see summary information about what the dump file contains. If the dump file is corrupt in such a way that it cannot be opened by a debugger, DumpChk reveals this fact.
Small memory dump
files
A small memory dump file records the smallest set of useful information
that may help identify why your computer has stopped unexpectedly. This
option requires a paging file of at least 2 megabytes (MB) on the boot
volume. On computers that are running Microsoft Windows 2000 or later,
Windows create a new file every time your computer stops unexpectedly. A
history of these files is stored in a folder.
This dump file type includes the following information:
- The Stop message and its parameters and other data
- A
list of loaded drivers - The processor context (PRCB) for the
processor that stopped - The process information and kernel
context (EPROCESS) for the process that stopped - The process
information and kernel context (ETHREAD) for the thread that stopped - The
Kernel-mode call stack for the thread that stopped
The small memory dump file can be useful when hard disk space is
limited. However, because of the limited information that is included,
errors that were not directly caused by the thread that was running at
the time of the problem may not be discovered by an analysis of this
file.
If a second problem occurs and if Windows creates a second small memory
dump file, Windows preserves the previous file. Windows gives each file a
distinct, date-encoded file name. For example, Mini022900-01.dmp is the
first memory dump file that was generated on February 29, 2000. Windows
keeps a list of all the small memory dump files in the
%SystemRoot%Minidump folder.
Configure the dump
type
To configure startup and recovery options to use the small memory dump
file, follow these steps.
Note Because there are several
versions of Microsoft Windows, the following steps may be different on
your computer. If they are, see your product documentation to complete
these steps.
- Click Start, point to Settings, and then click Control
Panel. - Double-click System.
- Click
the Advanced tab, and then click Settings under Startup
and Recovery. - In the Write
debugging information list, click Small
memory dump (64k).To change the folder location for the small memory dump files, type a
new path in the Dump File box (or in the
Small dump directory box, depending on
your version of Windows).
Tools to read the
small memory dump file
You can load small memory dump files by using the Dump Check Utility
(Dumpchk.exe). You can also use Dumpchk.exe to verify that a memory dump
file has been created correctly. The Dump Check Utility does not
require access to debugging symbols. The Dump Check Utility is included
with the Microsoft Windows 2000 Support Tools and the Microsoft Windows
XP Support Tools.
For additional information about how to use the Dump Check Utility in
Windows 2000 and in Windows NT, click the following article number to
view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/156280/
)
How to use Dumpchk.exe to check a memory dump file
For additional information about how to use the Dump Check Utility in
Windows XP, click the following article number to view the article in
the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/315271/
)
How to use Dumpchk.exe to check a memory dump file
Note The Dump Check Utility is not included in the
Microsoft Windows Server 2003 Support Tools. To obtain the Dump Check
Utility if you are using Microsoft Windows Server 2003, download and
install the Debugging Tools for Windows package from the following
Microsoft Web site:
(http://www.microsoft.com/whdc/devtools/debugging/default.mspx)
You can also read
small memory dump files by using the WinDbg tool or the KD.exe tool.
WinDbg and KD.exe are included with the latest version of the Debugging
Tools for Windows package.
This Web page also provides access to the
downloadable symbol packages for Windows. To use the resources, create a
folder on the disk drive where the downloaded local symbols or the
symbol cache for symbol server use will reside. For example, use
C:Symbols. You can use the following symbol path with all the
commands that are described in this article:
If you download the symbols to a local folder, use the path of that
folder as your symbol path.
For more information about the dump file options in Windows, click the
following article number to view the article in the Microsoft Knowledge
Base:
Microsoft Debugging Tools
(http://support.microsoft.com/kb/254649/
)
Overview of memory dump file options for Windows Server 2003, Windows
XP, and Windows 2000
Install the
debugging tools
To download and install the Windows debugging tools, visit the following
Microsoft Web site:
(http://www.microsoft.com/whdc/devtools/debugging/default.mspx)
Select the Typical installation. By default, the installer installs the
debugging tools in the following folder:
Open the dump file
To open the dump file after the installation is complete, follow these
steps:
- Click Start, click Run, type cmd,
and then click OK. - Change to the
Debugging Tools for Windows folder.To do this, type the following at the command prompt, and then press
ENTER: - To load the dump file into a debugger, type one of the following
commands, and then press ENTER:windbg -y SymbolPath -i ImagePath
-z DumpFilePath
The following table explains the use of the placeholders that are used
in these commands.
| Placeholder | Explanation |
|---|---|
| SymbolPath | Either the local path where the symbol files have been downloaded or the symbol server path, including a cache folder. Because a small memory dump file contains limited information, the actual binary files must be loaded together with the symbols for the dump file to be correctly read. |
| ImagePath | The path of these files. The files are contained in the I386 folder on the Windows XP CD-ROM. For example, the path may be C:WindowsI386. |
| DumpFilePath | The path and file name for the dump file that you are examining. |
Sample Commands
You can use the following sample commands to open the dump file. These
commands assume the following:
- The contents of the I386 folder on the Windows CD-ROM are copied
to the C:WindowsI386 folder. - Your dump file is named
C:WindowsMinidumpMinidump.dmp.
Sample 1:
srv*c:symbols*http://msdl.microsoft.com/download/symbols -i
c:windowsi386 -z c:windowsminidumpminidump.dmp
Sample 2. If you prefer the graphical version of the debugger instead of
the command line version, type the following command instead:
srv*c:symbols*http://msdl.microsoft.com/download/symbols -i
c:windowsi386 -z c:windowsminidumpminidump.dmp
Examine the dump
file
There are several commands that you can use to gather information in the
dump file, including the following commands:
- The !analyze -show command
displays the Stop error code and its parameters. The Stop error code is
also known as the bug check code. - The !analyze -v
command displays verbose output. - The lm N T command
lists the specified loaded modules. The output includes the status and
the path of the module.
Note The !drivers
extension command displays a list of all drivers that are loaded on the
destination computer, together with summary information about their
memory use. The !drivers extension is obsolete in Windows XP and
later. To display information about loaded drivers and other modules,
use the lm command. The lm N T command displays
information in a format that is similar to the old !drivers
extension.
For help with other commands and for complete command syntax, see the
debugging tools Help documentation. The debugging tools Help
documentation can be found in the following location:
WindowsDebugger.chm
Note If you have symbol-related issues,
use the Symchk utility to verify that the correct symbols are loaded
correctly.
For additional information about using Symchk, click the following
article number to view the article in the Microsoft Knowledge Base:
311503
(http://support.microsoft.com/kb/311503/
)
Use the Microsoft Symbol Server to obtain debug symbol files
Simplify the commands by using a batch file
After you identify the command that you must have to load memory dumps,
you can create a batch file to examine a dump file. For example, create a
batch file and name it Dump.bat. Save it in the folder where the
debugging tools are installed. Type the following text in the batch
file:
filesdebugging tools for windows'
kd -y srv*c:symbols*http://msdl.microsoft.com/download/symbols -i
c:windowsi386 -z %1
When you want to examine a dump file, type the following command to pass
the dump file path to the batch file: