Useful Tips

Open DMP memory dumps

Pin
Send
Share
Send
Send


In the event of a critical error, the system stops its work, displays a blue screen of death (BSOD), information about the error and the contents of the memory are saved in the page file. At the subsequent system boot, on the basis of the saved data, an emergency dump is created with debugging information. A critical error record is created in the system event log.

If a critical error occurred at an early stage of system boot, or as a result of an error a disk subsystem failed, the crash dump will not be saved.

The crash dump can be analyzed using the BlueScreenView utility or the WinDbg (Debugging Tools for Windows) system debugger.

BlueScreenView utility crash dump analysis

The simplest tool for analyzing crash dumps is NirSoft's BlueScreenView utility.

BlueScreenView scans the folder with minidumps and displays information on found faults.

For each failure, the date, error data, and the driver that allegedly caused the failure are displayed.

At the bottom of the window, a list of drivers loaded in the system is displayed. The modules that were accessed at the time of the failure are highlighted in color, they should be given special attention, they can be the cause of the failure.

By double-clicking additional information is displayed.

DMP Opening Options

The DMP extension is reserved for memory dump files: snapshots of the RAM status at a certain point in the operation of a system or a separate application, which developers need for subsequent debugging. This format is used by hundreds of types of software, and it is impossible to consider all of them in the scope of this article. The most common type of DMP document is the so-called small memory dump, where the details of a system crash are recorded, which led to the appearance of a blue screen of death, therefore we will focus on it.

Method 1: BlueScreenView

A small free utility from an enthusiastic developer whose main function is to provide the ability to view DMP files. Does not need to be installed on a computer - just unzip the archive to any suitable place.

  1. To open a separate file, click on the button with the program icon on the toolbar.

In the window "Advanced Options" check box “Load a single Minidump File” and press "Browse".

Via "Explorer" browse to the folder with the DMP file, select it and press "Open".

Upon returning to the window "Advanced Options" click "OK".

The BlueScreenView utility is designed for advanced users, because its interface may seem complicated for a beginner. In addition, it is available only in English.

Installing Debugging Tools for Windows (WinDbg)

Microsoft distributes WinDbg only as part of the SDK, you can download the web installer on the download page of the development center.

SDK installation is not required to analyze crash dumps. Download Debugging Tools for Windows (WinDbg) as a separate package here or here.

Download and install WinDbg for your version of Windows. The version for Windows 7 also works in Windows XP and in Windows Vista.

Windows 10 requires WinDbg version 10.0.10586.567. Download the Isolated SDK for Windows 10. The web installer will load. When installing, disable all components except the debugger.

After installation, adjust the shortcut to start WinDbg. In the properties of the shortcut, set the launch flag as administrator. Also, as the working folder, set:% SystemRoot% Minidump.

Setting Debugging Symbols

Debug symbols contain symbolic function names from source code. They are needed to decrypt and interpret the crash dump.

When you start WinDbg for the first time, you must specify the path to the debugging symbols. To do this, open the File menu, Symbol File Path, or use the combination Ctrl + S.

On the next line, enable the download of debugging symbols from the network, set the local path for saving files and the address for downloading from the Internet:

If the system is not connected to the Internet, the character installation package can be pre-downloaded on the Windows Symbol Pack download page of the Microsoft Development Center.

Crash dump analysis

In the menu, select File, Open Crash Dump, or press Ctrl + D.

Specify the path to the dump% SystemRoot% MEMORY.DMP or% SystemRoot% Minidump file.dmp.

Downloading debugging symbols from the Internet may take some time.

To get detailed information, execute the command:

The debugger will prompt you to execute it, just hover over the link and click.

As a result, we obtain the following conclusion:

Getting information about a problem driver

If it was possible to find the driver in which the error occurred, the driver name will be displayed in the MODULE_NAME and IMAGE_NAME fields.

To get the path to the file and other information, click on the link to the module:

If the full path to the driver is not specified, the default folder is% SystemRoot% system32 drivers.

We find the specified file, and study its properties.

Updating the problem driver.

Drive Diagnostics

In case of disk subsystem errors, an emergency dump may not be saved.

To eliminate disk problems, we check the system event log for read and write errors on the disk.

We check the S.M.A.R.T parameters of the hard drive, you can get them, for example, using the SpeedFan program.

We pay special attention to the parameters: "Current Pending Sector Count" and "Uncorrectable Sector Count", non-zero values ​​of these parameters indicate a disk malfunction.

Non-zero value of the parameter: "UltraDMA CRC Error Count", signals a problem with the SATA cable.

Read more about S.M.A.R.T. read in the Wikipedia article.

Diagnostics of memory malfunctions

Memory problems can often cause a wide variety of glitches, including various blue screens, freezes, program crash, registry corruption, damage to the file system and data.

You can identify memory problems using the Memtest86 + utility.

We load the image by reference, write to the disk, boot from the disk, the test starts.

Starting with Windows Vista, the system has its own memory test. To start it, click "Start," in the search bar, type "of memory", select" Windows Memory Diagnostic Tool. "

Memory problems in some cases can be fixed by updating the BIOS.

Method 2: Microsoft Debugging Tools for Windows

A debugging tool called Debugging Tools for Windows is distributed as part of the Windows SDK development environment. An application designed for developers is able to open DMP files as well.

  1. To save space, you can select only Debugging Tools for Windows, by checking the corresponding item during the component loading process.

You can run the utility through "Start". To do this, open "All programs"select Windows Kits, and then - Debugging Tools for Windows.

To start the program, use the shortcut "WinDbg".

Attention! To open DMP files, use only the x64 or x86 versions of the debugger!

  • Due to the nature of the utility, downloading and reading the contents of a DMP file may take some time, so be patient. At the end of the process, the document will be opened for viewing in a separate window.
  • The Debugging Tools for Windows utility is even more complex than BlueScreenView, and also does not have Russian localization, but it provides more detailed and accurate information.

    Remote dump analysis, i.e. on the remote computer:

    Very convenient for admins!

    If you have full access to administrator resources on a remote machine (you can open, for example: computer_name C $), then you can also view the failures of other computers on the network remotely. In order to do this, simply go to the “Advanced Settings” section (Ctrl + O) and specify the folder with the Minidumps of the remote computer, for example: MyCompC $ WindowsMinidump. Or, as an option, copy minidumps from a remote computer to yourself.

    In order for the system to create a Minidump file, check the following:

    If Windows restarts, but BSoD’a does not - What should I do?

    Poke the right mouse button in My computerchoose The propertiestab Additionallythere button Options in section Download and restore. In the window that appears, in the section System failure uncheck opposite Perform automatic reboot.

    How to check if minidump is created?

    First, check whether it is recorded. Go to the system properties (right button on My Computer - Properties) Then tab Additionallywe find the section Download and restore and click on the button Options. It should be like in the picture:

    • The program will be useful for both novice users who first encountered the blue screen of death, and for users more experienced.
    • The program supports the Russian language
    • The program is free and does not require installation

    Pin
    Send
    Share
    Send
    Send