Whenever our system crashes due to any reason, the first thing we worry about is our data and its backup. We are also curious to know about the cause and the event or occurrences that spark the crash. Whenever a Windows operating system crashes, it will save all related information in a small file which will help you, as well as the programmer, to know the source and reason of crash. It is like the BLACK BOX of any airplane which holds all the information in case of any calamity. The small dump file of Window can help you to rectify the crash and avoid such happening in future.
You can find this small dump file at %SystemRoot%memory.dmp, i.e. C:\Windows\memory.dmp where C: is the system drive of the system. %SystemRoot%Minidump.dmp(C:\Window\Minidump.dump) is another location where Windows saves a small file that stores the testimony of the crash.
Dump files contain the following information which can be useful for you.
• All “Stop message” and associated data.
• All installed drivers of your system.
• PCRB of the crashed microprocessor.
• The cause of the problem, i.e. the file and their kernel report (EPROCESS).
• The root thread that causes the harm, i.e. ETHREAD.
• The Kernel stack of the root cause that forced the crash.
How to read the crash?
There are two methods by which we can read these file
- Reading by Bluescreen
- Reading with the help of window drivers kit
Steps to read dump file with Windows drivers kit
- Go to the Window 10 driver’s kit. For this browse to the official website of Microsoft
- Go to Windows hardware, and then move to drivers
- Click to download –The-wdk file.
- Download the driver’s kit setup file
- Installed it into your system by clicking on the setup file.
- Follow the instructions given on the page and accepting the term and condition of the driver.
- It will install the driver’s kit into your system.
- Now move on to the start button of Window which you shall find in the extreme left-hand corner of the screen.
- Open the command prompt by typing cmd into the search box of the window.
- Run the command prompt as “Run as administrator”.
- Click to yes to execute the above action.
- Write down the following in the cmd and press Enter from the keyboard.
- cd C:\Program Files (x86)\Windows Kits\10\Debuggers\x86
- Now write windbg.exe –IA and press the Enter key.
- Press the OK button on the screen flashes on your screen.
- It indicates the automatic debugging of the dump file.
- Go to WinDBG by typing “windbg” on the search after clicking the start button. It will open the debugged file.
- Click on the file and add the symbol to the file SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
- Press OK.
- Open the Dump file
- Go to the start menu.
- Go to Run.
- Write %SystemRoot% and then press OK.
- Go to view option.
- Select “Hidden Files”.
- Here is your dump file in MEMORY.DMP file.
Micheal Ricky is a Microsoft Office expert and has been working in the technical industry since 2002. As a technical expert, Samuel has written technical blogs, manuals, white papers, and reviews for many websites such as office.com/setup.