Not a geek Leftnot a geek Right

Houston Computer Specialists Since 1984

About Customer Home Novell Microsoft Support Internet Virus Links Contact

Houston, Texas 77055

How to Use Dumpchk.exe to check a memory dump file

 

Dumpchk.exe is found on the XP installation disk under support/tools.  Run "setup.exe" and it will be installed.

 

This article was previously published under Q156280
For a Microsoft Windows XP version of this article, see 315271

You can download debugging tools for Windows products from the following Microsoft Web site:
http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx

MORE INFORMATION

Dumpchk has the following command-line switches:
   DUMPCHK [options] <CrashDumpFile>

     -? Display the command syntax.

     -p Prints the header only (with no validation).

     -v Specifies verbose mode.

     -q Performs a quick test. Not available in the Windows 2000.
				

Dumpchk displays some basic information from the memory dump file, then verifies all the virtual and physical addresses in the file. If any errors are found in the memory dump file, Dumpchk reports them. The following is an example of the output of a Dumpchk command:

   Filename . . . . . . .memory.dmp
   Signature. . . . . . .PAGE
   ValidDump. . . . . . .DUMP
   MajorVersion . . . . .free system
   MinorVersion . . . . .1057
   DirectoryTableBase . .0x00030000
   PfnDataBase. . . . . .0xffbae000
   PsLoadedModuleList . .0x801463d0
   PsActiveProcessHead. .0x801462c8
   MachineImageType . . .i386
   NumberProcessors . . .1
   BugCheckCode . . . . .0xc000021a
   BugCheckParameter1 . .0xe131d948
   BugCheckParameter2 . .0x00000000
   BugCheckParameter3 . .0x00000000
   BugCheckParameter4 . .0x00000000

   ExceptionCode. . . . .0x80000003
   ExceptionFlags . . . .0x00000001
   ExceptionAddress . . .0x80146e1c

   NumberOfRuns . . . . .0x3
   NumberOfPages. . . . .0x1f5e
   Run #1
     BasePage . . . . . .0x1
     PageCount. . . . . .0x9e
   Run #2
     BasePage . . . . . .0x100
     PageCount. . . . . .0xec0
   Run #3
     BasePage . . . . . .0x1000
     PageCount. . . . . .0x1000


   **************
   **************--> Validating the integrity of the PsLoadedModuleList
   **************

   **************
   **************--> Performing a complete check (^C to end)
   **************
   **************
   **************--> Validating all physical addresses
   **************
   **************
   **************--> Validating all virtual addresses
   **************
   **************
   **************--> This dump file is good!
   **************
				
If there is an error during any portion of the output displayed above, the dump file is corrupted and analysis cannot be performed.

In this example, the most important information (from a debugging standpoint) is the following:
   MajorVersion . . . . .free system
   MinorVersion . . . . .1057
   MachineImageType . . .i386
   NumberProcessors . . .1
   BugCheckCode . . . . .0xc000021a
   BugCheckParameter1 . .0xe131d948
   BugCheckParameter2 . .0x00000000
   BugCheckParameter3 . .0x00000000
   BugCheckParameter4 . .0x00000000
				
This information can be used to determine what Kernel STOP Error occurred and, to a certain extent, what version of Windows was in use.

The information in this article is from the Windows NT Resource Kit. For more information on Dumpchk.exe and other debugging utilities, see Appendix A in the Windows NT 3.51 Resource Kit Update and Update 2.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
119490 Checking the Crashdump file for corruption

 

Download Windows Symbol Packages

The easiest way to get Windows symbols is to use the Microsoft Symbol Server . The symbol server makes symbols available to your debugging tools as needed. After a symbol file is downloaded from the symbol server, it is cached on the local computer for quick access.

If you prefer to download the entire set of symbols for Windows 8 Consumer Preview, Windows Server 8 Beta, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP, or Windows 2000, then you can download a symbol package and install it on your computer.

On This Page      

Windows Update Introduction System Requirements

Windows Update Introduction Installation Instructions

Windows Update Introduction Resources, Support, and Feedback

Windows Update Introduction Download Windows Symbol Packages

 

System Requirements

Before downloading and installing each symbol package, you should have at least 1 GB of disk space free, because of the size of the download package and required temporary files:

bulletEach x86 symbol package may require 750 MB or more of hard disk space.
bulletEach Itanium symbol package may require 560 MB or more of disk space.
bulletEach x64 symbol package may require 640 MB or more.
bulletSymbol packages are non-cumulative unless otherwise noted, so if you are using an SP2 Windows release, you will need to install the symbols for the original RTM version and for SP1 before you install the symbols for SP2.

Installation Instructions

The symbol download packages are listed by processor type (x86, Itanium, and x64) and build type (retail and checked). Almost all customers require the symbols for the retail version. If you are debugging a special version of Windows with extra debugging information, then you should download the symbols for the checked version.

Windows XP and later and Windows Server 2003 and later do not require localized symbols in order to debug localized versions of the product. Each symbol download package for these versions of Windows works for debugging all localized versions.

Resources, Support, and Feedback

To learn more about using symbols and debugging, see Debugging Tools and Symbols: Getting Started .

For help with debugging issues, see About Debugging Tools for Windows .

For information on how to retrieve symbols for a machine that is not connected to the Internet, see Using a Manifest File with SymChk .

Feedback- We are interested in your feedback about symbols. Please mail suggestions or bug reports to windbgfb@microsoft.com . Technical support is not available from this address, but your feedback will help us to plan future changes for symbols and will make them more useful to you in the future.

Download Windows Symbol Packages

Windows XP with Service Pack 3 symbols

These packages contain the full set of symbols required to debug Windows XP with Service Pack 3. The symbols for Windows XP have been modified to match the updated files that are in the Windows XP Service Pack 3.

bulletWindows XP with Service Pack 3 x86 retail symbols, all languages (File size: 209 MB - Most customers want this package.)
bulletWindows XP with Service Pack 3 x86 checked symbols, all languages (File size: 202 MB)

Reduced download size: Windows XP Service Pack 3

These packages are a smaller download size than the full set of Windows XP with Service Pack 3 symbols. They contain only the symbols for the files that ship with the Windows XP Service Pack 3. If you already have the Windows XP symbols installed, you can install these to the same location and you will have a full set of Windows XP with Service Pack 3 symbols.

bulletWindows XP Service Pack 3 x86 retail symbols, all languages (File size: 164 MB - Most customers want this package.)
bulletWindows XP Service Pack 3 x86 checked symbols, all languages (File size: 152 MB)

How to read the small memory dump files that Windows creates for debugging

Article ID: 315263 - View products that this article applies to.
This article was previously published under Q315263
If you are a Small Business customer, find additional troubleshooting and learning resources at the Support for Small Business
site.

 

This step-by-step article describes how to examine a small memory dump file. You can use this file to determine why your computer has stopped responding.

 

Small memory dump files

A small memory dump file records the smallest set of useful information that may help identify why your computer has stopped unexpectedly. This option requires a paging file of at least 2 megabytes (MB) on the boot volume. On computers that are running Microsoft Windows 2000 or later, Windows create a new file every time your computer stops unexpectedly. A history of these files is stored in a folder.

This dump file type includes the following information:
bulletThe Stop message and its parameters and other data
bulletA list of loaded drivers
bulletThe processor context (PRCB) for the processor that stopped
bulletThe process information and kernel context (EPROCESS) for the process that stopped
bulletThe process information and kernel context (ETHREAD) for the thread that stopped
bulletThe Kernel-mode call stack for the thread that stopped
The small memory dump file can be useful when hard disk space is limited. However, because of the limited information that is included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by an analysis of this file.

If a second problem occurs and if Windows creates a second small memory dump file, Windows preserves the previous file. Windows gives each file a distinct, date-encoded file name. For example, Mini022900-01.dmp is the first memory dump file that was generated on February 29, 2000. Windows keeps a list of all the small memory dump files in the %SystemRoot%\Minidump folder.

 

Configure the dump type

To configure startup and recovery options to use the small memory dump file, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click System.
  3. Click the Advanced tab, and then click Settings under Startup and Recovery.
  4. In the Write debugging information list, click Small memory dump (64k).

    To change the folder location for the small memory dump files, type a new path in the Dump File box (or in the Small dump directory box, depending on your version of Windows).

Tools to read the small memory dump file

You can load small memory dump files by using the Dump Check Utility (Dumpchk.exe). You can also use Dumpchk.exe to verify that a memory dump file has been created correctly. The Dump Check Utility does not require access to debugging symbols. The Dump Check Utility is included with the Microsoft Windows 2000 Support Tools and the Microsoft Windows XP Support Tools.

For additional information about how to use the Dump Check Utility in Windows 2000 and in Windows NT, click the following article number to view the article in the Microsoft Knowledge Base:
156280 How to use Dumpchk.exe to check a memory dump file
For additional information about how to use the Dump Check Utility in Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
315271 How to use Dumpchk.exe to check a memory dump file
You can also read small memory dump files by using the WinDbg tool or the KD.exe tool. WinDbg and KD.exe are included with the latest version of the Debugging Tools for Windows package.
This Web page also provides access to the downloadable symbol packages for Windows. To use the resources, create a folder on the disk drive where the downloaded local symbols or the symbol cache for symbol server use will reside. For example, use C:\Symbols. You can use the following symbol path with all the commands that are described in this article:
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
If you download the symbols to a local folder, use the path of that folder as your symbol path.

For more information about the dump file options in Windows, click the following article number to view the article in the Microsoft Knowledge Base:
254649 Overview of memory dump file options for Windows Server 2003, Windows XP, and Windows 2000

Install the debugging tools

To download and install the Windows debugging tools, visit the following Microsoft Web site:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Select the Typical installation. By default, the installer installs the debugging tools in the following folder:
C:\Program Files\Debugging Tools for Windows

Open the dump file

To open the dump file after the installation is complete, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. Change to the Debugging Tools for Windows folder. To do this, type the following at the command prompt, and then press ENTER:
    cd c:\program files\debugging tools for windows
  3. To load the dump file into a debugger, type one of the following commands, and then press ENTER:
    windbg -y SymbolPath -i ImagePath -z DumpFilePath
    kd -y SymbolPath -i ImagePath -z DumpFilePath
The following table explains the use of the placeholders that are used in these commands.
Collapse this tableExpand this table
 
Placeholder Explanation
SymbolPath Either the local path where the symbol files have been downloaded or the symbol server path, including a cache folder. Because a small memory dump file contains limited information, the actual binary files must be loaded together with the symbols for the dump file to be correctly read.
ImagePath The path of these files. The files are contained in the I386 folder on the Windows XP CD-ROM. For example, the path may be C:\Windows\I386.
DumpFilePath The path and file name for the dump file that you are examining.

Sample Commands

You can use the following sample commands to open the dump file. These commands assume the following:
bulletThe contents of the I386 folder on the Windows CD-ROM are copied to the C:\Windows\I386 folder.
bulletYour dump file is named C:\Windows\Minidump\Minidump.dmp.
Sample 1:
kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp
Sample 2. If you prefer the graphical version of the debugger instead of the command line version, type the following command instead:
windbg -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z c:\windows\minidump\minidump.dmp

Examine the dump file

There are several commands that you can use to gather information in the dump file, including the following commands:
bulletThe !analyze -show command displays the Stop error code and its parameters. The Stop error code is also known as the bug check code.
bulletThe !analyze -v command displays verbose output.
bulletThe lm N T command lists the specified loaded modules. The output includes the status and the path of the module.
Note The !drivers extension command displays a list of all drivers that are loaded on the destination computer, together with summary information about their memory use. The !drivers extension is obsolete in Windows XP and later. To display information about loaded drivers and other modules, use the lm command. The lm N T command displays information in a format that is similar to the old !drivers extension.

For help with other commands and for complete command syntax, see the debugging tools Help documentation. The debugging tools Help documentation can be found in the following location:
C:\Program Files\Debugging Tools for Windows\Debugger.chm
Note If you have symbol-related issues, use the Symchk utility to verify that the correct symbols are loaded correctly. For additional information about using Symchk, click the following article number to view the article in the Microsoft Knowledge Base:
311503 Use the Microsoft Symbol Server to obtain debug symbol files

Simplify the commands by using a batch file

After you identify the command that you must have to load memory dumps, you can create a batch file to examine a dump file. For example, create a batch file and name it Dump.bat. Save it in the folder where the debugging tools are installed. Type the following text in the batch file:
cd "c:\program files\debugging tools for windows"

kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z %1
When you want to examine a dump file, type the following command to pass the dump file path to the batch file:
dump c:\windows\minidump\minidump.dmp

 

Primary Computer Service, Inc.
Copyright 2010 [Primary Computer Service, Inc]. All rights reserved.
Revised: 10/14/12