SystemSuite The Ultimate, All-in-one Suite for PC security, Anti-Virus, Anti-Spyware, Maintenance and Privacy!
Background
When a Fatal Error occurs, Windows often saves key information that can be useful if you didn't manually record the information from the Blue screen or you are a developer who needs additional details captured at the time of the fatal error.
On each fatal error occurrence, information is stored in a new Crash dump file. These are stored in the system directory, in the sub-directory Minidump. The date is encoded into the filename. For example, in most systems, a fatal error that occurs on 12-31-2008 might appear as:
c:WindowsMinidumpMini123108-01.dmp
Dump files are stored in a binary format and are not directly readable. You'll need one of two programs to examine the saved information. Unfortunately, these tools are not included with Windows.
You'll need to download the either Support Tools to get the command-line Dumpchk.exe program, or another package called Debugging Tools to get the GUI WinDbg. Of the two, Dumpchk provides more useful information, but it's only officially supported for XP and older OSes (for 2000 users, it's included with the OS - so you don't need to download it). We've tested Dumpchk under Vista, and it seems to work fine and identifies the Vista name and version correctly, but a product line shows 'WinNt, suite: TerminalServer', which seems wrong, but is really not much of a concern.
To proceed further, select:
How to View Crash Dump Files (using Dumpchk)
We'll assume you've already downloaded and installed the Support Tools or you're using Windows 2000 which already includes it.
You'll need to use the Command line interface, but it's fairly easy to do.
Open the Run dialog (Windows + R), and type cmd, then press Enter. The black Command prompt box appears. After each of the following typed commands you'll press Enter.
Change the directory to point where the minidump files are stored. In most cases, you'll be on the C drive. Type after the prompt (the '>' character) the following (in bold):
c:>cd Windowsminidump
You can list the dump files by typing:
c:Windowsminidump>dir
Now you'll run the dumpchk program with one of your .dmp files. For example:
c:Windowsminidump>dumpchkMini041308-01.dmp
The results are displayed on screen. If you prefer, you can send the results to a text file as follows:
Here's the result of one session for a dump file from XP SP3. We've added the orange text and pointers to identify the most important information.
In this example, the stop code is 0x100000D1. You look up the Fatal error solution using this number. Note that all the numbers are in hex even though most fail to include the '0x' prefix hex notation.
To close the Command prompt box, type Exit, then press Enter.
How to View Crash Dump Files (using WinDbg)
We'll assume you've already downloaded and installed the Debugging Tools. To launch Debugging Tools, use Start, All Programs, and find the Debugging Tool folder. Select the choice WinDbg.
The main dialog opens. Under File, select Open Crash Dump.
The first time it defaults to a documents directory, so you'll have to switch it to where the dump files are stored, typically at c:WindowsMinidump. Pick the dmp file you want to analyze and select Ok. At this point you'll see the dump information. Unless you load the symbol tables, you'll get a ton of warnings and errors, which for most users is not important. In this example, buried in the center is the one line of useful information - the Stop code (called BugCheck) and related parameters.
In this example, the stop code is 0x1000008E. You look up the Fatal error solution using this number. Note that all the numbers are in hex even though they fail to include the '0x' prefix hex notation.
For more details about using the Debugging Tools at Microsoft.
To download Windows Symbol Packages (recommended for developers only).
Getting the Support Tools (which includes Dumpchk)
To get Support Tools: (NOTE: Microsoft no longer makes the Support Tools available)
Download from Microsoft the Support Tools package using IE (other browsers may be problematic). While it indicates it is for XP-SP2, we've tested Dumpchk under XP SP3 and Vista (32-bit) without a problem. Other tools included in the package may be specific to XP or XP SP2.
Install Support Tools by running the downloaded exe file.
Follow the instructions from the installer.
Getting the Debugging Tools (which includes WinDbg)
To get Debugging Tools:
Download from Microsoft using IE (other browsers may be problematic). This works for XP through Windows 8.
Install the Debugging Tools by running the .msi downloaded Microsoft file.
Follow the instructions from the installer.
Turn on the Creation of Dump Files
Normally these are set on by default, but you can turn the ability to save dump files on or off and set where the crash dump directory will be written.
For Windows 7, Vista and Server 2008:
Select Start, then right-click on Computer, and select Properties.
Select Advanced system settings (on the left).
In System Properties, select the Advanced Tab, and under Startup and Settings, select the Settings button.
In Startup and Recovery, under System failure, set Write an event to the system log as checked. Write debugging information should be set to Small memory dump so it will record each occurrence. You could use the Kernel Memory Dump option as well, but this is much larger in size and is primarily of use only for a device driver developer. You can also change the default directory where these are written. We suggest using the default directory.
After the changes are made, click on Ok, then Ok again, and then close the System Control Panel.
For Windows XP and Server 2003:
Select Start, then right-click on My Computer, and select Properties.
In System Properties, select the Advanced Tab, and under Startup and Settings, select the Settings button.
In Startup and Recovery, under System failure, set Write an event to the system log as checked. Write debugging information should be set to Small memory dump so it will record each occurrence. You could use the Kernel Memory Dump option as well, but this is much larger in size and would only be of use to a device driver developer. You can also change the default directory where these are written. We suggest using the default directory.
After the changes are made, click on Ok, then Ok again.
I cannot find a version of dumpchk.exe for windows 7. This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread.