1How to open and analyze crash dump files on Windows 10.
If you get a Blue Screen of Death (BSOD) error on your Windows PC, several things will happen. The most obvious one is that your computer is forcibly rebooted as the BSOD is the result of a complete Windows crash. However, the less obvious result of a BSOD error is an error log that is generated so that the problem can be corrected later.
This is called a memory dump file saved in the DMP file format. These files contain various information about the problem. Including your current version of Windows. All running applications and drivers at the time of the BSOD, and the error code itself. Here’s what you need to do to help you analyze your memory dump files.
What are Memory Dump Files on Windows 10?
The Blue Screen of Death is a critical and unrecoverable error on Windows PCs, but the causes of these errors can vary. For example, an unexpected kernel mode hijacking BSOD is usually caused by incompatible or overclocked hardware, while a critical process stopping BSOD can have various causes, including corrupted system files.
To help you fix the problem, Windows automatically generates a memory dump file. It usually contains the name and value of the stop code (for example, the stop code for a system service exception). A list of all drivers running at the time of the failure. Some additional technical information that can be used to determine the cause.
These dump files (using the DMP file format) are automatically saved to the root folder C: , C: minidump, or C: Windows minidump. To help you analyze them, you can install the Microsoft WinDbg Debugging application from the Microsoft Store. This will help you analyze the memory dump files and find information about the stop code.
You can also use older tools like NirSoft BlueScreenView to quickly analyze dump files generated on your PC.
It will also help you determine the meaning of the stop code and the possible reason (e.g. a specific driver file).
Once you know the meaning of the stop code, you can find more information about the problem on the Internet. For example, if you discover from your dump file that you have a memory management BSOD, you can check out our guide to BSOD errors for more tips on how to fix the problem.
Since the BSOD error can stop your computer from working, you may need to restart Windows in Safe Mode. Starting Windows in Safe Mode reduces the number of active system processes and drivers to a minimum, allowing you to investigate further.
However, if you can’t boot into Windows at all, your options are limited. There are currently no standalone tools to run if Windows itself is not working properly to parse BSOD dump files. If this happens, you will need to recover the dump files with a Linux Live CD using a DVD or portable USB drive.
Then you can analyze the file using WinDbg or NirSoft BlueScreenView on your work Windows PC or laptop by following these steps.
Changing Memory Dump File Settings in Windows Settings
Memory dump files are generated automatically, but you can set the verbosity included in the memory dump file in Windows settings. This will only work for BSODs that occur after changing this setting, but if your computer is having problems, you can follow these steps to add more information to the dump files.
- First, right-click the Start menu and select Settings.
- From the Settings menu, select System> About. In the Related Options pane, choose System> About, select Advanced System Settings.
- From the System Properties menu, select the Options option listed in the Startup and Recovery section below.
- To change the level of verbosity recorded by memory dump files when a BSOD occurs, select one of the available options from the Record Debug Information drop-down menu in the Startup and Repair window. Full details of what is included in each memory dump is available on the Microsoft documentation website. Select OK> OK to save your selection.
After making this change, you may need to restart your computer to make sure the setting is applied. Any future BSOD errors will generate a memory dump file containing the level of information you selected above.
How to Analyze Windows Memory Dump Files Using WinDbg
If you encounter a BSOD error, you can use WinDbg to parse the memory dump file. This Microsoft-built development tool is the best way to analyze your memory files, but you can also use an older version of NirSoft BlueScreenView as an alternative by following the steps below.
These steps assume that your computer is working well enough to install and use WinDbg. If this is not the case, you will need to get the dump files from your hard drive using a Live CD or Linux USB stick in order to analyze them elsewhere. Live CD environments can be booted from the installation media of most Linux distributions, including Ubuntu and Debian.
- First you need to install WinDbg Preview from the Microsoft Store. On the WinDbg store page, select Get to start the installation.
- After installing WinDbg, start it by selecting Run from the store page or launching it from the Start menu. If you do not have access to the dump files, you need to find WinDbg in the Start menu, then right-click and select More> Run as Administrator to grant it the required access.
In the WinDbg window, select File> Start Debugging> Open Dump File. Use the built-in Explorer menu to open the latest dump file.Â which is usually saved in the root folder C: , C: minidump, or C: Windows minidump.
- Opening the DMP file will launch the WinDbg debugger and load the file. This may take some time depending on the file size and level of detail. Once that’s done, enter! Analysis -v into the command box at the bottom of the Command tab, then press Enter to run the command.
- Team! analysis -v will take some time to download and analyze the log file generated by the BSOD error – wait for this process to complete. Once this is done, you can fully analyze the output in the Command tab. Specifically, look for the name and meaning of the stop code (for example, DRIVER_IRQL_NOT_LESS_OR_EQUAL and d1) listed in the Error Analysis section. A brief description of the cause (such as a driver problem) will be provided along with the stop code so that you can troubleshoot later.
- You can also look at other important information in the WinDbg analysis (for example. The MODULE_NAME value) to determine the cause. In this example, the BSOD was caused by running the NotMyFault system testing tool.
Once you have identified the stop code and the possible cause of the BSOD error. You can further investigate the problem to determine a possible solution.
How to Analyze Windows Memory Dump Files Using NirSoft BlueScreenView
Although not included with Windows, WinDbg was created by Microsoft to address BSOD errors. However, if you prefer, you can analyze the memory dump files from your PC (or from another PC if you have a copy of the corresponding dump files) using the old NirSoft BlueScreenView tool.
BlueScreenView may seem outdated, but it still offers all the information you need about your BSOD dump files. This includes the name and value of the stop code (for example. DRIVER_IRQL_NOT_LESS_OR_EQUAL), which can then be used to determine the reason.
- First, download and install the NirSoft BlueScreenView tool on your Windows PC. After installing the tool, launch it from the Start menu.
- BlueScreenView will automatically find memory dump files from known sources such as C: / and C: / Windows / minidump. However, if you want to download the file manually, choose Options> Advanced Options.
In the Advanced Options menu, navigate to the folder containing the dump files by clicking the Browse button next to the Load minidump folder from the next window box. To return it to the default location, select Default. Click “OK” to save your selection and download the files.
A list of saved memory dump files appears in the main BlueScreenView window. Select one of the files in the list to view additional information about it. The name of the stop code appears in the Error Checking Line column, allowing you to further explore the problem.
- If a memory dump file is selected, a complete list of active files and drivers will be listed below it. Files highlighted in red will have a direct link to the cause of the BSOD error. For example, myfault.sys refers to the NotMyFault system testing tool, and ntoskrnl.exe refers to the Windows kernel process.
While BlueScreenView is a useful tool for quickly identifying the BSOD error name. It is not a complete debugging tool like WinDbg. If this tool does not resolve the issue, try WinDbg for a more detailed analysis.
Troubleshooting BSOD Errors Using Memory Dump Files
Using the memory dump file information you are recovering, you can resolve BSOD errors by searching for stop codes or associated BSOD error files. Stop error codes, in particular, can help you find the cause of a BSOD, from a BSOD with incorrect system configuration information to a BSOD with an unexpected store exclusion error.
BSOD errors are caused by anything from faulty hardware to corrupted system files. To stop them, you should regularly check your computer for malware and use tools like SFC to repair your Windows installation if it gets damaged. If all else fails, you can always reset or reinstall Windows 10 to restore your PC to full working condition.
How to open and analyze crash dump files on Windows 10
How to open and analyze crash dump files on Windows 10
windows 10 application crash dump location
How to Analyze Memory Dump Files (.dmp) in Windows 10
dump file analyzer
how to read dmp files
dmp file viewer
memory.dmp windows 10
windows 10 crash dump location
dump check utility windows 10