Главная » Linux

Windows create dump file on crash

Содержание
  1. Windows crash dump location (memory.dmp file)
  2. How to enable or disable kernel memory dump? If dump is enabled, how to choose mini dump or full kernel dump?
  3. How to change crash dump file location?
  4. How to enable or disable crash dump file overwrite?
  5. Modifying Windows dump settings using registry keys
  6. How to disable crash dump?
  7. Disable crash dump overwrite
  8. Generate a kernel or complete crash dump
  9. Set up page files
  10. Enable memory dump setting
  11. Tips to generate memory dumps
  12. Manually generate a memory dump file
  13. Use the NotMyFault tool
  14. Use NMI
  15. Tip: Automatically create a crash dump file on error
  16. Создание ядра или полного аварийного дампа Generate a kernel or complete crash dump
  17. Настройка файлов страниц Set up page files
  18. Включить параметр сброса памяти Enable memory dump setting
  19. Советы по генерации свалок памяти Tips to generate memory dumps
  20. Вручную создать файл сброса памяти Manually generate a memory dump file
  21. Использование средства NotMyFault Use the NotMyFault tool
  22. Использование NMI Use NMI

Windows crash dump location (memory.dmp file)

When Windows OS crashes (Blue Screen of Death or BSOD) it dumps all the memory information into a file on disk. This dump file can help the developers to debug the cause for the crash. The default location of the dump file is %SystemRoot%memory.dmp i.e C:\Windows\memory.dmp if C: is the system drive. Windows can also capture small memory dumps which occupy less space. These dumps are created at %SystemRoot%Minidump.dmp (C:\Window\Minidump.dump if C: is the system drive). Below you can find details on crash dump settings. This article is applicable for XP, Vista, Windows 7 and Windows 10.

How to enable or disable kernel memory dump? If dump is enabled, how to choose mini dump or full kernel dump?

We can configure the dump settings through system properties. Detailed steps are given below.

  1. Open System properties(Execute sysdm.cpl from Run window)
  2. Click on Advanced tab
  3. Click on the Settings button under Startup and Recovery
  4. In this window, click on the drop down list under ‘Write Debugging information’
  • This list would show 6 options – None, Small memory dump(64 KB), Kernel memory dump, Complete memory dump, Automatic memory dump and Active memory dump. If you want to disable memory dump then select none from these options. Otherwise select your required option from the other three. After this click on OK and close the windows.

How to change crash dump file location?

You can set the dump file location in the same Startup and recovery window mentioned above. In the ‘Dump File’ text field you can enter the location of the file.

You can also change mini dump file location – Select ‘small memory dump‘ from the drop down box and then give the location of the file in the bottom text box.

How to enable or disable crash dump file overwrite?

In the Startup and recovery window(which can be opened from System properties window) unselect the check button ‘Overwrite any existing file‘ to disable crash dump overwrite.

Modifying Windows dump settings using registry keys

Registry values related to Windows crash dump settings are stored under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl.
We can configure crash dump by modifying these registry values also(listed below).

    • AutoReboot
    • CrashDumpEnabled
    • DumpFile
    • LogEvent
    • MinidumpDir
    • Overwrite
    • SendAlert

    How to disable crash dump?

    Open registry editor and navigate to the path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl . Set the registry value CrashDumpEnabled to 0. Or you can simply run the below command which does the same.

    Disable crash dump overwrite

    Set the value of the registry key ‘Overwrite’ to 0. This key can be found in the registry path mentioned above. If you want to overwrite existing crash dump file, then set its value to 1. Below command would disable crash dump overwrite.

    Generate a kernel or complete crash dump

    A system crash (also known as a “bug check” or a «Stop error») occurs when Windows can’t run correctly. The dump file that is produced from this event is called a system crash dump.

    A manual kernel or complete memory dump file is useful when you troubleshoot several issues because the process captures a record of system memory at the time of a crash.

    Set up page files

    See Support for system crash dumps for the page file size requirement for system crash dump.

    Enable memory dump setting

    You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may prevent you from completing this procedure.

    To enable memory dump setting, follow these steps:

    In Control Panel, select System and Security > System.

    Select Advanced system settings, and then select the Advanced tab.

    In the Startup and Recovery area, select Settings.

    Make sure that Kernel memory dump or Complete memory dump is selected under Writing Debugging Information.

    Restart the computer.

    You can change the dump file path by edit the Dump file field. In other words, you can change the path from %SystemRoot%\Memory.dmp to point to a local drive that has enough disk space, such as E:\Memory.dmp.

    Tips to generate memory dumps

    When the computer crashes and restarts, the contents of physical RAM are written to the paging file that is located on the partition on which the operating system is installed.

    Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This can cause a prolonged server outage.

    Use this method to generate complete memory dump files with caution. Ideally, you should do this only when you are explicitly requested to by the Microsoft Support engineer. Any kernel or complete memory dump file debugging should be the last resort after all standard troubleshooting methods have been completely exhausted.

    Manually generate a memory dump file

    Use the NotMyFault tool

    If you can log on while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool. To do this, follow these steps:

    Download the NotMyFault tool.

    Select Start, and then select Command Prompt.

    At the command line, run the following command:

    This operation generates a memory dump file and a D1 Stop error.

    Use NMI

    On some computers, you cannot use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard is not attached to the HP BladeSystem server.

    In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor.

    To do this, follow these steps:

    Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

    In Registry Editor, locate the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

    Right-click CrashControl, point to New, and then click DWORD Value.

    Type NMICrashDump, and then press Enter.

    Right-click NMICrashDump, and then select Modify.

    In the Value data box, type 1, and then select OK.

    Restart the computer.

    Hardware vendors, such as HP, IBM, and Dell, may provide an Automatic System Recovery (ASR) feature. You should disable this feature during troubleshooting. For example, if the HP and Compaq ASR feature is enabled in the BIOS, disable this feature while you troubleshoot to generate a complete Memory.dmp file. For the exact steps, contact your hardware vendor.

    Enable the NMI switch in the BIOS or by using the Integrated Lights Out (iLO) Web interface.

    For the exact steps, see the BIOS reference manual or contact your hardware vendor.

    Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.

    If you want to run NMI in Microsoft Azure using Serial Console, see Use Serial Console for SysRq and NMI calls.

    Tip: Automatically create a crash dump file on error

    Crash dumps are very useful to debug an application. Recently, I worked on a Visual Studio extension we use in my company. It’s very easy to develop such kind of application. However, there are lots of reasons for your extension to crash. Of course, you can add lots of try/catch, but you’ll for sure forget the good one, so VS will crash. When it’s happening, you would like to be able to attach a debugger and see the exception and the stack trace. Instead of attaching a debugger, you can automatically generate a crash dump that you can use to debug the application later.

    In Windows, you can configure Windows Error Reporting (WER) to generate a dump when an application crashes.

    1. Open regedit.exe
    2. Open the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
    3. Set the value DumpFolder (REG_EXPAND_SZ) to the directory you want the dump to be created
    4. Optionally, you can prevent WER to keep lots of crash dumps by setting DumpCount (DWORD) to a low number

    Maybe you prefer to set the configuration using PowerShell:

    You can also configure WER per application. So, if you want to generate a full dump only for one application, you can create a key for your application under LocalDumps with the configuration you want. If your application is devenv.exe the key name is devenv.exe . This is very simple!

    When your application crash, you can go to %LOCALAPPDATA%\CrashDumps :

    Find the latest dump and open it using Visual Studio to start debugging the application. By default, it shows system information, the exception that crashes the application, and the list of modules. You can use the action section on the right to start the debugger and find more information about the exception.

    Note: Applications that do their custom crash reporting, including .NET applications, are not supported by this feature.

    Do you have a question or a suggestion about this post? Contact me!

    Создание ядра или полного аварийного дампа Generate a kernel or complete crash dump

    Сбой системы (также известный как «проверка ошибки» или «Остановка ошибки») происходит, когда Windows не может работать правильно. A system crash (also known as a “bug check” or a «Stop error») occurs when Windows can’t run correctly. Файл сброса, который производится из этого события, называется сбросом сбоя системы. The dump file that is produced from this event is called a system crash dump.

    Ручной файл сброса ядра или полного файла памяти полезен при устранении нескольких проблем, так как процесс записи системной памяти во время сбоя. A manual kernel or complete memory dump file is useful when you troubleshoot several issues because the process captures a record of system memory at the time of a crash.

    Настройка файлов страниц Set up page files

    См. поддержку свалок сбоя системы для требования к размеру файла страницы для сбоя системы. See Support for system crash dumps for the page file size requirement for system crash dump.

    Включить параметр сброса памяти Enable memory dump setting

    Для выполнения этой процедуры необходимо войти в систему в качестве администратора или члена группы администраторов. You must be logged on as an administrator or a member of the Administrators group to complete this procedure. Если компьютер подключен к сети, параметры сетевой политики могут помешать вам завершить эту процедуру. If your computer is connected to a network, network policy settings may prevent you from completing this procedure.

    Чтобы включить параметр сброса памяти, выполните следующие действия: To enable memory dump setting, follow these steps:

    В панели управлениявыберите систему и систему > безопасности. In Control Panel, select System and Security > System.

    Выберите параметры расширенных систем, а затем выберите вкладку Advanced. Select Advanced system settings, and then select the Advanced tab.

    В области запуска и восстановления выберите Параметры. In the Startup and Recovery area, select Settings.

    Убедитесь, что сброс памяти ядра или полная свалка памяти выбраны в статье Writing Debugging Information. Make sure that Kernel memory dump or Complete memory dump is selected under Writing Debugging Information.

    Перезагрузите компьютер. Restart the computer.

    Вы можете изменить путь файла сброса, редактировать поле файла Dump. You can change the dump file path by edit the Dump file field. Другими словами, можно изменить путь с %SystemRoot%\Memory.dmp на локальный диск с достаточным диском, например E:\Memory.dmp. In other words, you can change the path from %SystemRoot%\Memory.dmp to point to a local drive that has enough disk space, such as E:\Memory.dmp.

    Советы по генерации свалок памяти Tips to generate memory dumps

    При сбое и перезапуске компьютера содержимое физической оперативной памяти передается в файл paging, расположенный на разделе, на котором установлена операционная система. When the computer crashes and restarts, the contents of physical RAM are written to the paging file that is located on the partition on which the operating system is installed.

    В зависимости от скорости жесткого диска, на котором установлена Windows, сброс более 2 гигабайт (ГБ) памяти может занять длительное время. Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Даже в лучшем случае, если файл сброса настроен для проживания на другом локальном жестком диске, значительное количество данных будет прочитано и записано на жесткие диски. Even in a best case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. Это может привести к длительному отключению сервера. This can cause a prolonged server outage.

    Используйте этот метод для создания полных файлов сброса памяти с осторожностью. Use this method to generate complete memory dump files with caution. В идеале это следует делать только при явном запросе инженера службы поддержки Майкрософт. Ideally, you should do this only when you are explicitly requested to by the Microsoft Support engineer. Отладка файлов сброса ядра или полного файла памяти должна быть последней инстанцией после полного исчерпания всех стандартных методов устранения неполадок. Any kernel or complete memory dump file debugging should be the last resort after all standard troubleshooting methods have been completely exhausted.

    Вручную создать файл сброса памяти Manually generate a memory dump file

    Использование средства NotMyFault Use the NotMyFault tool

    Если во время проблемы можно войти в систему, можно использовать средство Microsoft Sysinternals NotMyFault. If you can log on while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool. Для этого выполните следующие действия: To do this, follow these steps:

    Выберите Начните, а затем выберите командную подсказку. Select Start, and then select Command Prompt.

    В командной строке запустите следующую команду: At the command line, run the following command:

    Эта операция создает файл сброса памяти и ошибку остановки D1. This operation generates a memory dump file and a D1 Stop error.

    Использование NMI Use NMI

    На некоторых компьютерах нельзя использовать клавиатуру для создания файла аварийного сброса. On some computers, you cannot use keyboard to generate a crash dump file. Например, Hewlett-Packard (HP) BladeSystem из компании Hewlett-Packard разработки управляются с помощью графического пользовательского интерфейса (GUI) на основе браузера. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). Клавиатура не присоединена к серверу HP BladeSystem. A keyboard is not attached to the HP BladeSystem server.

    В этих случаях необходимо создать полный файл аварийного сбоя или файл аварийного сброса ядра с помощью переключателя NMI, который вызывает NMI на системном процессоре. In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor.

    Для этого выполните следующие действия: To do this, follow these steps:

    Внимательно следуйте шагам в этом разделе. Follow the steps in this section carefully. Неправильное изменение реестра может привести к серьезным проблемам. Serious problems might occur if you modify the registry incorrectly. Перед его изменением необходимо создать реестр для восстановления в случае возникновения проблем. Before you modify it, back up the registry for restoration in case problems occur.

    В редакторе реестра найдите следующий подкай реестра: In Registry Editor, locate the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

    Правой кнопкой мыши CrashControl, указать на Новый, а затем нажмите значение DWORD. Right-click CrashControl, point to New, and then click DWORD Value.

    Введите NMICrashDump и нажмите кнопку Ввод. Type NMICrashDump, and then press Enter.

    Щелкните правой кнопкой мыши NMICrashDumpи выберите Изменение. Right-click NMICrashDump, and then select Modify.

    В поле Значение данных введите 1, а затем выберите ОК. In the Value data box, type 1, and then select OK.

    Перезагрузите компьютер. Restart the computer.

    Поставщики оборудования, такие как HP, IBM и Dell, могут предоставить функцию автоматического восстановления системы (ASR). Hardware vendors, such as HP, IBM, and Dell, may provide an Automatic System Recovery (ASR) feature. Эту функцию следует отключить во время устранения неполадок. You should disable this feature during troubleshooting. Например, если функция ASR HP и Compaq включена в BIOS, отключим эту функцию во время устранения неполадок, чтобы создать полный файл Memory.dmp. For example, if the HP and Compaq ASR feature is enabled in the BIOS, disable this feature while you troubleshoot to generate a complete Memory.dmp file. Для точных действий обратитесь к поставщику оборудования. For the exact steps, contact your hardware vendor.

    Включите переключатель NMI в BIOS или с помощью веб-интерфейса Integrated Lights Out (iLO). Enable the NMI switch in the BIOS or by using the Integrated Lights Out (iLO) Web interface.

    Точные действия см. в справочном руководстве BIOS или обратитесь к поставщику оборудования. For the exact steps, see the BIOS reference manual or contact your hardware vendor.

    Протестировать этот метод на сервере с помощью коммутатора NMI для создания файла сброса. Test this method on the server by using the NMI switch to generate a dump file. Вы увидите неисправность 0x00000080 stop. You will see a STOP 0x00000080 hardware malfunction.

    Если вы хотите запустить NMI в Microsoft Azure с помощью серийной консоли, см. в рубрике Использование последовательной консоли для вызовов SysRq и NMI. If you want to run NMI in Microsoft Azure using Serial Console, see Use Serial Console for SysRq and NMI calls.

    Читайте также:  Lenovo thinkpad установка linux
Оцените статью
© 2024 Советы по настройке компьютера