If you have an application that is hanging or crashing, or a system that is misbehaving due to hangs, high CPU, severe slowness, etc, you may be asked to create a memory dump – perhaps of the application that is believed to be having issues, or of the entire system if the computer is misbehaving (or of both an application and the whole system!).
This post is meant as an instruction manual on how to gather data if you are going to post for help on resolving one of these types of problems.
The first thing to do, before doing ANYTHING else, is to download and install the “Debugging Tools for Windows” for your Windows platform:
– x86 version.
– x64 or Itanium (64bit)
Once you’ve installed the tools, here are instructions on how to create the appropriate dump if you are so asked:
Memory dump from an application/process that is HANGING (not crashing):
1. Create a directory called c:\adplus
2. Open a command prompt and change to the directory where you installed the debugging tools. By default, this is “C:\Program Files\Debugging Tools for Windows”
3. Type the following command in the command prompt:
cscript adplus.vbs -hang -pn appname -quiet -o c:\adplus (where “appname” is the .exe name of the application that is hanging)
4. Once the debugger has finished (this can take some time), the command prompt window(s) will close, and you will have data in your C:\adplus folder that can be analyzed.
Memory dump from an application/process that is CRASHING (not hanging):
1. Create a directory called c:\adplus
2. Open a command prompt and change to the directory where you installed the debugging tools. By default, this is “C:\Program Files\Debugging Tools for Windows”
3. Type the following command in the command prompt:
cscript adplus.vbs -crash -pn appname -quiet -o c:\adplus (where “appname” is the .exe name of the application that is crashing)
4. Once the debugger has finished (this can take some time), the command prompt window(s) will close, and you will have data in your C:\adplus folder that can be analyzed.
Memory dump of the entire system:
1. Create or set the following registry value:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
Value: CrashOnCtrlScroll
Type: REG_DWORD
Data: 1
2. Right-Click on the “My Computer” icon on the desktop and select “Properties”, then click the “Advanced tab. On the “Advanced” tab, click “Settings” under the “Performance” header. Click the “Advanced” tab, then click “Change” under “Virtual Memory”. Set the pagefile to be located on the partition where the OS is installed, and set it to be equal to Physical RAM + 50 MB.
3. Also in the “System Properties” window on the “Advanced” tab, click the “Settings” buttun under the “Startup and Recovery” header. Make sure “Complete Memory Dump” is selected (see 3a if this is not in the list). You can change the location of the memory dump file to a different local partition if you do not have enough room on the partition where the OS is installed.
3a. If the “Complete Memory Dump” option in step 3 is not available, you will need to manually set this registry value:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
Value: CrashDumpEnabled
Type: REG_DWORD
Value: 1
4. You will need to reboot for these changes to take effect.
5. The next time that the system is exhibiting the problem you were asked to dump the machine for, hold down the RIGHT CTRL key and press the SCROLL LOCK key twice to cause the machine to bugcheck and create a memory dump. After the box comes back up, you’ll find the resulting memory dump file in %systemroot%\memory.dmp that can be analyzed.
Courtesy: CLUBERTI