|
|
#1
30th Jul 2008, 22:05
|
||||||||||||
|
||||||||||||
|
Different types of Dump Files:
__________________
First the theory… Each time Windows hangs or flatters you with that oh so nice BSOD, it creates a crash dump file in the background. There are 3 possible crash files that Windows can produce:
Complete or Full Memory dump: A complete dump records all the contents of the system memory at the time of a crash, including the processes that were running when the memory dump was collected. Its sheer size means that you need sufficient free space on your hard drive in order for Windows to save the file. Due to this sheer size, 32-bit systems with more than 2GB of memory cannot save complete memory dumps without prior messing about in the registry (which I won’t go into…) Small or Mini dump: A mini dump is a tiny 64K-byte file. One reason a mini dump is so small is that it doesn't contain any of the binaries or executables that are in memory at the time of a system crash. Since .exe files are needed for a full and proper crash analysis, mini dumps are of limited value without them. Still they can be a very good start off point. Windows XP produces mini dumps by default, one for each crash event. Kernel dump: A kernel dump is probably the most useful memory dump to work with. Since it only contains the memory information that was occupied by the kernel and the hardware abstraction layer (HAL), it is significantly smaller than a complete dump (a system with 1GB of RAM will produce a kernel dump of about 120MB). By omitting memory that was allocated to user-mode programs, it remains small while still offering the greatest chance of containing the info that was responsible for the crash. By default, Windows XP will save a mini dump for each crash that occurs. These dump files can be found in the directory C:\WINDOWS\Minidump Each mini dump filename contains the date the file was crated and a sequence number (in case more then one dump file is created on the same day). An example of a mini dump file could be something like Mini072708-01.dmp (This is an example of the first mini dump that was created on my own system on the 27th of July 2008. Kernel and Complete dumps are saved in the directory C:\WINDOWS\ and will be a file called Memory.dmp. Each time a crash occurs, the existing memory dump file is overwritten. Changing the type of Dump File Windows Saves: As I previously mentioned, Windows XP will save mini dumps by default and it will save a mini dump for each crash that occurs. Actually, alongside the mini dump, XP will also save a complete dump file. However, as previously mentioned, where there is a mini dump available for each crash, the complete dump will always overwrite the existing one. However, since I already mentioned that mini dumps are of limited use when performing a proper full crash analysis and complete dumps are way too big in file size while containing too much data, it makes sense to set up XP to save kernel dumps instead. Changing this setting is dead simple:
Because it is free and it is the only debugging tool I have used so far. Satisfied? Note however, that WinDbg is NOT part of the support tools that are provided with the Windows installation CD/DVD. It is rather part of the “Debugging Tools for Windows” which can be freely downloaded from the following link: http://www.microsoft.com/whdc/devtoo...g/default.mspx When downloading the debugging tools, make sure you download the toolset for the platform you are planning to use as the debugging system. The debugging system does not necessarily need to be the same system as the one that needs debugging. There might be situations/reasons for instance where you would need/want to do the debugging on a different system than the one that is producing the fault. So if you grabbed a dump file from a 64-bit machine, but you’re doing the debugging on a 32-bit system, then you need to 32-bit debugging toolset. Another important note thing to note is that the Debugging tools come as an MSI installer meaning that they will only install in the directory C:\Program Files\Debugging Tools for Windows. So if you would like to use the tools on a system for which you don’t have any administrator rights you’re stuffed! Well… actually you’re not. Microsoft made it possible to copy the whole Debugging Tools directory from the default installation path to wherever you want. In other words, once installed on a system that provides you with admin rights, you could copy the whole directory to a different system. Even better; you could run them form a memory stick if you want to. Just make sure you keep the directory as a whole and don’t start removing stuff. Last but not least, there is only one version of the Debugging tools available per platform. This is because the tools are independent from the Windows version. No matter if you’re planning to install them on Windows 2000, XP, 2003 server or Vista. Different operating systems and their service packs only matter once you start playing with the Windows symbol files (more about that in Part 2). My System: Willy Wonka's Polygon Factory
|
|
#2
22nd Sep 2009, 04:06
|
|||
|
|||
|
Nice read! Thanks!
|
