Diagnose Blue Screen Of Death (BSOD): Memory Dump

Hello Friends!

Long time since my last post. Actually, I didn't wish 'Happy New Year' to you pals. So, apologies &

Wish You A Happy & Prosperous New Year!!

Now, coming back to the topic. 

A Memory Dump is a useful tool to decipher why your computer is not responding or has stopped unexpectedly.

The Dump file typically contains:

• The Stop messages, parameters and other data
• A list of loaded drivers
• The processor context (PRCB) for the processor that stopped
• The process information and kernel context (EPROCESS) for the process that stopped
• The process information and kernel context (ETHREAD) for the thread that stopped
• The kernel-mode call stack for the thread that stopped

So let us understand how to save it and where are they stored

Step 1: Right-click on My Computer->Properties

Step 2: Click on Advanced system settings on the left navigation and follow the screen shot

Step 3: In the System failure section, ensure that the following options are checked:

• Write an event to the system log
• Send an administrative alert
• Automatically restart

Step 4: In the Write debugging information section, you will have the following options:

Select Small memory dump (256 KB) or Kernel memory dump depending upon your wish to debug. Due to space constraints, I prefer the check on Overwrite any existing file. Each dump may provide an additional and different information, hence set this option according to your requirements.

Step 5: The Write debugging information section also tells you the location where your system's dump file will be created:

On XP and 2003 systems, mini dumps are located at %SystemRoot%\Minidump, or C:\Windows\Minidump.

Kernel and full dumps are located at %SystemRoot%\MEMORY.DMP or C:\Windows\MEMORY.DMP.

For Win 2000 systems, memory dump files are located at C:\winnt\memory.dmp.

Here is a link to download  the debug tool. To use it in XP or Vista, go for a compatible mode and then run as administrator.