Memory Dump
Upcoming SlideShare
Loading in...5
×
 

Memory Dump

on

  • 639 views

 

Statistics

Views

Total Views
639
Views on SlideShare
629
Embed Views
10

Actions

Likes
0
Downloads
16
Comments
1

1 Embed 10

http://www.linkedin.com 10

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Hai
    I have two hard disk capacity per each 160 GBs but both are not working how to repair in this one is bad disk showing option not formating also and another one not connecting the cable how to fix tall me solution please.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Memory Dump Memory Dump Presentation Transcript

  • Memory Dump Prepared by Nitesh bhat Trainee at Itimpulse
  • Memory Dump It is very hard to analysis memory the dump Memory dump is located in c: drive in window’s folder If we know how to analysis the memory dump we easy come to know why window is crash ?
  • Why window is crash Something is wrong in kernel –modeExample :- Unhandled exception OS or driver detects severe inconsistency Invalid memory references hardware error
  • Memory Dump analysis 70% of window crash came from third party bugs 15% of window crash came which cant be explain 10% of window crash came from hardware s 5 % of window crash came from its windows code
  • Crash dump types Complete (full) (64 KB for a 32-bit operating system, 128 KB for a 64-bit operating system) Default for servers kernel OS/driver memory Small (mini dump ) Default for xp Minimal crash information
  • Mini dump Contents bug check code ,parameters list of drivers minimal information on current process Unique file for crash windows minidump Extract from kernel ,full dump Best memory dump for analysis is kernel dump If checksum does not match dump is not written
  • When ? “ DUMP “ Crash occurred before paging file was open spontaneous reboot hung system paging file is too small not enough free space to extract dump
  • Analysis Basics Analysis tools parts of debugging tools for windows (free) Two tools can open kernel crash dumps : winDbg - GUL kd - command line
  • Symbols When applications are linked The linker that creates the .exe and .dll files also creates a number of additional files known as symbol files. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process. Typically, symbol files might contain: Global variables Local variables
  • Symbols Symbol files contain names and location of internal data debugging needs kernel symbol file to analyze dumps kernel image : ntoskrnl.exe ntoskrnl.pdb is symbol file
  • How we do manually generate DumpCopy and Paste the following into Notepad:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesi8042prtParameters]"CrashOnCtrlScroll"=dword:00000001Save as CrashOnCtrlScroll.reg and save as type All Files. Double-Click the file tomerge it with the Registry. Restart your computer and you will be able to use it. Togenerate the minidump file you will need to press and hold the Right Cntrl key andtap the Scroll Lock key twice. You will be presented with the Blue Screen and yourcomputer will Restart.
  • NowDemo with notmyfault Analysis Of memory Dump