Your SlideShare is downloading. ×
Memory Dump
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Memory Dump


Published on

1 Comment
  • Hai
    I have two hard disk capacity per each 160 GBs but both are not working how to repair in this one is bad disk showing option not formating also and another one not connecting the cable how to fix tall me solution please.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Memory Dump Prepared by Nitesh bhat Trainee at Itimpulse
  • 2. Memory Dump It is very hard to analysis memory the dump Memory dump is located in c: drive in window’s folder If we know how to analysis the memory dump we easy come to know why window is crash ?
  • 3. Why window is crash Something is wrong in kernel –modeExample :- Unhandled exception OS or driver detects severe inconsistency Invalid memory references hardware error
  • 4. Memory Dump analysis 70% of window crash came from third party bugs 15% of window crash came which cant be explain 10% of window crash came from hardware s 5 % of window crash came from its windows code
  • 5. Crash dump types Complete (full) (64 KB for a 32-bit operating system, 128 KB for a 64-bit operating system) Default for servers kernel OS/driver memory Small (mini dump ) Default for xp Minimal crash information
  • 6. Mini dump Contents bug check code ,parameters list of drivers minimal information on current process Unique file for crash windows minidump Extract from kernel ,full dump Best memory dump for analysis is kernel dump If checksum does not match dump is not written
  • 7. When ? “ DUMP “ Crash occurred before paging file was open spontaneous reboot hung system paging file is too small not enough free space to extract dump
  • 8. Analysis Basics Analysis tools parts of debugging tools for windows (free) Two tools can open kernel crash dumps : winDbg - GUL kd - command line
  • 9. Symbols When applications are linked The linker that creates the .exe and .dll files also creates a number of additional files known as symbol files. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process. Typically, symbol files might contain: Global variables Local variables
  • 10. Symbols Symbol files contain names and location of internal data debugging needs kernel symbol file to analyze dumps kernel image : ntoskrnl.exe ntoskrnl.pdb is symbol file
  • 11. How we do manually generate DumpCopy and Paste the following into Notepad:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesi8042prtParameters]"CrashOnCtrlScroll"=dword:00000001Save as CrashOnCtrlScroll.reg and save as type All Files. Double-Click the file tomerge it with the Registry. Restart your computer and you will be able to use it. Togenerate the minidump file you will need to press and hold the Right Cntrl key andtap the Scroll Lock key twice. You will be presented with the Blue Screen and yourcomputer will Restart.
  • 12. NowDemo with notmyfault Analysis Of memory Dump