Memory Dump


Published on

1 Comment
  • Hai
    I have two hard disk capacity per each 160 GBs but both are not working how to repair in this one is bad disk showing option not formating also and another one not connecting the cable how to fix tall me solution please.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Memory Dump

  1. 1. Memory Dump Prepared by Nitesh bhat Trainee at Itimpulse
  2. 2. Memory Dump It is very hard to analysis memory the dump Memory dump is located in c: drive in window’s folder If we know how to analysis the memory dump we easy come to know why window is crash ?
  3. 3. Why window is crash Something is wrong in kernel –modeExample :- Unhandled exception OS or driver detects severe inconsistency Invalid memory references hardware error
  4. 4. Memory Dump analysis 70% of window crash came from third party bugs 15% of window crash came which cant be explain 10% of window crash came from hardware s 5 % of window crash came from its windows code
  5. 5. Crash dump types Complete (full) (64 KB for a 32-bit operating system, 128 KB for a 64-bit operating system) Default for servers kernel OS/driver memory Small (mini dump ) Default for xp Minimal crash information
  6. 6. Mini dump Contents bug check code ,parameters list of drivers minimal information on current process Unique file for crash windows minidump Extract from kernel ,full dump Best memory dump for analysis is kernel dump If checksum does not match dump is not written
  7. 7. When ? “ DUMP “ Crash occurred before paging file was open spontaneous reboot hung system paging file is too small not enough free space to extract dump
  8. 8. Analysis Basics Analysis tools parts of debugging tools for windows (free) Two tools can open kernel crash dumps : winDbg - GUL kd - command line
  9. 9. Symbols When applications are linked The linker that creates the .exe and .dll files also creates a number of additional files known as symbol files. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process. Typically, symbol files might contain: Global variables Local variables
  10. 10. Symbols Symbol files contain names and location of internal data debugging needs kernel symbol file to analyze dumps kernel image : ntoskrnl.exe ntoskrnl.pdb is symbol file
  11. 11. How we do manually generate DumpCopy and Paste the following into Notepad:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesi8042prtParameters]"CrashOnCtrlScroll"=dword:00000001Save as CrashOnCtrlScroll.reg and save as type All Files. Double-Click the file tomerge it with the Registry. Restart your computer and you will be able to use it. Togenerate the minidump file you will need to press and hold the Right Cntrl key andtap the Scroll Lock key twice. You will be presented with the Blue Screen and yourcomputer will Restart.
  12. 12. NowDemo with notmyfault Analysis Of memory Dump