Memory Dump   Prepared by   Nitesh bhat   Trainee at Itimpulse
Memory Dump It is very hard to analysis memory the dump Memory dump is located in c: drive in window’s folder If we kno...
Why window is crash Something is wrong in kernel –modeExample :-  Unhandled exception  OS or driver detects severe inco...
Memory Dump analysis 70% of window crash came from third party  bugs 15% of window crash came which cant be  explain 10...
Crash dump types Complete (full)   (64 KB for a 32-bit operating system, 128 KB for a 64-bit operating system)    Default...
Mini dump Contents      bug check code ,parameters      list of drivers      minimal information on current process   Un...
When ? “ DUMP “ Crash occurred before paging file was open spontaneous reboot hung system paging file is too small no...
Analysis Basics Analysis tools parts of debugging tools for windows (free) Two tools can open kernel crash dumps :      ...
Symbols When applications are linked The linker that creates the .exe and .dll files also  creates a number of additiona...
Symbols Symbol files contain names and location of  internal data debugging needs kernel symbol file to analyze  dumps ...
How we do manually generate DumpCopy and Paste the following into Notepad:Windows Registry Editor Version 5.00[HKEY_LOCAL_...
NowDemo with notmyfault      Analysis  Of memory Dump
Memory Dump
Upcoming SlideShare
Loading in...5
×

Memory Dump

586

Published on

1 Comment
0 Likes
Statistics
Notes
  • Hai
    I have two hard disk capacity per each 160 GBs but both are not working how to repair in this one is bad disk showing option not formating also and another one not connecting the cable how to fix tall me solution please.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
586
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
28
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Memory Dump

  1. 1. Memory Dump Prepared by Nitesh bhat Trainee at Itimpulse
  2. 2. Memory Dump It is very hard to analysis memory the dump Memory dump is located in c: drive in window’s folder If we know how to analysis the memory dump we easy come to know why window is crash ?
  3. 3. Why window is crash Something is wrong in kernel –modeExample :- Unhandled exception OS or driver detects severe inconsistency Invalid memory references hardware error
  4. 4. Memory Dump analysis 70% of window crash came from third party bugs 15% of window crash came which cant be explain 10% of window crash came from hardware s 5 % of window crash came from its windows code
  5. 5. Crash dump types Complete (full) (64 KB for a 32-bit operating system, 128 KB for a 64-bit operating system) Default for servers kernel OS/driver memory Small (mini dump ) Default for xp Minimal crash information
  6. 6. Mini dump Contents bug check code ,parameters list of drivers minimal information on current process Unique file for crash windows minidump Extract from kernel ,full dump Best memory dump for analysis is kernel dump If checksum does not match dump is not written
  7. 7. When ? “ DUMP “ Crash occurred before paging file was open spontaneous reboot hung system paging file is too small not enough free space to extract dump
  8. 8. Analysis Basics Analysis tools parts of debugging tools for windows (free) Two tools can open kernel crash dumps : winDbg - GUL kd - command line
  9. 9. Symbols When applications are linked The linker that creates the .exe and .dll files also creates a number of additional files known as symbol files. Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process. Typically, symbol files might contain: Global variables Local variables
  10. 10. Symbols Symbol files contain names and location of internal data debugging needs kernel symbol file to analyze dumps kernel image : ntoskrnl.exe ntoskrnl.pdb is symbol file
  11. 11. How we do manually generate DumpCopy and Paste the following into Notepad:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesi8042prtParameters]"CrashOnCtrlScroll"=dword:00000001Save as CrashOnCtrlScroll.reg and save as type All Files. Double-Click the file tomerge it with the Registry. Restart your computer and you will be able to use it. Togenerate the minidump file you will need to press and hold the Right Cntrl key andtap the Scroll Lock key twice. You will be presented with the Blue Screen and yourcomputer will Restart.
  12. 12. NowDemo with notmyfault Analysis Of memory Dump
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×