Network Troubleshooting

PC crash have you down in the dumps? Find the cause from dump files

That dreaded PC or program crash can be frustrating, to say the least. A small consolation is that you’re not alone, as every PC owner has faced it at some point. Here is a statistic of program crashes at UC Berkeley, just to give you an idea that computer crashes are more common than you think.

While this may look bleak, the good news is you can recover the PC or program from most crashes, thanks to built-in files like dump files that give information about the crash to help you troubleshoot.

What are they?

As the name suggests, dump files contain the information “dumped” from a program’s memory when it crashes. That means you get information such as the processes that were running at the time of the crash, date and time stamp, associated programs and drivers, and more.

These files end with a DMP extension and follow a specific naming pattern, so you can find them easily. For example, minidump files are named in this format — MINI000000-00.dmp. Here the first six digits are replaced by the date while the last two digits are the sequence. For example, MINI170820-01.dmp means this is the first dump file on 17th August 2020. You can find these files in the%SystemRoot%\Minidump folder in your PC.

Types of dump files

The information you need to understand the cause of a crash is recorded in different dump file formats. The four types of dump files are:

  • Complete memory dump
  • Kernel memory dump
  • Small memory dump (less than 64KB)
  • Automatic memory dump

Let’s briefly look at each kind of dump file.

Complete memory dump file

This option records the contents of the system memory and could also include processes that were running at the time of the crash. When you choose this option, you have to ensure that the boot volume has enough space to hold this data.

Kernel memory dump file

As the name suggests, this option dumps only the kernel memory and hence, speeds up the process of recording information in a log file. This also requires considerable space for storing, typically about 2GB for 32-bit systems.

Small memory dump file

This type of file records a small amount of information that would be useful to identify the cause of a crash. This dump includes pertinent information such as:

  • Stop message and its parameters
  • List of drivers
  • Processor context only for the processor that stopped working
  • Process and kernel context for the process and thread that stopped working
  • Kernel-mode call stack

Automatic memory dump file

This is similar to the kernel dump, except that the size of the paging file is less than the size of the RAM. This is ideal when a computer crashes and the paging file is not big enough to hold the entire kernel memory.

Thus, these are the four types of dump files, and you can choose the one that best fits your needs, though mini or small dump memory files are a popular choice as it gives precise information without taking too much space.

Configuring dump files

You can configure the location and type of dump files to suit your preference, and here’s how you can do it.

  • Go to Control Panel
  • Double-click “System” and choose “Advanced settings”
  • Click the “Advanced” tab and under settings, navigate to “Startup and Recovery”

Microsoft

Here, you’ll find many options. In the “Write Debugging Information,” choose the right memory dump option. You can change the location of the dump files as well.

Reading and analyzing dump files

Most times, a program crash is caused by a malfunctioning device driver or kernel module, and in the case of the latter, systems and programs reboot automatically without displaying the error. The good news though, is these reboots are recorded in dump files, so by analyzing minidump files, you can fix the root cause to prevent it from happening again.

But you need the right tools to read and analyze these dump files.

Microsoft offers a built-in tool called Dump Check Utility to verify if a dump file has been created correctly. You can find out more about this tool here.

This tool verifies if the dump file has been created and validates its physical and virtual address. It reports in case of errors.

Here is an example of what this tool checks for you.

Many times, this sparse information is not enough to understand the root cause, and hence, you need third-party tools to glean the error information from these dump files.

Some popular tools that can open and analyze dump files are explained below.

BlueScreenView

BlueScreenView is a popular tool to analyze the minidump files on your system. It is free, so download it, unzip the file, and run it in your system.

When you open this tool, it will automatically analyze all the dump files in the default folder and will display,

  • Name of the file
  • Crash time
  • Bug check string
  • Caused by driver
  • Full path
  • File description
  • Bug check code

You can get more information when you double-click the name of the file on the BlueScreenView interface. To know how to fix the problem, you can even do a Google search by right-clicking that file name. Based on the search results, you can follow the instructions to fix the root cause.

WinDbg preview

Windows Debugger (WinDbg) preview is another handy tool for analyzing the minidump files. This tool has a modern interface and comes with advanced scripting tools.

You can download this tool here.

WinDbg comes with many advanced features such as:

  • Recalls previous sessions with the same configuration information.
  • Auto-detects processor architecture.
  • Loads asynchronously to give you more control.
  • Dump file gives extensive information on a user-friendly interface.
  • Integrates with NatVis or JavaScript extensions.
  • Has a dark theme.
  • Improved keyboard navigation.
  • Comes with two highlighting features.
  • Integrates with a search dialog box.
  • Enables or disables breakpoints.
  • Comes with built-in data model support.
  • Backward compatible.

Overall, this tool is comprehensive and comes with extensive features and menu options to make it easy to detect and fix the root cause of a crash.

WhoCrashed

WhoCrashed is a useful application for analyzing dump files and for identifying the drivers that caused the crash.

This tool has a free version, and you can buy the professional edition for more advanced features and use it on more than one computer. But the free version should be enough for home computers.

Softonic

Some features of this tool are:

  • Checks the drivers and other causes of the crash.
  • Analyzes dump files and presents the conclusion in an easy-to-understand language.
  • No additional debugging skills are needed to understand the cause of a crash.
  • Gives suggestions on how to proceed.
  • Identifies crashes even during boot, provided you run this tool in safe mode.

In all, memory dump files are a great way to know the cause of a crash, so you can fix the problem right away. You can choose the type of memory dump, depending on your needs and computer specifications.

To read and analyze these files, you need additional tools, and some of the popular choices are explained above. Do let us know if you’ve used other tools for analyzing these files.

Featured image: Shutterstock

Lavanya Rathnam

Lavanya Rathnam is a professional writer of tech and financial blogs. Creative thinker, out of the boxer, content builder and tenacious researcher who specializes in explaining complex ideas to different audiences.

Share
Published by
Lavanya Rathnam

Recent Posts

Low-code/no-code: Benefits, differences, drawbacks, and the future

Low-code/no-code provides a modular approach for developers — and even non-developers — to produce apps…

22 hours ago

Are you human or robot? How CAPTCHAs know

CAPTCHAs may be an annoying part of web surfing, but they serve a purpose for…

2 days ago

Pixel 6 unveiled: Finally, a smartphone winner for Google

Google hasn’t had a lot of success with its past smartphones, but the Pixel 6…

2 days ago

Cross-account container takeover: All about this little-known cloud threat

Palo Alto Networks uncovered a cross-account container takeover exploit that could threaten users of the…

2 days ago

IgniteTech adds IT management software to enterprise portfolio

Software maker IgniteTech has added 12 products to its enterprise portfolio, including several focused on…

3 days ago

Olympus Global issues warning about potential cyberattack

Medical systems maker Olympus Global, out of an abundance of caution, is warning the public…

3 days ago