How to read dump files

How to read dump filesSource: Windows Central

On Windows 10, every time there is a crash, the system creates a “dump” file containing the memory information at the time of the error that can help determine the reason of the problem.

The “.dmp” file includes the stop error message, list of the drivers loaded at the time of the problem, and kernel, processor, and processes details, as well as other pieces of information depending on the type of dump file you are using.

Although Windows 10 creates dump files automatically, the only problem is that you won’t find any built-in tools to open them, and this is when the Microsoft WinDbg tool comes in handy. WinDbg (Windows Debugging) is a tool that has been designed for debugging kernel-mode and user-mode code, examining processor registries, and analyze crash dumps.

In this Windows 10 guide, we will show you the steps to open a dump file to try to figure out what caused the crash to resolve the problem on your computer.

How to open dump file with WinDbg on Windows 10

On Windows 10, you may find multiple ways to open and review a dump error file, but the easiest way is to use the WinDbg tool available through the Microsoft Store.

Install WinDbg

To install the WinDbg tool on Windows 10, use these steps:

  1. Open your preferred browser.
  2. Open the WinDbg download page.
  3. Click the Get (or Install/Open) button.
  4. Click the Open button.

Click the Install button.

How to read dump filesSource: Windows Central

Once you complete the steps, the application will install, and it will be available through the Start menu.

Analyze dump file

To open and analyze a dump file created by a crash on Windows 10, use these steps:

    Open Start.

Search for WinDbg, right-click the top result, select the Run as administrator option.

How to read dump filesSource: Windows Central

Select the Open sump file option.

How to read dump filesSource: Windows Central

Click the Open button.

How to read dump filesSource: Windows Central

Type the following command in the run command and press Enter:

How to read dump filesSource: Windows Central

Quick tip: You can also click the !analyze -v link if available from the main area if available after loading the dump file.

  • Check the progress bar until the analysis is complete (this may take a long time depending on the data size).
  • After you complete the steps, the application will return the dump file analyses, which you can then review to determine the reason for the problem to help you resolve the issue.

    The information will be different depending on the problem. For example, this test dump file shows the info of a Blue Screen of Death (BSoD) – also known as a bug check –.

    The result points out that this was a manually initiated crash with an “e2” error code, which is correct since, for the purpose of this guide, we use these instructions to force a BSoD. The WinDbg even makes an excellent job describing the crash in a language anyone can understand (The user manually initiated this crash dump).

    How to read dump filesSource: Windows Central

    As you continue reviewing the dump file, you will also find more information, such as “FAILURE_BUCKET_ID” and “MODULE_NAME,” which could indicate what is causing the problem.

    How to read dump filesSource: Windows Central

    The information can be overwhelming since it is not meant for regular users. If your computer keeps crashing, you can use this tool to get an idea of the problem. If you cannot figure it out, you can use the hints in the report to search online to find more information.

    Also, if you feel comfortable, you can share these details at the Window Central or Microsoft forums to allow other people to help you find out a solution.

    More Windows 10 resources

    For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

    We may earn a commission for purchases using our links. Learn more.

    Microsoft predicts over 40% of people may quit their jobs this year

    Microsoft knows many people dislike their work. In fact, the company’s gone so far as to report which groups dislike work the most, and for what reasons.

    How to read dump files

    Here’s everything announced at EA Play Live 2021

    EA Play Live just concluded, and we rounded up all the announcements you need to know about. Here’s everything announced at EA Play Live 2021.

    How to read dump files

    Review: This Backbone iPhone controller is your best option for xCloud

    The Backbone One provides a new approach to mobile gaming, rivaling the best handhelds on the market through its first-class hardware, and a software experience to match.

    How to read dump files

    These are the best PC sticks when you’re on the move

    Instant computer — just add a screen. That’s the general idea behind the ultra-portable PC, but it can be hard to know which one you want. Relax, we have you covered!

    Another Beautiful Blog

    Easy Ways to Read Dump Files on Windows

    Many times when your computer system crashes you probably think of the reason behind the crash. Might be you don’t get the program or application that was running on your system after the crash and you’re unable to find out the culprit of your PC. Whenever your computer system crashes it will create dump files and show a log of application and programs. It will helpful for you to investigate the program which is responsible for the crash. Dump files are snapshots of applications and carry the matter of the memory of application or kernel. The dump files are saved in DMP file format. Windows creates dump files are known as “MINI000000-00.dmp”.

    How to read dump files

    The zeros can be substitute by dates and sequence number. Do you want to know and analyze the reason of your system crash? You can do it by analyzing the dump file. There are some software tools used for reading the dump files. Windows 10 provides you a driver kit by which you can read the DMP files. So in this article, you will get to know how to read dump files.

    Guide To Read Dump Files

    Window driver kit is used best for testing the drivers of Windows. You can also use this kit for analyzing the DMP files. Follow these simple instruction to know read the dump files.

    • Go to windows driver kit by visiting https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk in your browser.
    • Now tap on the download link option named as “Download WDK for Windows 10, version 1803”.
    • In your PC hard drive, from download menu open the WDK setup by double-clicking on “WDK folder”.
    • Now you have to install “Windows 10 Drive Kit”. On the first pages of the window, click ‘Next’.
    • Then after reading the instruction, click on ‘’Accept”.
    • Yes, a pop up appears tap “ok”.
    • Now, wait for the installation process.
    • After opening the windows by clicking on the icon of Windows (•) located in the bottom left edge.
    • Now in the search bar type ‘command prompt’ to find the command prompt app.
    • There you’ll get a black logo of Command Prompt. Right-click on it to get the menu.
    • Select ‘Run as Administrator’ from the drop-down menu.
    • Make sure you have an administrator account for doing this process.
    • Now press “ok” when prompted. This will indicate your dump files will able to open by ‘Windows Debugger’.
    • After that select start or tap on Windows (•) icon. Search for Windows Debugger by entering ‘windbag’. Then select “WinDbg (X86)” from the search result. By this Windows Debugger program will start.
    • Now you’ve to add a ‘symbol path’. It will instruct the Windows Debugger which info is to show. For this select “File” option.
    • Tap on ‘Symbol File Path’ and enter in the Symbol Search Path box- “SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols”.
    • Then press ‘OK’.

    After that to search the dump files you’ve to go to the ‘System Root Folder’. So follow these steps:

    • Tap on ‘Start’ and type ‘Run’. Then press ‘Enter’.
    • Here search for ‘System Root’. Press ‘Ok’.
    • Now press the ‘View’ option.
    • Look for MEMORY.DMP file and double-click on it.

    Now you’re able to read the dump files.

    The Final Words…

    It is good to know the responsible application or program for the crash of your PC. Windows 10 offers you great feature by which you can find the sinner of your computer. Dump files will tell you about that programs which are running on your system prior to the crash. By the steps which are mentioned above, you can read the DMP file format. The process is little time consuming but not difficult. Hope you like this article; share your comments on our blog to inform us.

    When a running Windows application stops or crashes unexpectedly, your system generates a ‘crash dump file’ to save information present just before the crashing event occurred. Reading these crash dump files may help you find and troubleshoot the cause of the error. Find how you can read a small memory dump file created by Windows.

    Reading Small Memory Dump (dmp) files

    A small memory dump file records the smallest set of useful information that may help you pinpoint why an application crashed or stopped unexpectedly. The newer version of Windows automatically creates a new file every time your computer stops unexpectedly. The history related to these files is stored in the %SystemRoot%\Minidump folder. The dump file type contains the following information:

    1. The Stop message and its parameters and other data
    2. A list of loaded drivers
    3. The processor context (PRCB) for the processor that stopped
    4. The process information and kernel context (EPROCESS) for the process that stopped
    5. The process information and kernel context (ETHREAD) for the thread that stopped
    6. The Kernel-mode call stack for the thread that stopped.

    Users can use the Windows Debugger (WinDbg.exe) tool to read small memory dump files. It (WinDbg) comes as a part of the latest version of the Debugging Tools for Windows package.

    You can install the debugging tools as a standalone component from the Windows Software Development Kit (SDK).

    During the setup, when the SDK installation wizard appears, check the box marked against Debugging Tools for Windows. This action will enable you to install the debugging tools as a standalone component from the Windows Software Development Kit (SDK).

    Once you have set up the Windows Debugger, open a dump by choosing Open Crash Dump option from the File menu or by pressing CTRL+D.

    When the Open Crash Dump dialog box pops up on your computer screen, enter the full path and name of the crash dump file in the File name box, or use the dialog box to select the proper path and file name.

    Now, when the proper file has been chosen, select Open.

    Wait for a few seconds to allow the dump file to load as it connects to the Internet and downloads the required symbols to display in the readout.

    You should see a message, reading – Debugee not connected.

    After all the symbols have been successfully downloaded, the following message should be visible at the bottom of the dump text – Followup: MachineOwner.

    Enter a command into the command bar at the bottom of the dump window to analyze the dump file. You should see a link that says !analyze -v under Bugcheck Analysis.

    Hit the link to enter the command !analyze -v in the prompt at the bottom of the page.

    Once done, a detailed bug check analysis should occupy the screen space.

    Scroll down to the section where it says STACK_TEXT . The STACK_TEXT field shows a stack trace of the faulting component. Here, you will find be rows of numbers with each row followed by a colon and some text. The text should help you identify the cause of the crash and if applicable what service is crashing it.

    Use the !analyze Extension to get more details. Do not forget to use the -v , option for a fully verbose display of data.

    Read: How to manually create a Crash Dump file in Windows 10.

    Upon execution, the ‘!analyze’ command will determine the instruction that has probably caused the error and display it in the FOLLOWUP_IP field.

    • The SYMBOL_NAME – show the symbol
    • MODULE_NAME – displays the module
    • IMAGE_NAME – displays image name
    • DEBUG_FLR_IMAGE_TIMESTAMP – shows image timestamp corresponding to this instruction

    Take the necessary action to get the issue resolved!

    • You can also use the command-line tool Dumpchk.exe to check a memory dump file.
    • You can use Crash Dump Analyzer software to analyze crash dump reports.
    • Alternatively, you can use WhoCrashed Home Edition to check for errors in a single click. The tool does a post-mortem crash-dump analysis of the Windows Memory Dumps and presents all gathered information in a comprehensible way.

    Hope that helps!

    Date: November 22, 2020 Tags: Troubleshoot

    Original Title: Blue Screen on IO Manager Driver Violation: which Log(s) – and tools to read them – do I need to check/use to detect exactly which driver(s) are at fault?

    For my Win 7 Ultimate 64-bit SP1 installation on a 2.5 yr old Sony Vaio Laptop, I’m getting an “occasional” Blue Screen of Death – i.e., it is popping up every 2 to 4 days.

    Report abuse

    Replies (2) 

    You can boot into Advanced Boot options and choose Disable Automatic Restart on system Failure to get the error message. Disable automatic restart on system failure prevents Windows from automatically restarting if an error causes Windows to fail.

    Refer the following link:

    Advanced startup options (including safe mode)

    What information appears in event logs (Event Viewer)?

    The log file will be %systemroot%\Minidump which is normally C:\windows\Minidump

    If the files don’t exist then setup your system to record them;-

    a. Go to Start and type in sysdm.cpl and press Enter

    b. Click on the Advanced tab

    c. Click on the Startup and Recovery Settings button

    d. Ensure that Automatically restart is unchecked

    e. Under the Write Debugging Information header select Small memory dump (256 kB) in the dropdown box

    f. Ensure that the Small Dump Directory is listed as %systemroot%\Minidump You may refer the link provided for more information about dump files:

    How to read the small memory dump files that Windows creates for debugging

    You can also download the debugging tool from the link mentioned below and check.

    Download and Install Debugging Tools for Windows

    I would also suggest you to perform the steps from the article and check if the issue persists.

    What do I do with the dmp files after uploading them to skydrive? Is there a way I can look at the files myself to see what’s wrong?

    Report abuse

    Replies (3) 

    If you want us to analyze them you will need to post the link to your Skydrive
    where you posted them (in the Public area).

    We can analyze the minidumps if you make them available from the
    OneDrive or other file
    sharing sites (such as MediaFire). If you have
    problems uploading the minidumps copy them to the Desktop or the
    Documents folder and upload them from there.

    One-Drive – Share files and folders and change permissions
    http://windows.microsoft.com/en-us/onedrive/share-file-folder

    Zip or upload the contents of C:\Windows\minidump

    Use OneDrive to upload collected files

    Run BlueScreenView and it displays the information in a very readable format –
    is quick and simple. BlueScreenView is not as accurate for the specific CAUSE
    as WinDBG however it provides a wealth of information – and again it is very
    simple to use,

    BlueScreenView – Free
    http://www.nirsoft.net/utils/blue_screen_view.html

    As you click on each top section Bug_Check the lower section displays the
    Filenames with more information. Sometimes the CAUSE is the actual cause
    though more likely it is what was affected (or driven to fault) by something
    else. Check the various commands/options from the menus and Right Click
    while in BlueScreenView.

    How to read the small memory dump files that Windows creates for debugging
    http://support.microsoft.com/kb/315263/en-us?p=1

    Check this thread for information using BlueScreenView, MyEventViewer
    and other methods to troubleshoot BlueScreens – top 3 replies (+1 other).
    This troubleshooter is for Windows 7 however it will also work for XP and
    Visa- the main differences are using RUN instead of Start – Search (for XP).

    WinDBG is a more complete debugging tool.

    How to read the small memory dump file that is created by Windows if a crash occurs
    http://support.microsoft.com/kb/315263/en-us

    Using Microsoft Windows Debugger (WinDbg)
    http://kipirvine.com/asm/4th/debug/windbg/index.htm

    Hope this helps.
    ——————————————————————————————–
    Rob Brown – Microsoft MVP Rob Brown – past Microsoft MVP – Windows Insider MVP 2016 – 2021
    Microsoft MVP Windows and Devices for IT 2009 – 2020

    Whenever a Windows 10 system fails, it collects and records important information about the failure (such as when and what caused the failure) and saves it as minidump files in the minidump. By analyzing the minidump file, you can easily understand what caused the error. If your computer has recently failed and you want to know how and where to find the minidump files, follow the methods described in this article and you can easily analyze the cause of the problem.

    How to read dump files

    What does the DMP file extension mean?

    Windows memory dump files with the “.dmp” extension are system files stored in binary format. In case of any error or sudden failure of a third-party program or even system function, these files will be created automatically.

    They record the details of the failure so that more advanced users can use .dmp files to troubleshoot problems with affected programs.

    For example, if there is a BSOD (blue screen of death), details of possible causes (drivers or other software are often suspects) can be found in the automatically created .dmp file.

    For obvious reasons, they are usually called “Memory.dmp” or “Crash.dmp”. They can be small individually in size.

    However, as DMP files accumulate over time, they can take up a lot of disk space when they are linked together. This way, you can easily clean them with the disk cleaning utility.

    Download and install the debugging tools for Windows

    How to read dump files

    The tools are part of the Windows SDK for Windows. We just need the tools.

    Go to the Windows Development Center to download the Windows SDK loader. It’s not a tool, it’s just a tool loader.

    The installer is the loader of the entire SDK. We don’t need all the extra services, we just need the tools.

    • Click “Next” in the installer until you reach the screen where the packages are loaded with the title “Select the components you want to install”.
    • Clear all the checkboxes next to all packages except Debugging Tools for Windows.
    • Click Install.

    Wait until the installer downloads and installs the packages. When the installation is complete, click “Close”.

    Use the Windows debugger to analyze the minidump files.

    Windows Debugger is a complex minidump file analyzer on your computer.

    August 2021 Update:

    We now recommend using this tool for your error. Additionally, this tool fixes common computer errors, protects you against file loss, malware, hardware failures and optimizes your PC for maximum performance. You can fix your PC problems quickly and prevent others from happening with this software:

    • Step 1 : Download PC Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista – Microsoft Gold Certified).
    • Step 2 : Click “Start Scan” to find Windows registry issues that could be causing PC problems.
    • Step 3 : Click “Repair All” to fix all issues.

    1. Download Windows 10 SDK on your computer. Click Download ISO. The latest version of Windows 10 SDK will be downloaded to your computer.
    2. Mount the ISO file “KSDKWIN10_MULFRE_EN-US_DV9” on your computer to view the files.
    3. Double-click “WinSDKSetup” to start the installation on your computer.
    4. In the “Specify location” window, select “Install WindowsWindows 10.0.18362.1 SDK on this computer” and click “Next”.
    5. You can select a separate installation directory on your computer by clicking “Browse”.
    6. In the “License Agreement” window, click “Accept” to accept the agreement to install the package on your computer.
    7. When you are prompted to select the components to install, check only the “Debug Tools for Windows” option and click “Install”.
    8. When the installation process is complete, simply click “Close” to close the configuration window.
    9. Press the Windows + R keys to open the “Run” window on your computer. Type “cmd” and press Ctrl + Shift + Enter to open the command line window with administrator rights.
    10. In the command line window, copy and paste these commands one by one, then press Enter after each command to run them one by one on your computer.

    How to read dump files

    CD \ Program Files (x86) \ Windows Kits \ Debuggers \ x64 \
    windbg.exe -IA

    1. Click the search box and enter “windbg”. Then right-click WinDbg (x64) * and select Run as administrator to open WinDbg on your computer. The WinDbg window will open.
    2. In the WinDbg window just click “File”, then “Path to icon file”.

    If the file is obtained from a third-party program or driver for your hardware device, updating or disabling the screen may prevent the blue screen from appearing. If it is a Windows file, one of your hardware, such as memory, processor, or motherboard, may be faulty. First you need to run a memory test because you can do this by simply pressing the start button and typing mdsched which will run the Windows memory diagnostic program.

    How to read dump files

    CCNA, Web Developer, PC Troubleshooter

    I am a computer enthusiast and a practicing IT Professional. I have years of experience behind me in computer programming, hardware troubleshooting and repair. I specialise in Web Development and Database Design. I also have a CCNA certification for Network Design and Troubleshooting.

    Question

    I am wanting to start reading my own dump files on Microsoft OS’s (primarily 7 and 8) so I can figure out problems for myself. I have Windows Debugger (WinDbg) installed and have read a few guides but they are vague. There is still a whole lot I need to learn. Any guides you guys can recommend? Maybe something a whole lot easier and more detailed or another debugger.

    So far I have read these guides from MS ->

    How to read the small memory dump file that is created by Windows if a crash occurs – https://support.microsoft.com/en-us/kb/315263

    Crash dump analysis using the Windows debuggers (WinDbg) – https://msdn.microsoft.com/en-us/library/windows/hardware/ff539316?f=255&MSPPError=-2147217396

    I don’t understand symbols and haven’t been able to get them to work and it mentions I386 folder but that isn’t present in Windows 7 and 8. I wasn’t able to get any of my minidumps to load.

    Answers

    The Windows Internals books that Mark R and David Solomon, and Alex Ionescu wrote is a very in-depth study on Windows NTx, having said that there is a number of sites that will give out the Windbg syntaxes to get notive users the answer they’re looking for if the answer is generally obvious, like a faulting third-party driver…

    The sites can be found easily with google, search windbg cheat sheet or tips etc.

    Also I personally would place the forum thread in the respective operating system here.

    • Marked as answer by Kate Li Microsoft employee Thursday, August 27, 2015 5:06 AM

    All replies

    Where is the best section here on the forum to ask for help reading dump files from BSOD’s? Is there any other good forums out there I could post to as well?

    • Merged by ZigZag3143x Friday, August 14, 2015 4:48 PM Dup thread

    In WinDbg you need to configure the path to the symbols folder (and the MS symbol server). You need to download the symbols for each OS you wish to analyze and in addition point to the online MS symbol server for any missing ones

    Your symbol path should looks something like this

    Wanikiya and Dyami–Team Zigzag

    Is it for help with a problem you are having or is it that you want to learn how to do it yourself?

    Wanikiya and Dyami–Team Zigzag

    Hello, you merged a thread that didnt need to be merged.

    Where is the best section here on the forum to ask for help reading dump files from BSOD’s? Is there any other good forums out there I could post to as well?

    Meaning which section of the forums should i post dump files so that i can get them read by experts.

    In WinDbg you need to configure the path to the symbols folder (and the MS symbol server). You need to download the symbols for each OS you wish to analyze and in addition point to the online MS symbol server for any missing ones

    Your symbol path should looks something like this

    Wanikiya and Dyami–Team Zigzag

    Is it for help with a problem you are having or is it that you want to learn how to do it yourself?

    Guides for Windbg – how to read dump files = Learning how to read dump files

    The other thread was asking for the best section of these forums to post dump files to be reviewed and analyzed. eg this for example, its a section –

    I am wanting to start reading my own dump files on Microsoft OS’s (primarily 7 and 8) so I can figure out problems for myself. I have Windows Debugger (WinDbg) installed and have read a few guides but they are vague. There is still a whole lot I need to learn. Any guides you guys can recommend? Maybe something a whole lot easier and more detailed or another debugger.

    So far I have read these guides from MS ->

    How to read the small memory dump file that is created by Windows if a crash occurs – https://support.microsoft.com/en-us/kb/315263

    Crash dump analysis using the Windows debuggers (WinDbg) – https://msdn.microsoft.com/en-us/library/windows/hardware/ff539316?f=255&MSPPError=-2147217396

    I don’t understand symbols and haven’t been able to get them to work and it mentions I386 folder but that isn’t present in Windows 7 and 8. I wasn’t able to get any of my minidumps to load.

    ARK: Survival Evolved

    I have a dedicated server that crashed today and I’m trying to find out why.

    Inside: \ShooterGame\Saved\Logs\
    is a dump file: Dump-1159819472.dmp

    But when I open it in Notepad++ it’s all garblygook.

    How do you read dump files created from an Ark server crash?

    I use the Windows Debugger Tool. You can find information here:

    I followed the tutorial but when I open my server’s dmp crash file with WinDbg, all it says is:

    Loading Dump File [X:\Bibliothèques\Bureau\Dump-1116883984.dmp]
    User Mini Dump File: Only registers, stack and portions of memory are available

    Symbol search path is: srv*
    Executable search path is:
    Windows 7 Version 7601 (Service Pack 1) MP (8 procs) Free x64
    Product: Server, suite: TerminalServer SingleUserTS
    Machine Name:
    Debug session time: Thu Jan 5 10:15:53.000 2017 (UTC – 5:00)
    System Uptime: not available
    Process Uptime: 0 days 0:42:24.000
    .
    .
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (1eb90.b620): Access violation – code c0000005 (first/second chance not available)
    ntdll!ZwGetContextThread+0xa:
    00000000`776fc80a c3 ret