Digging into Crash Dumps? Try Dumpchk first
Posted by: Ed Tittel
Desktops, Enterprise desktop, Windows Vista, Windows Vista troubleshooting, Windows Vista SP1, Windbg.exe, Dumpchk.exe, crash dumps
There’s no question that the Windows Debugger (windbg.exe) is a nonpareil tool when it comes to troubleshooting source code or digging into Vista crashdumps. But with the program’s requirement for current debug symbols, complex syntax (the downside of amazing functionality is detailed and demanding syntax), and vast power comes a certain amount of effort required to get things set up and working properly. If all you want is a quick peek at certain key fields in a full-blown crash dump (C:\Windows\Memory.dmp by default) or a minidump file (C:\Windows\Minidump\Minimmddyy-0x, where mmddyy maps into 120808 for December 8, 2008, and the x represents which minidump acquired that day you’re after, so that my December 8, 2008 mindump file is named Mini120808-01.dmp) the lightweight dumpchk.exe utility may be more to your liking.
Given the following filename example, here’s a pared-down snapshot of the command line input for dumpchk and its response:
c:\Temp>dumpchk c:\Windows\Minidump\Mini120808-01.dmp -e Loading dump file c:\Windows\Minidump\Mini120808-01.dmp ----- 32 bit Kernel Mini Dump Analysis DUMP_HEADER32: MajorVersion 0000000f MinorVersion 00001771 KdSecondaryVersion 00000000 DirectoryTableBase dc05e3e0 PfnDataBase 8236b850 PsLoadedModuleList 8234bc70 PsActiveProcessHead 82341990 MachineImageType 0000014c NumberProcessors 00000004 BugCheckCode 00000101 BugCheckParameter1 00000031 BugCheckParameter2 00000000 BugCheckParameter3 803d1120 BugCheckParameter4 00000001
The key information appears in the BugCheckCode entry (this maps to the Windows Stop error code that shows up on a bluescreen), and the four parameters that follow. A quick Google search on the Stop Error code presented as a Hexadecimal number of the form 0×00000101 is usually all it takes to find guidance on causes and potential fixes for such errors. In this case, I had to accept a light slap on the wrist for excessive over-clocking on my QX9650 processor and turn the clock rate back down in my PC’s BIOS (a reduction from 3.5 to 3.2 GHz did the trick nicely).
Sure Windbg.exe will do the same tricks, and a whole lot more, but why not use the quick’n’dirty dumpchk.exe if it will do the trick. If you download the Windows XP SP 2 Support Tools (Windows validation is required) you can grab and use dumpchk.exe on Windows Vista without difficulty.
0 Comments
RSS Feed
Email a friend
