492

How to Read Dump Files

This knowledge how teaches you how to analyze your Windows computer’s dump files after a crash. Dump files, which are automatically created by Windows after your computer crashes, display a list of programs that were running before the crash; this can help you determine which programs are responsible for the crash. If you’re anticipating another crash or you want to test a program, you can use a free program called BlueScreenView to analyze your dump files. You can also use the free Windows 10 Drivers Kit to open dump files from a past crash.

Reading with BlueScreenView

 

1. Open Start Image titled Windowsstart.png Click the Windows logo in the bottom-left corner of the screen.

 

2. Type in view advanced system settings. This will search your computer for the Advanced System Settings section of Control Panel.

 

Knowledge how (How to Read Dump Files)

3. Click Knowledge how (How to Read Dump Files). It’s a computer monitor with a checkmark icon at the top of the Start menu. Doing so opens the Advanced System Settings window.

 

Knowledge how (How to Read Dump Files)

4. Click the Knowledge how (How to Read Dump Files) tab. You’ll see this at the top of the window.

  • You may first have to click the computer monitor-shaped icon that appears at the bottom of the screen to open the Advanced System Settings window.

 

Knowledge how (How to Read Dump Files)

5. Click Knowledge how (How to Read Dump Files). It’s below the “Startup and Recovery” heading near the bottom of the page. Doing this will open a separate window.

 

Knowledge how (How to Read Dump Files)

6. Click the “Write debugging information” drop-down box. You’ll find this box in the middle of the separate window. Clicking it prompts a drop-down menu.

 

Knowledge how (How to Read Dump Files)

7. Click Knowledge how (How to Read Dump Files). It’s in the drop-down menu. This option makes future memory dumps readable with a simple file explorer such as BlueScreenView.

 

Knowledge how (How to Read Dump Files)

8. Click OK. It’s at the bottom of the window. This will close the window and return you to the Advanced System Settings window.

 

Knowledge how (How to Read Dump Files)

9. Click Ok. Doing so saves your changes and closes the Advanced System Settings window.

 

Knowledge how (How to Read Dump Files)

10. Open the BlueScreenView page. Go to https://www.nirsoft.net/utils/blue_screen_view.html in your browser. BlueScreenView is a program that finds and analyzes dump files for you, making it easy to see which programs were running directly before a crash.

 

Knowledge how (How to Read Dump Files)

11. Download BlueScreenView. Scroll down and click the Download BlueScreenView with full install/uninstall support link that’s near the middle of the page.

 

Knowledge how (How to Read Dump Files)

12. Open the BlueScreenView setup file. Double-click the bluescreenview_setupfile in your computer’s “Downloads” location.

 

Knowledge how (How to Read Dump Files)

13. Install BlueScreenView. To do so:

  • Click Yes when prompted.
  • Click Next
  • Click Next 
  • Click Install
  • Wait for BlueScreenView to install.

 

Knowledge how (How to Read Dump Files)

14. Open BlueScreenView. Make sure that the “Run NirSoft BlueScreenView” box is checked, then click Finish at the bottom of the window. BlueScreenView will open.

 

Knowledge how (How to Read Dump Files)

15. Review your dump files. BlueScreenView has a top pane and a bottom pane; you’ll see the dump file(s) listed in the top pane, while the programs that were recorded by the currently selected dump file will appear in the bottom pane.

  • You can select a dump file by clicking it in the top pane.
  • At least one of the programs that were recorded by the dump file is most likely responsible for the crash.

 

Reading with the Windows Drivers Kit

 

Knowledge how (How to Read Dump Files)

1. Open the Windows 10 Drivers Kit page. Go to https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk in your browser. The Windows Drivers Kit allows you to open dump files of all kinds, making it useful for checking a dump file from a past crash.

 

Knowledge how (How to Read Dump Files)

2. Download the Windows Drivers Kit setup file. Scroll down and click the Download WDK for Windows 10, version 1803 link, which is below the “Install WDK for Windows 10” heading near the top of the page. The setup file will download onto your computer.

 

Knowledge how (How to Read Dump Files)

3. Open the WDK setup file. Double-click the wdksetup file in your computer’s default “Downloads” folder.

 

Knowledge how (How to Read Dump Files)

4. Install the Windows 10 Drivers Kit. To do so:

  • Click Next on the first 4 pages.
  • Click Accept
  • Click Yes when prompted.
  • Wait for the WDK program to finish installing.

 

Knowledge how (How to Read Dump Files)

5. Open Start Image titled Windowsstart.png . Click the Windows logo in the bottom-left corner of the screen.

 

Knowledge how (How to Read Dump Files)

6. Type in command prompt. This will search your computer for the Command Prompt app.

 

Knowledge how (How to Read Dump Files)

7. Right-click Image titled Windowscmd1.png Command Prompt. It’s a black box at the top of the Start window. A drop-down menu will appear.

 

Knowledge how (How to Read Dump Files)

8. Click Knowledge how (How to Read Dump Files). This option is in the drop-down menu.

  • You won’t be able to complete this step if you’re not on an administrator account on your computer.

 

Knowledge how (How to Read Dump Files)

9. Click Yes when prompted. Doing so opens the Command Prompt app in administrator mode.

 

Knowledge how (How to Read Dump Files)

10. Switch to the WDK directory. Type in the following address and then press ENTER:

  • cd C:\Program Files (x86)\Windows Kits\10\Debuggers\x86

 

Knowledge how (How to Read Dump Files)

11. Enter the installation command. Type in windbg.exe -IA and then press ENTER.

 

Knowledge how (How to Read Dump Files)

12. Click OK when prompted. This signifies that the Windows Debugger will now open dump files automatically.

 

Knowledge how (How to Read Dump Files)

13. Open WinDBG. Click Start Image titled Windowsstart.png , type in windbg, and click WinDbg (X86) in the results. The Windows Debugger program will open.

 

Knowledge how (How to Read Dump Files)

14. Add a symbol path. The symbol path tells the Windows Debugger which information to display:

  • Click File in the upper-left corner.
  • Click Symbol File Path…
  • Type in SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
  • Click OK

 

Knowledge how (How to Read Dump Files)

15. Find your dump file. To do this, you’ll need to go to the system root folder:

  • Open Start
  • Type in run and press ENTER
  • Type in %SystemRoot%
  • Click OK
  • Click the View tab.
  • Check the “Hidden items” box if it isn’t already checked.
  • Scroll down and double-click the MEMORY.DMP file.

 

Knowledge how (How to Read Dump Files)

16. Review the dump file’s results. You should see a list of programs that were open when your computer crashed, which will help you determine which program(s) is/are responsible for the computer crash.

5.00 avg. rating (100% score) - 3 votes

    No Comment.