How to Read Dump Files
This knowledge how teaches you how to analyze your Windows computer’s dump files after a crash. Dump files, which are automatically created by Windows after your computer crashes, display a list of programs that were running before the crash; this can help you determine which programs are responsible for the crash. If you’re anticipating another crash or you want to test a program, you can use a free program called BlueScreenView to analyze your dump files. You can also use the free Windows 10 Drivers Kit to open dump files from a past crash.
Reading with BlueScreenView
1. Open Start . Click the Windows logo in the bottom-left corner of the screen.
2. Type in view advanced system settings. This will search your computer for the Advanced System Settings section of Control Panel.
3. Click . It’s a computer monitor with a checkmark icon at the top of the Start menu. Doing so opens the Advanced System Settings window.
4. Click the tab. You’ll see this at the top of the window.
- You may first have to click the computer monitor-shaped icon that appears at the bottom of the screen to open the Advanced System Settings window.
5. Click . It’s below the “Startup and Recovery” heading near the bottom of the page. Doing this will open a separate window.
6. Click the “Write debugging information” drop-down box. You’ll find this box in the middle of the separate window. Clicking it prompts a drop-down menu.
7. Click . It’s in the drop-down menu. This option makes future memory dumps readable with a simple file explorer such as BlueScreenView.
8. Click OK. It’s at the bottom of the window. This will close the window and return you to the Advanced System Settings window.
9. Click Ok. Doing so saves your changes and closes the Advanced System Settings window.
10. Open the BlueScreenView page. Go to https://www.nirsoft.net/utils/blue_screen_view.html in your browser. BlueScreenView is a program that finds and analyzes dump files for you, making it easy to see which programs were running directly before a crash.
11. Download BlueScreenView. Scroll down and click the Download BlueScreenView with full install/uninstall support link that’s near the middle of the page.
12. Open the BlueScreenView setup file. Double-click the bluescreenview_setupfile in your computer’s “Downloads” location.
13. Install BlueScreenView. To do so:
- Click Yes when prompted.
- Click Next
- Click Next
- Click Install
- Wait for BlueScreenView to install.
14. Open BlueScreenView. Make sure that the “Run NirSoft BlueScreenView” box is checked, then click Finish at the bottom of the window. BlueScreenView will open.
15. Review your dump files. BlueScreenView has a top pane and a bottom pane; you’ll see the dump file(s) listed in the top pane, while the programs that were recorded by the currently selected dump file will appear in the bottom pane.
- You can select a dump file by clicking it in the top pane.
- At least one of the programs that were recorded by the dump file is most likely responsible for the crash.
Reading with the Windows Drivers Kit
1. Open the Windows 10 Drivers Kit page. Go to https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk in your browser. The Windows Drivers Kit allows you to open dump files of all kinds, making it useful for checking a dump file from a past crash.
2. Download the Windows Drivers Kit setup file. Scroll down and click the Download WDK for Windows 10, version 1803 link, which is below the “Install WDK for Windows 10” heading near the top of the page. The setup file will download onto your computer.
3. Open the WDK setup file. Double-click the wdksetup file in your computer’s default “Downloads” folder.
4. Install the Windows 10 Drivers Kit. To do so:
- Click Next on the first 4 pages.
- Click Accept
- Click Yes when prompted.
- Wait for the WDK program to finish installing.
5. Open Start . Click the Windows logo in the bottom-left corner of the screen.
6. Type in command prompt. This will search your computer for the Command Prompt app.
7. Right-click Command Prompt. It’s a black box at the top of the Start window. A drop-down menu will appear.
8. Click . This option is in the drop-down menu.
- You won’t be able to complete this step if you’re not on an administrator account on your computer.
9. Click Yes when prompted. Doing so opens the Command Prompt app in administrator mode.
10. Switch to the WDK directory. Type in the following address and then press ENTER:
- cd C:\Program Files (x86)\Windows Kits\10\Debuggers\x86
11. Enter the installation command. Type in windbg.exe -IA and then press ENTER.
12. Click OK when prompted. This signifies that the Windows Debugger will now open dump files automatically.
13. Open WinDBG. Click Start , type in windbg, and click WinDbg (X86) in the results. The Windows Debugger program will open.
14. Add a symbol path. The symbol path tells the Windows Debugger which information to display:
- Click File in the upper-left corner.
- Click Symbol File Path…
- Type in SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
- Click OK
15. Find your dump file. To do this, you’ll need to go to the system root folder:
- Open Start
- Type in run and press ENTER
- Type in %SystemRoot%
- Click OK
- Click the View tab.
- Check the “Hidden items” box if it isn’t already checked.
- Scroll down and double-click the MEMORY.DMP file.