How to View Windows Minidump Files

What is a MiniDump File? 

When you encounter a BSOD (Blue Screen of Death) in Windows the computer will save information regarding the error message in a log file. This log file or minidump file is saved in the Minidump subdirectory under Windows (C:\Windows\MiniDump). Generally the information saved in this minidump file can help pinpoint the cause of the blue screen error message and help you in resolving the problem.

However, the minidump file is not saved in a text format, so if you try to open the file in a text editor like Notepad you won't be able to decipher the information and understand it.

So, how do you view a minidump file and decipher the contents? Microsoft distributes several utilities that allow you to do this, but you have to download them. The following information will help you configure your system to save minidump files, download and install the debugging tools, and view the minidump files.

Configuring Windows to Save MiniDump Files

First of all, you need to configure Windows to save these important log files. Most of the time, this is already done automatically, however follow these steps to make sure these log files are being saved.

1) Click on Start

2) Right-click on My Computer

3) Click on Properties

4)  In Windows XP, click on the Advanced tab. In Windows Vista, click on the Advanced System Systems option on the left side of the screen.

5) Under Startup and Recovery, Click on the Setting button

6) Under the System Failure section, you'll see the options for the memory dump file. Write an event to the system log should be checked along with Send an Administrative Alert. The debugging information should be set to the Small Memory dump (64K) and generally the Small Dump Directory is set to %SystemRoot%\Minidump. In most cases this is the C:\Windows\Minidump directory.

As far as the third check box is concerned, if this is checked the computer will automatically restart when a blue screen error message is encountered. So, if your computer is booting into Windows, then rebooting automatically most likely you are getting some sort of blue screen error message and its forcing the computer to restart. If you uncheck this box, then the message itself will appear so you can retrieve important details about the error.

Windows
 Minidump setup

Download and Installing the Debugging Tools to Read Minidump Files

In order to view the Minidump files, you have to download the following tools.

Debugging Tools for Windows including WinDbg

Although most of the time its not necessary, you can download the Symbol packages as well as the Debugging Tools so you can read the Minidump logs easier. Once you've downloaded the Debugging Tools for the correct version of Windows and installed them, open the WinDbg program by following these steps.

1) Click on Start
2) Click on All Programs
3) Click on Debugging Tools for Windows group
4) Click on WinDbg to open

The screen should look similar to the one below.



Deciphering the Minidump Files

In the WinDbg program, click on File, then click on Open Crash Dump

Browse to the following directory on your hard drive and open a minidump log. The drive letter will be whichever drive you installed Windows on. In most cases, this is drive C.

C:\Windows\Minidump

After you open a minidump file in WinDbg, scroll to the bottom of the file. You should see a line that says Probably caused by:, followed by a filename. This is the problem file. In my case the file was related to the ELock Program in the Acer Empowering Technology set of tools. I simply uninstalled this program from the computer and the blue screen and problem went away.

Probably caused by : eLock2FSCTLDriver.sys ( eLock2FSCTLDriver+11332 )

Although you may not recognize the file that is causing the problem, it definitely helps in tracking down a solution for the blue screen error message and resolving the issues.

0 comments:

Post a Comment