Windows 7 has sometimes a pretty strange behavior. I am trying to solve a recurrent KERNEL_MODE_EXCEPTION_NOT_HANDLED problem on one of my Windows 7 boxes and discovered that, though properly configured, there is no memory.dmp file under c:\windows. Pretty strange and shocking, right? Investigating the absence of this file after a BSOD, I found out that if the problematic box isn't on a domain, and has less than 25GB free space, then Windows 7 won't keep a crash dump file.
 |
| BSOD... |
Luckily, a new registry value has been added that will override this odd behavior and always cause the crash dump file to be generated: set HKLM\System\CCS\Control\CrashControl\AlwaysKeepMemoryDump DWORD value to 1 and you will have a memory.dmp file under your Windows root folder (if there's enough disk space).
As a side note, if you are debugging a BSOD and you can't find this memory.dmp file, try to check under c:\windows\minidump: there you may find a short version of the missing memory dump. My suggestion is to use BlueScreenView to analyze them. This tool will in fact highlight the faulting driver straight away.
 |
| Bluescreenview screenshot |
That's all for this technical note. Now I am trying to guess why someone at MS decided to implement this new behavior. I think it should probably be due to the fact that under Windows XP people had often been complaining about memory dumps filling their hard drives. So I may agree with MS about this choice. Also, as far I have understood, a memory dump is always kept in case the BSOD appears on a Windows Server version. And this is reassuring.
Windows 8 appears to behave the same (as stated here).
Windows 8 appears to behave the same (as stated here).
No comments:
Post a Comment