How to Find and Analyze Dump Error Files on Windows PC

When your system crashes, the first thing that you should figure out is what must have caused this issue. Only when you know the underlying causes, you may work on how to fix them on your computer. In this guide, we will discuss what are dump error files on Windows, how are they generated, and what to do to overcome the system crash. 

When something bad happens to your computer, dump files are generated. In short, these files appear because your PC is detecting and analyzing issues or data being loaded into memory. Dump Error files on Windows often appear due to corrupted OS or certain apps that have stopped working recently. Apart from this, they can also be created manually.

Find and Analyze Dump Error Files on Windows PC

Note: To create Dump files, Windows PC requires at least 2 megabytes (MB) size page files on the boot volume. 

What are Dump Files in Windows?

Memory dump files are basically those files that are created at the time of a system crash. Windows log this information so that users may get a rough idea when the system crashes the next time. Every Dump files have a unique name that includes the crash date, such as “mini022900-01.dmp“. 

In the example above, one can easily guess that this dump file was generated on February 29, 2000-01. The dump files must have been saved in the “% SystemRoot% Minidump” folder. Well, now that you know what Dump files are, you must be curious about how to locate and diagnose such files. This article will discuss several tools that can help you to analyze dump files. Go through all four methods discussed below, and see which one works in your case. 

After the dump files have been created, you may look for the following information on it –

  • The error message or the parameters displayed on it.
  • A list of system drivers that might have become corrupted.
  • The PRCB context that had triggered this issue.
  • The process information and kernel context (EPROCESS & ETHREAD) for the process/thread that stopped.

What are the different types of Dump Files on Windows PC? 

If you are looking for what we say dump files on Windows operating system, here’s a list including all such files –

  • Complete memory dump
  • Kernel memory dump
  • Small memory dump (64 KB)
  • Automatic memory dump

Methods to Find and analyze Dump Error Files

1] Use WinDbg preview

Analyze Dump files with WinDbg preview

The WinDbg preview was first developed by Microsoft so that it could understand the underlying causes behind the Dump files. It’s also one of the simplest methods to locate and analyze Dump Error Files.

Download and install the WinDbg preview

Get WinDbg from the Microsoft Store, or search for it online. When you have the required setup file, install it on your computer. 

Open WinDbg preview and load the Dump file

After installing WinDbg preview, look for the WinDbg preview shortcut in the start menu. Once started, launch “Files” from the left top corner of the WinDbg preview.

Click on “open Dump files” after selecting “start debugging”. Moving forward, search for Dump files, select the appeared Dump file. You may press the open button. It takes its own time to open depending on your file selection. When reading or loading a file, the message “Debugging is running” appears. Please wait for it to finish.

 The Dump file’s “!analyze-v” command

After you’ve finished loading the Dump file, you’ll need to run a command. So, at the bottom of the text field, type the command “analyze-v” and then press Enter. The file is interpreted, read, and analyzed by WinDbg preview. This whole process will take some time to finish. The file length size and the number of debugging packs must interpret and tell us the waiting time. 

Interpretation of the dump file

Once you’ve completed the above steps, you’re ready to move on to the next step. Once you have the report, you can see what possibly could have caused the system to crash, and the same is displayed on the screen. Scroll down the command panel until you find “Bugcheck analysis”.

It displays crucial information about the cause of the problem. Continue scrolling down and stop when you’ve reached the bottom. When you come across the phrase “Bugcheck code,” write it down. This code is crucial because it tells you the root cause of the problem occurring on your device. 

You must write down the code and then use your web browser to look up the meaning of the code. However, don’t look for the e2 bug code; a BSOD can be manually generated on the test computer.

2] Try the Bluescreen view

Bluescreen View is a free program that can be used to find and analyze Dump files. This is the most common method. So, download, unzip and run this file on your computer. When you run it, the Dump files are automatically displayed in the default folder. Running this tool should provide you the following entails –

  • The file’s name.
  • The time of the accident.
  • A string to test for a bug.
  • The entire path will be shown.
  • Which factor contributed to it?
  • The file’s description.
  • Programming code for debugging.

To get more information about the Dump files, double-click on the file’s name. In order to learn more about the bug, we must conduct a Google search.

 3] Try WhoCrashed 

This is one of the free programs that can be used to locate Dump files. If you want more advanced features, you’ll have to pay for them. However, for a personal computer, the free version will suffice. Using this tool, one may perform the following checks –

  • It investigates the causes of the accident by looking into the drivers and other factors.
  • The user is given a simple explanation of the Dump file after it has been analyzed.
  • Using this for debugging files does not necessitate any additional skills.
  • It offers advice on how to proceed.
  • It detects and reports crashes during boot, allowing the system to run more smoothly. As a result, memory dump files are the cause of crashes; therefore, identify the file based on your needs and analyze it using additional tools as described in other methods.

 4] Use Dumpchk to check Dump files 

If you want to check whether a dump file is generated correctly or not, you may use Dumpchk command-line program. Here are a few DumpChk (options) that you may explore. Make sure to execute only what’s available within the quotes. 

  • -?“: Displays a list of command syntaxes.
  • -p“: Specifies that only the header should be printed.
  • The verbose mode is indicated by “-v.”
  • Use “-q” to run a quick test.
  • Use “-c” to validate the dump.
  • “-x” to perform additional file validation only if necessary.
  • Examine the Dump file with “-e.”
  • -y “symbol search path for Dump file examination is set.
  •  The “-b“image search path for the Dump file has been specified.
  • The “-k” kernel name is a filename.
  • Hal’s name is saved to a file with the “-h” option.

Dumpchk is a program that displays some basic information about memory dump files as well as indicates whether or not an error occurred during their creation. If an error occurs while creating a Dump file, it means the file has become corrupted and can no longer be used for analysis.

How to Open Dump Files

To open the debugger and view dump files on it, do the following –

  • Press Win + S, type “run”, and click on the top result.
  • When the Run dialog opens up, type “CMD”, and press Ctrl + Shift + Enter.
  • Doing so will launch Command Prompt having admin rights.
  • On the elevated console, copy/paste the below command line, and press Enter again –

cd c: program filesdebugging tools for Windows

  • This command will take you to the “File debugging tools” directory.
  • Execute this command next –

windbag -y SymbolPath -i ImagePath -z DumpFilePath" or "kd -y SymbolPath -i ImagePat -z *DumpFilePath

  • That’s it, you may now view the debugger and dump files inside it. 

How to analyze Dump Files

If you want to gather some information out of these Dump files, run the command as elaborated below. While running any code, make sure that you run the command without using the quotes. Otherwise, the command will fail on some error code –

  • “! analyze -show”: Display and mention a bit about the error code.
  • “!analyze -v”: Show the output in a more verbose format. 
  • ” lm N T”: Display the specific loaded modules, including the module’s status and path.

That’s it, I hope you now know what exactly are dump files, and how to find or analyze them. 

Read Next

Ashwitha

Ashwitha