A. In Windows NT 4.0 when a crash occurs the entire memory is dumper out to file memory.dmp to aid in the debugging of a crash. In reality its only information stored within the kernel portion of memory that is needed and Windows 2000 introduces the ability to only dump out the kernel area of memory.
Why? Well if we have 128MB of memory and the machine crashes we get a 128MB file, big, but not to big to FTP to Microsoft. Now imagine you have a huge data store server with terabytes of memory, while Microsoft has the ability to accept files these big a smaller file would be better for everyone.
Using the 128MB machine dumping out the kernel only portion of memory would result in a dump of around 35MB, so about 27% of the original file size.
To enable kernel only crash dumps perform the following:
- Start the system control panel applet
- Select the 'Advanced' tab and click the 'Startup and Recovery' button
- Under the 'Write Debugging Information' section select 'Kernel Memory
Click here to view image
- Click OK
- Restart the computer for the change to take effect
You can also set by changing values under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl key. CrashDumpEnabled should be set to 2 for a kernel dump, 3 for a mini-memory dump, and DumpFile should be set to %SystemRoot%\Memory.dmp.