Skip navigation
Menu
Compute Engines

Q. My machine is crashing and is showing a blue screen. How can I find out what’s causing the crash?

A. When your machine crashes, a memory dump file called memory.dmp is created in your Windows directory. You can use the dumpchk.exe utility to inspect what caused the dump. To use the utility, you must first download and install the symbol package for your OS from http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx. Once the symbols are installed, install the Debugging Tools for Windows from http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx. Versions are available for both 32-bit and 64-bit OSs.

Once you’ve downloaded and installed the symbol package and debugging tool, you can run a check against the memory dump file by using the following command:

dumpchk -y %windir%\symbols %windir%\memory.dmp

Following is the command’s output. Note the “Probably caused by” line, which indicates why the system crashed.

C:\Program Files\Debugging Tools for Windows (x64)>dumpchk -y %windir%\symbols
%windir%\memory.dmp
Loading dump file C:\Windows\memory.dmp

Microsoft (R) Windows Debugger Version 6.9.0003.113 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File \[C:\Windows\memory.dmp\]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: C:\Windows\symbols
Executable search path is:
Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (4 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 6001.18000.amd64fre.longhorn_rtm.080118-1840
Kernel base = 0xfffff800`02a61000 PsLoadedModuleList = 0xfffff800`02c26db0
Debug session time: Sun Sep 21 12:30:02.588 2008 (GMT-5)
System Uptime: 2 days 22:08:26.619
Loading Kernel Symbols
................................................................................
....................................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, \{167, 2, 0, fffff80002a9e835\}

Page c27fa not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 000007ff`fffd6018). Type ".hh dbgerr001" for details
Probably caused by : ntkrnlmp.exe ( nt!CcZeroEndOfLastPage+1b5 )

Followup: MachineOwner
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023