Reputation: 29
How to generate kernel dump by using Windbg?
How to generate kernel dump by using WinDBG?
If I'm using the command, can it generate the Kernel dump?
.dump /f
or I have to use .crash to get the kernel dump?
Upvotes: 1
Views: 685
Answers (1)
Reputation: 59208
Yes, .dump /f generates a kernel dump when you're in kernel debugging mode. It'll not create a kernel dump when you're debugging in user mode.
.crash however, will crash the system, i.e. cause a BSOD (blue screen of death), which is not guaranteed to generate a kernel dump, especially not a full memory kernel dump. There are certain conditions for .crash to work:
- BSOD crash dumps must be configured, especially if you want full RAM
- The system must have a page file
- The page file must be large enough to keep all RAM + a bit of overhead
- The page file must be on the system partiion
- There must be enough free disk space to copy the dump from the page file to disk during next startup
A similar effect can be achieved by SysInternals NotMyFault /crash, but it suffers under the same conditions.
So, the more reliable way is .dump.
As mentioned by Sean Cline before, you can use SysInternals LiveKD with the -o and perhaps -m switch to generate a kernel dump.
There are other options as well, but I never successfully applied them myself, e.g. I never managed to take a kernel dump via Ctrl+Scroll+Scroll.
Upvotes: 4
Related Questions
- Analysing crash dump in windbg
- Windbg Dump Generated programmatically can't be Debugged
- How to create a kernel dump using WinDbg
- How to generate Windows complete memory dump correctly?
- Windows crash dump analysis
- How to get crash dump in Windows 8.1 without using WinDbg
- WinDbg to create dump file upon crash?
- Help needed:Analyze the dump file in WinDbg
- Help me analyze dump file
- crash generate dump