When your Windows application crashes or quits unexpectedly, a “crash dump file” is created to store the current information before the error occurred. Reading a small memory dump file can help you determine and resolve the cause of program errors. You can use the free software called "BlueScreenView" to learn what is wrong with the program, or use the debugger tool for more advanced information.
Step
Method 1 of 2: Using BlueScreenView
Step 1. Use BlueScreenView if you need to find out the cause of the strike
Most users just need the heap file to determine what is causing the system error or Blue Screen of Death. Blue ScreenView is a free software made by NirSoft that can analyze heap files and tell the user what driver or other factors are causing the crash.
Heaps created during system errors are referred to as “minidumps.”
Step 2. Download BlueScreenView
You can download BlueScreenView directly from NirSoft at nirsoft.net/utils/blue_screen_view.html.
You can download the standalone program in ZIP format. This way, you can run the program without installing it. Once the ZIP file has finished downloading, right-click and select “Extract” to create a new folder with the BlueScreenView program
Step 3. Launch BlueScreenView
After extracting BlueScreenView from the ZIP file, launch the program inside. You will be prompted to continue by Windows.
Step 4. Locate the heap file that you want to analyze
When your computer crashes, a file named " minidump " is created in the Windows directory. These files have a.dmp extension, which BlueScreenView can read and tell you what happened. The minidump file can be found in C:\Windows\Minidump. If you don't see it, you may need to show hidden files:
- For Windows 10 and 8 users, click the "View" label in Windows Explorer and check the "Hidden items" box.
- For users of Windows 7 and earlier versions, open Folder Options from the Control Panel, click the " View " label, and select " Show hidden files, folders, and drives."
Step 5. Drag the.dmp file into the BlueScreenView window
The quickest way to open a.dmp file is to drag it into the BlueScreenView window. The file will not move from its original location. You'll see that the bottom half of the BlueScreenView window fills with data once the file is dragged into the window.
Step 6. Look for the " Caused By Driver " column at the top
You may have to scroll right a little to see it. This column will display the drive that caused the system crash.
You may also find the problematic drive because it is highlighted in red at the bottom of the window. Double-click on a highlight to see more details, such as product name, description, and path
Step 7. Use this information to solve your problem
Now, you know the cause of the crash and can start solving it. Do a web search with the keyword "(drive name) crash " to see if anyone else has had your problem.
Method 2 of 2: Using WinDBG
Step 1. Use this method for a more in-depth analysis
Most users do not need to use the Windows Debugger program to open the MEMORY. DMP file and check the heap code from memory when a system error occurs. If you want to find out more about how Windows uses its drives and memory, or you need to analyze heap files for development purposes, the Windows Debugger can provide you with a lot of information.
Step 2. Download the Windows Software Development Kit (WDK)
This program has a WinDBG program that will be used to open the heap file. You can download the WDK installer here.
Step 3. Run the sdksetup.exe file
The installation of the program will begin. Proceed through the first few windows and leave it at the original settings.
Step 4. Do not select everything except “Debugging Tools for Windows”
You can uncheck all other features as they won't be used to open heap files. This saves you installation time and hard disk space.
Step 5. Wait a moment while the file is downloaded and installed
Usually, this process takes a few minutes.
Step 6. Open Command Prompt as administrator
You will need to open a Command Prompt that is raised to associate the.dmp file with WinDBG for you to analyze. You will start the Command Prompt inside the " system32 " folder.
- For Windows 10 and 8 users, right-click the Windows button and "Command Prompt (Admin)."
- For Windows 7 users, open the Start menu and type cmd. Press Ctrl+⇧ Shift+↵ Enter.
Step 7. Go to the debugger directory
Enter the following command to move to the correct directory. For Windows 10 users, you can copy and paste it. For users of earlier versions of Windows, you must type:
cd\Program Files (x86)\Windows Kits\8.1\Debuggers\x64
Step 8. Enter the command to associate the heap file
Enter the following command to associate WinDBG with a.dmp file. Windows 10 users can copy and paste this file with the command:
- windbg.exe -IA
- If you entered the command correctly, a blank WinDBG window will appear, which you can close.
Step 9. Launch WinDBG
You will need to configure WinDBG to load the proper files from Microsoft to open.dmp files. You can do this via WinDBG.
The fastest way to launch the program is to press Win and type "windbg."
Step 10. Click "File" and select "Symbol File Path"
A new window will open.
Step 11. Copy and paste the following address
This path will tell WinDBG to download the required symbols directly from Microsoft, and store them in C:\SymCache:
- SRV*C:\SymCache*https://msdl.microsoft.com/download/symbols
- Your C:\SymCache folder will grow over time as you open more and more additional symbol and tick files downloaded from Microsoft.
Step 12. Locate the heap file that you want to analyze
Heap files (.dmp) are usually created when your system crashes. You should be able to find the heap files in the C:\Windows\Minidump directory after recovering your computer from crashing. The file can also be located in C:\Windows\MEMORY. DMP. If you can't find it, perhaps hidden files should be shown:
- For Windows 10 and 8 users, click the "View" label in Windows Explorer and check the "Hidden items" box.
- For users of Windows 7 and earlier versions, open Folder Options from the Control Panel, click the "View" label and select "Show hidden files, folders, and drives."
Step 13. Double click on the heap file
Provided you configure WinDBG properly following the steps above, WinDBg will launch and start processing the files.
Step 14. Wait while the heap file loads
The first time you open a heap file, you will need to wait a while while the symbols are downloaded from Microsoft. Do not interrupt the WinDBG program while it is loading files.
- The heap files will load much faster on subsequent openings because you already have the symbols in the C:\SymCache folder.
- You'll know when the heap file has finished loading when you see Followup: MachineOwner at the bottom of the file.
Step 15. Look for the sentence " Probably caused by"
This is the fastest way to find out the cause of program failure. WinDBG will analyze the heap file and report the drive or process causing the problem to the user. You can use this information to do more in-depth research and troubleshooting.
Step 16. Look for the BugCheck code
The heap file will return code for specific bugs encountered during the crash. Look for these codes just above the sentence " Probably caused by ". You'll usually see a two-character code, such as "9F."
