Creating Windows memory dump in case of system errors
ID: 18021501
Languages: EN, DE
Components: EgoSecure Server, EgoSecure Agents
Operating system: Windows
|
Task
Configure a Windows memory dump to produce a complete memory dump. You need the memory dump to get help in case of system freeze, hang or crash.
Requirements
Enough hard disk space to create a complete image of the memory dump.
Solution
Define the Windows settings to create a full memory dump. If required, additionally start the driver check to generate the memory dump. If necessary, reproduce a previously encountered blue screen manually.
Send the generated debugging information to the EgoSecure support.
Defining the size of the Windows memory image
- Open the Windows Control Panel.
- Click System and then click Advanced system settings.
⇒ The System Properties window appears. - In the Advanced tab, under Startup and Recovery, click Settings.
⇒ The Startup and Recovery dialog appears. - Select Complete memory dump and disable the Automatically restart option.
- Make sure that you have enough hard disk space to map the memory.
- Restart the computer.
Starting driver verification
Driver verification performs a kind of stress test to reproduce errors and create a memory dump.
For details, see Driver Verifier (Microsoft document)
- If Windows doesn't start normally, start in the safe mode.
- Open the Windows Command Prompt and enter verifier .
⇒ The Driver Verifier Manager opens. - Select Create custom settings (for code developers) and click Next .
- Check all settings from the list except the Systematic low resources simulation and Randomized low resources simulation settings (Win 7: Low resources simulation) and click Next.
- Set the Select driver names from a list radio button and click Next .
- Select the application drivers related to the problem if they are known.
Select all EgoSecure drivers. Depending on the version and operating system, the drivers can be the following:
esaccctl.sys , esaccctlfe.sys , esndislwf.sys , escdflt.sys , esndis.sys , eswfpfltwlh.sys , eswfpflt.sys , eswpdflt.dll and eswpdfltco.dll .
If the drivers are not in the list, click Add currently not loaded driver(s) to the list… and select the drivers listed above.
- Restart the computer in the normal mode.
If you had problems with blue screens before: If the blue screen doesn't appear on reboot, trigger it manually to make the necessary dump.
Reproducing blue screen manually
You can configure Windows to force a blue screen over the keyboard.
The following Windows versions support this feature:
- Windows Server 2003 SP1 with KB244139, Server 2003 SP2 or higher
- Windows Server 2008 SP1 with KB971284, Server 2008 SP2 or higher
- Windows Vista SP1 KB971284, Vista SP2 or higher
- Windows 7 or higher
- Name: CrashOnCtrlScroll
- Type: REG_DWORD (32bit)
- Value: 1
- Name: CrashOnCtrlScroll
- Type: REG_DWORD (32bit)
- Value: 1
- Name: CrashDumpEnabled
- Type: REG_DWORD (32bit)
- Value: 1
- Name: AlwaysKeepMemoryDump
- Type: REG_DWORD (32bit)
- Value: 1
Sending debug information
- Memory dump: memory.dmp file in C:\windows directory
-
EgoSecure log files (debug mode) of the Sever and affected Agents