Skip to main content
Matrix42 Self-Service Help Center

Creating Windows memory dump in case of system errors

ID: 18021501
Languages: EN, DE
Components: EgoSecure Server, EgoSecure Agents
Operating system: Windows
 

Task

Configure a Windows memory dump to produce a complete memory dump. You need the memory dump to get help in case of system freeze, hang or crash.

Requirements

Enough hard disk space to create a complete image of the memory dump.

Solution

Define the Windows settings to create a full memory dump. If required, additionally start the driver check to generate the memory dump. If necessary, reproduce a previously encountered blue screen manually.
Send the generated debugging information to the EgoSecure support.

Defining the size of the Windows memory image

  1. Open the Windows Control Panel.
  2. Click System and then click Advanced system settings.
    ⇒  The System Properties window appears.
  3. In the Advanced tab, under Startup and Recovery, click Settings.
    ⇒  The Startup and Recovery dialog appears.
  4. Select Complete memory dump and disable the Automatically restart option.

    recovery.jpg
     
  5. Make sure that you have enough hard disk space to map the memory.
  6. Restart the computer.

Starting driver verification

Driver verification performs a kind of stress test to reproduce errors and create a memory dump.

For details, see Driver Verifier (Microsoft document)

The order of the commands in the Driver Verifier Manager in Windows 7 may differ from the description below.
  1. If Windows doesn't start normally, start in the safe mode.
  2. Open the Windows Command Prompt and enter verifier .
    ⇒ The Driver Verifier Manager opens.
  3. Select Create custom settings (for code developers) and click Next .

    verifier.jpg

  4. Check all settings from the list except the Systematic low resources simulation and Randomized low resources simulation settings (Win 7: Low resources simulation) and click Next.

    verifier2.jpg

  5. Set the Select driver names from a list radio button and click Next .

    verifier3.jpg
     
  6. Select the application drivers related to the problem if they are known.
    Select all EgoSecure drivers. Depending on the version and operating system, the drivers can be the following:
    esaccctl.sys , esaccctlfe.sys , esndislwf.sys , escdflt.sys , esndis.sys , eswfpfltwlh.sys , eswfpflt.sys , eswpdflt.dll and eswpdfltco.dll .
    If the drivers are not in the list, click Add currently not loaded driver(s) to the list… and select the drivers listed above.

    verifier4.jpg
  7. Restart the computer in the normal mode. 
    If you had problems with blue screens before: If the blue screen doesn't appear on reboot, trigger it manually to make the necessary dump.

Reproducing blue screen manually

You can configure Windows to force a blue screen over the keyboard.
The following Windows versions support this feature:

  • Windows Server 2003 SP1 with KB244139, Server 2003 SP2 or higher
  • Windows Server 2008 SP1 with KB971284, Server 2008 SP2 or higher
  • Windows Vista SP1 KB971284, Vista SP2 or higher
  • Windows 7 or higher
For details, see Forcing a System Crash from the Keyboard (Microsoft docs)
 
Triggering blue screen via keyboard
 
1. If you use a USB keyboard:
Create the following value under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdhid\Parameters
  • Name: CrashOnCtrlScroll
  • Type: REG_DWORD (32bit)
  • Value: 1
 
2. If you use a PS2 keyboard:
Create the following value under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt\Parameters
  • Name: CrashOnCtrlScroll
  • Type: REG_DWORD (32bit)
  • Value: 1
 
3. If you use Windows 7:
In addition, create the following 2 values under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
  • Name: CrashDumpEnabled
  • Type: REG_DWORD (32bit)
  • Value: 1
  • Name: AlwaysKeepMemoryDump
  • Type: REG_DWORD (32bit)
  • Value: 1
 
4. Restart the computer.
5. Wait for about 2 minutes till the problem reproduces.
6. Hold down the rightmost Ctrl key and press the Scroll Lock key twice.
⇒ The system generates the blue screen with the MANUALLY_INITIATED_CRASH stop code and creates the dump.
7. To disable the command for triggering a blue screen with the keyboard, change the previously created registry value CrashOnCtrlScroll from 1 to 0 or delete it.

Sending debug information

Send the following files to the EgoSecure support:
Please, note that due to the size, the data cannot be sent by e-mail. Make the data available for download or contact the support for an FTP access.
 
  • Was this article helpful?