delphij's Chaos


05 Mar 2004

Windows memory dump options

From Microsoft’s KB:

You can configure Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003 to write debugging information to three different file formats (also known as memory dump files) when your computer stops unexpectedly as a result of a Stop error (also known as a “blue screen”, system crash, or bug check). You can also configure Windows not to write debugging information to a memory dump file. Windows can generate any one of the following three memory dump file types:

  1. Complete memory dump
  2. Kernel memory dump
  3. Small memory dump (64 KB)

The Windows approach of dealing with a “BSD”(Blue Screen of Death) is useful for reference on FreeBSD (Berkeley Software Distribution here, of course)’s panic.

On Windows platform, the dump is written immediately to a dumpfile, and on FreeBSD, the dump is written into a swap partition and soon after the reboot, it is saved through savecore(8).

FreeBSD’s dump is more or less similiar to the “Complete memory dump” mode in Windows. That’s the only way to dump kernel on crash. However, “Kernel memory dump” might be useful when we debug kernel because only memory mapped in Kernel’s virtual address is dumped.

The small dump will record even less information.