Export (0) Print
Expand All
14 out of 35 rated this helpful - Rate this topic

Use Dumpchk.exe to check a Memory Dump file

Updated: August 28, 2009

This article describes Dumpchk.exe, which is a command-line utility that you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.

This article applies to the following operating systems:

  • Windows XP®

  • Windows Vista®

  • Windows® 7

Dumpchk is a command-line utility that you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.

For Windows Vista and Windows 7, you can download Dumpchk.exe and other debugging tools for Windows products from the following Microsoft Web site:

Debugging Tools for Windows (http://go.microsoft.com/fwlink/?LinkID=156024).

noteNote
For Windows XP, Dumpchk is located on the Windows XP CD-ROM. Install the Support Tools by running Setup.exe from the Support\Tools folder on the CD-ROM. By default, Dumpchk.exe is installed to the Program Files\Support Tools folder.

Dumpchk has the following command-line options:

DUMPCHK [options] <CrashDumpFile>

     -? Displays the command syntax.

     -p Prints the header only (with no validation).

     -v Specifies verbose mode.

     -q Performs a quick test. Not available in Windows XP.

The following additional options are available in the Windows XP version of Dumpchk.exe:


    -c Does dump validation.

    -x Does extra file validation; takes several minutes.

    -e Does dump exam.

    -y <Path> Sets the symbol search path for a dump exam. 
       If the symbol search path is empty, the CD-ROM
       is used for symbols.

    -b <Path> Sets the image search path for a dump exam.
       If the symbol search path is empty, %SystemRoot%\System32
       is used for symbols.

    -k <File> Sets the name of the kernel to File.

    -h <File> Sets the name of the HAL to File.

Dumpchk displays some basic information from the memory dump file, then it verifies all the virtual and physical addresses in the file. If any errors are found in the memory dump file, Dumpchk reports them. The following is an example of the output of a Dumpchk command:


   Filename . . . . . . .Memory.dmp
   Signature. . . . . . .PAGE
   ValidDump. . . . . . .DUMP
   MajorVersion . . . . .free system
   MinorVersion . . . . .1057
   DirectoryTableBase . .0x00030000
   PfnDataBase. . . . . .0xffbae000
   PsLoadedModuleList . .0x801463d0
   PsActiveProcessHead. .0x801462c8
   MachineImageType . . .i386
   NumberProcessors . . .1
   BugCheckCode . . . . .0xc000021a
   BugCheckParameter1 . .0xe131d948
   BugCheckParameter2 . .0x00000000
   BugCheckParameter3 . .0x00000000
   BugCheckParameter4 . .0x00000000

   ExceptionCode. . . . .0x80000003
   ExceptionFlags . . . .0x00000001
   ExceptionAddress . . .0x80146e1c

   NumberOfRuns . . . . .0x3
   NumberOfPages. . . . .0x1f5e
   Run #1
     BasePage . . . . . .0x1
     PageCount. . . . . .0x9e
   Run #2
     BasePage . . . . . .0x100
     PageCount. . . . . .0xec0
   Run #3
     BasePage . . . . . .0x1000
     PageCount. . . . . .0x1000


   **************
   **************--> Validating the integrity of the PsLoadedModuleList
   **************

   **************
   **************--> Performing a complete check (^C to end)
   **************
   **************
   **************--> Validating all physical addresses
   **************
   **************
   **************--> Validating all virtual addresses
   **************
   **************
   **************--> This dump file is good!
   **************

If there is an error during any portion of the output, the dump file is corrupted and the analysis cannot be performed.

In the previous example, the most important information (from a debugging standpoint) is the following portion of the Dumpchk output:


   MajorVersion . . . . .free system
   MinorVersion . . . . .1057
   MachineImageType . . .i386
   NumberProcessors . . .1
   BugCheckCode . . . . .0xc000021a
   BugCheckParameter1 . .0xe131d948
   BugCheckParameter2 . .0x00000000
   BugCheckParameter3 . .0x00000000
   BugCheckParameter4 . .0x00000000


Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.