Microsoft KB Archive/315271

= How to Use Dumpchk.exe to Check a Memory Dump File =

Article ID: 315271

Article Last Modified on 12/1/2007

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Professional x64 Edition

-



This article was previously published under Q315271





For a Microsoft Windows NT and Microsoft Windows 2000 version of this article, see 156280.



SUMMARY
This article describes Dumpchk.exe, which is a command-line utility that you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.



MORE INFORMATION
Dumpchk is located on the Windows XP CD-ROM. Install the Support Tools by running Setup.exe from the Support\Tools folder on the CD-ROM. By default, Dumpchk.exe is installed to the Program Files\Support Tools folder.

Dumpchk has the following command-line options:   DUMPCHK [options] 

-? Displays the command syntax.

-p Prints the header only (with no validation).

-v Specifies verbose mode.

-q Performs a quick test. Not available in Windows XP. Additional options are available in the Windows XP version of Dumpchk.exe:    -c Does dump validation.

-x Does extra file validation; takes several minutes.

-e Does dump exam.

-y  Sets the symbol search path for a dump exam. If the symbol search path is empty, the CD-ROM is used for symbols.

-b  Sets the image search path for a dump exam. If the symbol search path is empty, %SystemRoot%\System32 is used for symbols.

-k  Sets the name of the kernel to File.

-h  Sets the name of the HAL to File. Dumpchk displays some basic information from the memory dump file, then verifies all the virtual and physical addresses in the file. If any errors are found in the memory dump file, Dumpchk reports them. The following is an example of the output of a Dumpchk command:   Filename. . . . . . .Memory.dmp Signature. . . . . . .PAGE ValidDump. . . . . . .DUMP MajorVersion. . . . .free system MinorVersion. . . . .1057  DirectoryTableBase. .0x00030000 PfnDataBase. . . . . .0xffbae000 PsLoadedModuleList. .0x801463d0 PsActiveProcessHead. .0x801462c8 MachineImageType. . .i386 NumberProcessors. . .1  BugCheckCode. . . . .0xc000021a BugCheckParameter1. .0xe131d948 BugCheckParameter2. .0x00000000 BugCheckParameter3. .0x00000000 BugCheckParameter4. .0x00000000

ExceptionCode. . . . .0x80000003 ExceptionFlags. . . .0x00000001 ExceptionAddress. . .0x80146e1c

NumberOfRuns. . . . .0x3 NumberOfPages. . . . .0x1f5e Run #1 BasePage. . . . . .0x1 PageCount. . . . . .0x9e Run #2 BasePage. . . . . .0x100 PageCount. . . . . .0xec0 Run #3 BasePage. . . . . .0x1000 PageCount. . . . . .0x1000

**************  **************--> Validating the integrity of the PsLoadedModuleList **************

**************  **************--> Performing a complete check (^C to end) **************  **************   **************--> Validating all physical addresses **************  **************   **************--> Validating all virtual addresses **************  **************   **************--> This dump file is good! ************** If there is an error during any portion of the output, the dump file is corrupted and analysis cannot be performed.

In this example, the most important information (from a debugging standpoint) is the following portion of the Dumpchk output:   MajorVersion. . . . .free system MinorVersion. . . . .1057  MachineImageType. . .i386 NumberProcessors. . .1  BugCheckCode. . . . .0xc000021a BugCheckParameter1. .0xe131d948 BugCheckParameter2. .0x00000000 BugCheckParameter3. .0x00000000 BugCheckParameter4. .0x00000000 You can use this information to determine what kernel Stop error occurred and, to a certain extent, what version of Windows was in use.

Additional query words: dump check

Keywords: kbhowto kbenv kbinfo KB315271

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.