Article ID: 315271
Article Last Modified on 12/1/2007
APPLIES TO
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional x64 Edition
This article was previously published under Q315271
For a Microsoft Windows NT and Microsoft Windows 2000 version of this article, see 156280.
SUMMARY
This article describes Dumpchk.exe, which is a command-line utility that you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.
MORE INFORMATION
Dumpchk is located on the Windows XP CD-ROM. Install the Support Tools by running Setup.exe from the Support\Tools folder on the CD-ROM. By default, Dumpchk.exe is installed to the Program Files\Support Tools folder.
Dumpchk has the following command-line options:
DUMPCHK [options] <CrashDumpFile>
-? Displays the command syntax.
-p Prints the header only (with no validation).
-v Specifies verbose mode.
-q Performs a quick test. Not available in Windows XP.
Additional options are available in the Windows XP version of Dumpchk.exe:
-c Does dump validation.
-x Does extra file validation; takes several minutes.
-e Does dump exam.
-y <Path> Sets the symbol search path for a dump exam.
If the symbol search path is empty, the CD-ROM
is used for symbols.
-b <Path> Sets the image search path for a dump exam.
If the symbol search path is empty, %SystemRoot%\System32
is used for symbols.
-k <File> Sets the name of the kernel to File.
-h <File> Sets the name of the HAL to File.
Dumpchk displays some basic information from the memory dump file, then verifies all the virtual and physical addresses in the file. If any errors are found in the memory dump file, Dumpchk reports them. The following is an example of the output of a Dumpchk command:
Filename . . . . . . .Memory.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .1057
DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0xffbae000
PsLoadedModuleList . .0x801463d0
PsActiveProcessHead. .0x801462c8
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000
ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x80146e1c
NumberOfRuns . . . . .0x3
NumberOfPages. . . . .0x1f5e
Run #1
BasePage . . . . . .0x1
PageCount. . . . . .0x9e
Run #2
BasePage . . . . . .0x100
PageCount. . . . . .0xec0
Run #3
BasePage . . . . . .0x1000
PageCount. . . . . .0x1000
**************
**************--> Validating the integrity of the PsLoadedModuleList
**************
**************
**************--> Performing a complete check (^C to end)
**************
**************
**************--> Validating all physical addresses
**************
**************
**************--> Validating all virtual addresses
**************
**************
**************--> This dump file is good!
**************
If there is an error during any portion of the output, the dump file is corrupted and analysis cannot be performed.
In this example, the most important information (from a debugging standpoint) is the following portion of the Dumpchk output:
MajorVersion . . . . .free system
MinorVersion . . . . .1057
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000
You can use this information to determine what kernel Stop error occurred and, to a certain extent, what version of Windows was in use.
Additional query words: dump check
Keywords: kbhowto kbenv kbinfo KB315271
