当正在运行的Windows应用程序意外停止或崩溃时,您的系统会生成一个“崩溃转储文件”以保存在崩溃事件发生之前出现的信息。阅读这些故障转储文件可以帮助您找到错误原因并对其进行故障排除。了解如何读取由 Windows 创建的小型内存转储文件。(memory dump file)
读取小内存转储(Small Memory Dump)( DMP ) 文件
一个小的内存转储文件记录了最小的有用信息集,可以帮助您查明应用程序崩溃或意外停止的原因。每次您的计算机意外停止时,较新版本的Windows都会自动创建一个新文件。(Windows)与这些文件相关的历史记录存储在%SystemRoot%Minidump
文件夹中。转储文件类型包含以下信息:
- 停止(Stop)消息及其参数和其他数据
- 加载的驱动程序列表
- 停止的处理器的处理器上下文 ( PRCB )
- 已停止进程的进程信息和内核上下文 ( EPROCESS )
- 已停止线程的进程信息和内核上下文 ( ETHREAD )
- 已停止线程的内核模式(Kernel-mode)调用堆栈。
用户可以使用Windows Debugger (WinDbg.exe)工具读取小内存转储文件。它 ( WinDbg ) 是最新版本的Windows调试(Windows)工具(Debugging Tools)包的一部分。
您可以将调试工具安装为Windows 软件开发工具包(Windows Software Development Kit)( SDK ) 中的独立组件。
在安装过程中,当SDK安装向导出现时,选中标记为Debugging Tools for Windows的框。此操作将使您能够将调试工具安装为Windows 软件开发工具包(Windows Software Development Kit)( SDK ) 中的独立组件。
设置Windows 调试器(Windows Debugger)后,通过从“文件(File)”菜单中选择“打开故障转储(Open Crash Dump)”选项或按 CTRL+D 来打开转储。
当计算机屏幕上弹出打开故障转储(Open Crash Dump)对话框时,在文件名(File name)框中输入故障转储文件的完整路径和名称,或使用对话框选择正确的路径和文件名。
现在,选择正确的文件时,选择“打开(Open)” 。
等待(Wait)几秒钟以允许转储文件在连接到Internet时加载并下载所需的符号以显示在读数中。
您应该看到一条消息,阅读 – Debugee not connected。
成功下载所有符号后,转储文本底部应显示以下消息 -后续:MachineOwner。(Followup: MachineOwner.)
在转储窗口底部的命令栏中输入命令以分析转储文件。您应该会在Bugcheck Analysis(Bugcheck Analysis)!analyze -v
下看到一个链接。
点击链接!analyze -v
在页面底部的提示中输入命令。
完成后,详细的错误检查分析应该占据屏幕空间。
向下滚动(Scroll)到它显示的部分STACK_TEXT
。STACK_TEXT字段显示故障(STACK_TEXT)组件的堆栈跟踪。在这里,您会发现一排数字,每行后跟一个冒号和一些文本。该文本应该可以帮助您确定崩溃的原因,以及如果适用的话,是什么服务导致了崩溃。
使用!analyze
扩展获取更多详细信息。不要忘记使用-v
, 选项来完全详细地显示数据。
阅读(Read):如何在 Windows 11/10中手动创建故障转储文件。(manually create a Crash Dump file)
执行后,'!analyze' 命令将确定可能导致错误的指令并将其显示在FOLLOWUP_IP字段中。
- SYMBOL_NAME – 显示符号
- MODULE_NAME – 显示模块
- IMAGE_NAME – 显示图像名称
- DEBUG_FLR_IMAGE_TIMESTAMP – 显示与该指令对应的图像时间戳
采取必要措施解决问题!
- 您还可以使用命令行工具(use the command-line tool) Dumpchk.exe检查内存转储文件。
- 您可以使用Crash Dump Analyzer 软件(Crash Dump Analyzer software)来分析故障转储报告。
- 或者,您可以使用WhoCrashed 家庭版(WhoCrashed Home Edition),一键检查错误。该工具对Windows 内存转储(Windows Memory Dumps)进行事后崩溃转储分析,并以易于理解的方式呈现所有收集的信息。
希望有帮助!
相关阅读:(Related reads:)
- Windows 内存转储设置
- 故障转储文件中的物理内存限制(Physical Memory Limits in Crash Dump files)
- 配置 Windows 以在蓝屏上创建故障转储文件
- 控制 Windows 创建和保存的内存转储文件的数量。
How to open and read Small Memory Dump (dmp) files in Windows 11/10
Whеn a running Windows application stops or craѕhes unexpectedly, your system generates a ‘crash dump file’ to save information prеѕent just before the crashing event occurred. Reading these crash dump files may help you find and troubleshoot the cause of the error. Find how you can read a small memory dump file created by Windows.
Reading Small Memory Dump (DMP) files
A small memory dump file records the smallest set of useful information that may help you pinpoint why an application crashed or stopped unexpectedly. The newer version of Windows automatically creates a new file every time your computer stops unexpectedly. The history related to these files is stored in the %SystemRoot%\Minidump
folder. The dump file type contains the following information:
- The Stop message and its parameters and other data
- A list of loaded drivers
- The processor context (PRCB) for the processor that stopped
- The process information and kernel context (EPROCESS) for the process that stopped
- The process information and kernel context (ETHREAD) for the thread that stopped
- The Kernel-mode call stack for the thread that stopped.
Users can use the Windows Debugger (WinDbg.exe) tool to read small memory dump files. It (WinDbg) comes as a part of the latest version of the Debugging Tools for Windows package.
You can install the debugging tools as a standalone component from the Windows Software Development Kit (SDK).
During the setup, when the SDK installation wizard appears, check the box marked against Debugging Tools for Windows. This action will enable you to install the debugging tools as a standalone component from the Windows Software Development Kit (SDK).
Once you have set up the Windows Debugger, open a dump by choosing Open Crash Dump option from the File menu or by pressing CTRL+D.
When the Open Crash Dump dialog box pops up on your computer screen, enter the full path and name of the crash dump file in the File name box, or use the dialog box to select the proper path and file name.
Now, when the proper file has been chosen, select Open.
Wait for a few seconds to allow the dump file to load as it connects to the Internet and downloads the required symbols to display in the readout.
You should see a message, reading – Debugee not connected.
After all the symbols have been successfully downloaded, the following message should be visible at the bottom of the dump text – Followup: MachineOwner.
Enter a command into the command bar at the bottom of the dump window to analyze the dump file. You should see a link that says !analyze -v
under Bugcheck Analysis.
Hit the link to enter the command !analyze -v
in the prompt at the bottom of the page.
Once done, a detailed bug check analysis should occupy the screen space.
Scroll down to the section where it says STACK_TEXT
. The STACK_TEXT field shows a stack trace of the faulting component. Here, you will find be rows of numbers with each row followed by a colon and some text. The text should help you identify the cause of the crash and if applicable what service is crashing it.
Use the !analyze
Extension to get more details. Do not forget to use the-v
, option for a fully verbose display of data.
Read: How to manually create a Crash Dump file in Windows 11/10.
Upon execution, the ‘!analyze’ command will determine the instruction that has probably caused the error and display it in the FOLLOWUP_IP field.
- The SYMBOL_NAME – show the symbol
- MODULE_NAME – displays the module
- IMAGE_NAME – displays image name
- DEBUG_FLR_IMAGE_TIMESTAMP – shows image timestamp corresponding to this instruction
Take the necessary action to get the issue resolved!
Hope that helps!
Related reads:
- Windows Memory Dump Settings
- Physical Memory Limits in Crash Dump files
- Configure Windows to create Crash Dump Files on Blue Screen
- Control the number of Memory Dump Files, Windows creates and saves.