How to create dump file

Dump files are valuable tools for debugging and troubleshooting. They capture the memory state of a process, which helps developers identify issues. This guide explains how to create dump files on Windows and configure triggers using the Procdump tool.

Methods to Generate Dump Files

Using Task Manager

Task Manager offers a simple way to generate dump files.

1. Open Task Manager using Ctrl + Shift + Esc or by right-clicking the taskbar and selecting "Task Manager."
2. Go to the "Details" tab.
3. Find the target process, right-click it, and select "Create Dump File."
4. The dump file will be saved in C:\Users\<Username>\AppData\Local\Temp.

Using the Procdump Tool

Procdump can create dump files under specific conditions.

Basic Usage

Download and extract Procdump, then use this command in the terminal:

procdump -ma <PID or process name> dumpfile.dmp

Explanation:

• -ma: Creates a full memory dump.
• <PID>: The target process ID or name.
• dumpfile.dmp: The output file name.

For example, to create a dump file for Notepad:

procdump -ma notepad.exe notepad.dmp

Conditional Dump File Triggers

Procdump can generate dump files based on conditions like:

• High CPU Usage: When the CPU usage of a process exceeds a set threshold.
• High Memory Usage: When the memory usage of a process exceeds a defined value.
• Hung State: When the process is not responding.

Examples:

High CPU Usage:

procdump -c 80 -ma notepad.exe highcpu.dmp

This creates a dump file if CPU usage exceeds 80%.

High Memory Usage:

procdump -m 500 -ma notepad.exe highmemory.dmp

This creates a dump file if memory usage exceeds 500 MB.

Hung Process:

procdump -h -ma notepad.exe hang.dmp

This creates a dump file if the process is hung.

Using Visual Studio

Visual Studio provides another way to create dump files.

1. Open Visual Studio.
2. Go to "Debug" -> "Attach to Process."
3. Select the target process and click "Attach."
4. In the Debug menu, select "Save Dump File."
5. Specify the file path and name.

Using WinDbg

WinDbg is a powerful tool for generating detailed dump files.

User Mode Dump Files

1. Open WinDbg.
2. Click "File" -> "Attach to a Process" and select the target process.
3. Enter this command to create a dump file:

.dump /ma C:\path\to\dumpfile.dmp

Kernel Mode Dump Files

1. Connect WinDbg to the target system using a serial port, network, or another method.
2. To create a full kernel dump file, run:

.dump /f C:\path\to\kernel_full.dmp

For a small kernel dump file, use:

.dump /mf C:\path\to\kernel_mini.dmp

Ensure there is enough disk space, especially for full dumps.

Automatic Dump Generation with WER

Windows Error Reporting (WER) can automatically create dump files when an application crashes.

1. Open the Registry Editor (regedit).
2. Navigate to:
   • For all processes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
   • For a specific application: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\<Application Name>
3. Configure these keys:
   • DumpFolder: The path to save dump files (String value).
   • DumpCount: The maximum number of dump files (DWORD value).
   • DumpType: The type of dump file (1: Mini dump, 2: Full dump, DWORD value).

Conclusion

Windows provides multiple ways to generate dump files. Options like Task Manager, Procdump, and Visual Studio suit different scenarios. Procdump is ideal for capturing dumps based on specific conditions. WinDbg offers advanced debugging and kernel analysis, making it essential for complex issues.