This article discusses how to retrieve memory dump files for diagnostic use in cases where protected machines crash shortly after a Datto Windows Agent install.
There are three types of memory dump.
- Complete memory dump: The complete contents of physical memory at the time of the crash. This is the most useful and informative, and the ideal option for troubleshooting these crashes.
- Automatic/Kernel memory dump: Does not contain user-mode process information, but still populates useful information in a system crash. Smaller than the complete dump.
- Small memory dump (minidump): 64 KB in size for x86 systems; 128 KB on x64 systems. Contains stop code, parameters, loaded device driver list, current process and thread info, and kernel stack info for the thread that caused the system crash. These can provide some helpful information as to the cause of crashes, but may not be as useful as larger options.
1. Click Start, right-click My Computer, and select Properties (If this is a Windows 8/10 based OS, from the directory panel on the left, select the File Explorer. Right-click the This PC icon, then click Properties).
2. In System Properties, click Advanced.
Figure 2: click Advanced system settings
3. In Startup and Recovery, click Settings.
Figure 3: Click Settings in Startup and Recovery.
4. The dump file options are in the Write debugging information section.
Figure 4: Select the memory dump type
5. The memory dump file is typically located in %SystemRoot%\MEMORY.DMP
The system root is typically C:\Windows\System32.
If the system is configured for minidump, the default location folder is %SystemRoot%\Minidump.
Opening Memory Dump Files
Standard text editors will not open .dmp files properly. Download and install the Windows Driver Kit for Windows 10.
After installing WDK for Windows 10:
- Open the Start menu
- Click File and select Open Crash Dump.
- Browse to the .dmp file you wish to analyze
- Click Open.
The file will load with viewable contents.