FULL/COMPLETE OS DUMPS
Some settings below require editing the registry. Before you edit the registry please create a restore point and make sure you understand how to get back it if you have a problem. If you don’t know how to edit the registry, please PM a mod and we will do our best to guide you.
[b]
- Setting up your computer to collect full dumps[/b]
To report BSODS and complete OS freezes please set your computer up to record complete (full) OS dumps, not minidumps or kernel dumps
- You do this using (in Win 7 and probably most other versions): Computer ~ Properties ~ Advanced system settings ~ Advanced ~ Startup and recovery.
- Also on the advanced settings dialog check that your swap file size is at least your Virtual or Physical Machine memory plus one megabyte.
- Check you have sufficient normal disk space free on your OS drive. Some sites suggest 25GB, though I suspect 17 GB will do even on a machine with 16GB of memory.
- Zip file and upload to cloud or use FTP server. Note that a full OS dump will create a very large file, which will need to be zipped before posting. Happily zipping makes it a lot smaller. opften it’s 10% of the original size.
In some cases the ‘complete dump’ option does not appear on the Advanced settings drop-down menu. Here’s how to deal with this (from the Sophos web site):
How do I enable the 'Complete memory dump' option?If the ‘Complete memory dump’ option is missing from the drop down menu follow the steps below to enable it.
Warning: The steps below involve editing the Windows registry. Read the registry warning in article 10388 if you are unfamiliar with the registry editor and/or do not have a recent backup.
Open the registry editor (Start | Run | Type: regedit.exe | Press return). Expand the left-hand tree and select the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl In the right-hand panel double-click the data value CrashDumpEnabled to edit it Change the value to '1'. For more information on the CrashDumpEnabled data value see Microsoft TechNet: CrashDumpEnabled. Click 'OK'. Restart the computer.</blockquote>
2. How to initiate an OS dump deliberately eg when Windows is frozen (best method requires advance setup)
If testing CIS, it’s a good idea to have the ability to force a blue screen so you can create a dump file for QA. This is particularly useful in the case of a full or partial Windows freeze, and in the case of a CIS process hang.There are two methods of doing this, one of which (the most satisfactory, a registry edit) needs to be prepared in advance, and will normally work even when the system seems totally frozen. The second (using Powershell) can be done when existing windows are frozen but new ones can be opened and the cursor is free. I am not sure if both work on a virtual machine - you’ll certainly need to be careful about focus else you will BSOD your main machine by mistake - so please feedback.
NB To perform a complete memory dump a BSOD is induced so please save all work first! Also NB after the BSOD you must wait until the machine has finished dumping before rebooting, which can take some time.
Registry edit method
(i) With USB keyboards, you must enable the keyboard-initiated crash in the registry. In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters, create a REG_DWORD value named CrashOnCtrlScroll, and set it equal to a value of 1 (Confusingly the Dialog Radio Button should show ‘Hexadecimal’).With PS/2 keyboards, you must enable the keyboard-initiated crash in the registry. In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters, create a REG_DWORD value named CrashOnCtrlScroll, and set it equal to a value of 1 (Confusingly the Dialog Radio Button should show ‘Hexadecimal’).
(ii) You must restart the system for these settings to take effect.
(iii) After this is completed, the keyboard crash can be initiated by using the following hotkey sequence: Hold down the rightmost CTRL key, and press the SCROLL LOCK key twice.
On some machines this method does not work. In that case please consult this link for more settings : Forcing a System Crash from the Keyboard - Windows drivers | Microsoft Learn
In following the Microsoft instructions, please note that the value you need to enter is ‘1’ (radio button should show ‘hexadecimal’, which is the default), according to a mod who has tested this. (Microsoft’s description of the value is confusing).
Powershell method
The powershell method is described here: 3 Ways to Force a Blue Screen in Windows - wikiHowA less satisfactory alternative
Even if the machine is frozen you can also sometimes use Cntrl-Alt-Del to get task manager up, and then right click on CIS processes dump them. But this gives less info of course. Then afterwards you may be able to reduce the priority of a process using high CPU to regain control. You can increase the likelihood of this working by running taskmgr or an equivalent at higher than normal priority whenever you are testing.3. Uploading your dump file
Zip file and upload to cloud or use FTP server. Note that a full OS dump will create a very large file, which will need to be zipped before posting. Happily zipping makes it a lot smaller. Often it’s 10% of the original size. Mega.co.nz offers 50GB of capacity for free and will take large files.4. Feedback needed please
If you try these and find some additional wrinkles please feedback in the comments on help material trace.Best wishes
Mike
[Edited and much improved after input by Savit and Wasgij - thanks guys! Registry edit method confirmed for USB keyboards by Wasgij]
[Edited again for clarity April 2016]
[Edited March 2019: added information on enabling manual crash using a PS/2 keyboard. Eric]