How to create full dumps

Discontinued Products Bug Reports, Beta Corner - CCAV
1

FULL/COMPLETE OS DUMPS
To report BSODS and complete OS freezes please set your computer up to record complete (full) OS dumps, not minidumps or kernel dumps

Some settings below require editing the registry. Before you edit the registry please create a restore point and make sure you understand how to get back it if you have a problem. If you don’t know how to edit the registry, please PM a mod and we will do our best to guide you.

[b]

  1. Setting up your computer to collect full dumps[/b]
  • You do this using (in Win 7 and probably most other versions): Computer ~ Properties ~ Advanced system settings ~ Advanced ~ Startup and recovery.
  • Also on the advanced settings dialog check that your swap file size is at least your Virtual or Physical Machine memory plus one megabyte.
  • Check you have sufficient normal disk space free on your OS drive. Some sites suggest 25GB, though I suspect 17 GB will do even on a machine with 16GB of memory.
  • Zip file and upload to cloud or use FTP server. Note that a full OS dump will create a very large file, which will need to be zipped before posting. Happily zipping makes it a lot smaller. opften it’s 10% of the original size.

2. Enabling complete (full) dumps option in Advanced system settings if this do not appear on the Advanced Settings drop down menu

From Sophos web site

3. How to initiate an OS dump deliberately eg when Windows is frozen (best method requires advance setup)
If testing CIS, it’s a good idea to have the ability to force a blue screen in the case of a total computer freeze so you can create a dump file for QA.

There are two methods of doing this, one of which (the most satisfactory, a registry edit) needs to be prepared in advance. I am not sure if both work on a virtual machine - you’ll certainly need to be careful about focus else you will BSOD your main machine by mistake - so please feedback. The second (using powershell) can be done when existing windows are frozen but new ones can be opened and the cursor is free. To perform a complete memory dump a BSOD is induced so please save all work first!

Registry edit method
This is described here: Forcing a system crash from the keyboard - Windows drivers | Microsoft Learn

In following these instructions, please note that the value you need to enter is ‘1’ (radio button should show ‘hexadecimal’, which is the default), according to a mod who has tested this. (Microsoft’s description of the value is confusing).


Powershell method
The powershell method is described here: 3 Ways to Force a Blue Screen in Windows - wikiHow

A less satisfactory alternative
You can also sometimes use cntrl-Alt-Del to get task manager up, and then right click on CIS processes dump them. But this gives less info of course. Then afterwards you may be able to reduce the priority of a process using high CPU to regain control. You can increase the likelihood of this working by running taskmgr or an equivalent at higher than normal priority whenever you are testing.

If you try these and find some additional wrinkles please feedback in the comments on help material trace.

Best wishes

Mike