Configuring Windows 10 to generate the right memory dump
Open Control Panel and go to the Startup and Recovery window:
Windows 10 button | Control Panel | System and Security | System | Advanced system settings | Startup and Recovery | Settings | Automatic memory dump
In the final window, Startup and Recovery, select the “Automatic memory dump” option as shown below and check the “Automatically restart” box (both of which are typically set by default in Windows 10).
Install WinDbg (you may not want it but you need it)
System Requirements To setup a PC for WinDbg-based crash analysis, you will need the following:
- 32-bit or 64-bit Windows 10 Depending on the processor you are running the debugger on, you can use either the 32- or 64-bit debugging tools. Note that it is not important whether the dump file was made on an x86-based or an x64-based platform.
- WinDbg The Debugging Tools for Windows portion of the Windows SDK for Windows 10 which you can download for free from Microsoft.
- Hard drive space Approximately 250MB of hard disk space (not including storage space for dump files or for symbol files)
- Internet Live Internet connection
Download WinDbg Download sdksetup.exe from Microsoft (about 1.2MB) that will launch the installation program from which you will select what components to install. Either go to the Hardware Dev Center page at Microsoft, scroll down to “Get debugging tools” and select “Debugging Tools for Windows 10 (WinDbg)” (item “A” below) or initiate the immediate download (item “B” below).
Space required Ignore the “Estimated disk space required” until you deselect the unwanted tools. Be sure to deselect all except “Debugging Tools for Windows,” which includes kernel and user-mode debuggers, plus help and tips for using the tools. Unless you will be coding, you won’t need the other modules and you will save a lot of disk space. In this test machine the install went from 2.5GB to about 250MB.
Run sdksetup.exe Install the Software Development Toolkit (SDK) on the system that you will use to analyze memory dump files on and remember that it can be a 32- or 64-bit machine running another version of Windows (it does not need to be running Windows 10).
1. Launch sdksetup.exe
2. Specify the location: The default installation path follows: C:\Program Files (x86)\Windows Kits\10\ Either accept the default or select the second option and define the path as you need.
3. Accept or reject the Windows Privacy question.
4. Accept the license Agreement.
5. Deselect all except “Debugging Tools for Windows”.
What are symbols and why you need them
With WinDbg installed – but before calling up a dump file – you need symbol table files. Symbol files for software are like exit signs on the highway; they tell you what is located if you stop there. They are a byproduct of compiling source code into an executable file (from a high-level language into machine code). During this process, the compiler creates symbol files with a list of identifiers, their locations in the program and their attributes.
However, programs do not need this information to execute, so symbols are typically stored in a separate file. This reduces the size of the executable resulting in the use of less disk space and faster load and operating speeds. Further, those symbol files are not normally shipped with the OS or the application they come from. The problem, then, is that when a program causes a problem resulting in a system failure, the OS only knows the hex address at which the problem occurred, but not who was there and what he was doing. Fortunately, Microsoft provides access to SymServ, which resolves the problem.
When opening a memory dump, WinDbg looks at the executable files (.exe, .dll, etc.) and extracts version information. It then creates a request to SymServ at Microsoft that includes version information and locates the precise symbol tables to draw information from. As mentioned earlier, it will not download all symbols for the specific operating system you are troubleshooting; it will download only what it needs.
In this case, for this Windows 10 PC, the symbol file folder ended up being 22MB in size. After running numerous crash tests, the folder was about 35MB. On another system upon which I ran numerous tests from several different PCs, the folder was still under 100MB. Just remember that if you open files from additional machines (with variants of the operating system) your folder can continue to grow in size.
Alternatively, you can opt to download and store the complete symbol file from Microsoft. Before you do, note that – for each symbol package – you should have at least 1GB of disk space free. This is because, in addition to space needed to store the files, you also need space for the required temporary files. Even with the low cost of hard drives these days, the space used is worth noting.
- Each x86 symbol package may require 750 MB or more of hard disk space.
- Each x64 symbol package may require 640 MB or more.
Symbol packages are non-cumulative unless otherwise noted, so if you are using an SP2 Windows release, you will need to install the symbols for the original RTM version and for SP1 before you install the symbols for SP2.
If you want to download the symbol files and save them locally (be sure to read the system requirements before downloading).
SymServ (aka: SymSrv/Symbol Table Server) is a critically important service provided – at no cost – by Microsoft to ensure accurate memory dump analysis. To use it, simply configure WinDbg to locate it and SymServ will automatically retrieve symbols specific to the exact version of Windows that the dump came from. And, after analyzing a dump file from one machine, if you call up a dump file from another, WinDbg and SymServ will automatically retrieve the symbols for that version of the OS as well.
From the Windows 10 UI, select the Windows 10 button then WinDbg | More | Run as administrator
You will then see a window with a few menu options and a blank main window area. Before you open a dump file, you must tell WinDbg where to find the symbol files.