Start Your Search At The Dump
For most of us, Windows stop errors are blessedly uncommon, but one thing that we’ve picked up in the countless hours spent forum lurking is that the key to understanding a particular error lies within the dump (.DMP) files. This is the first thing any grizzled forum sage worth her salt will ask you for if your issue is deemed worthy of a response. A .DMP file is essentially a log file that Windows creates in the event of an error that forces the system to shut down. In fact, these files are usually created and saved as the BSOD is displayed.
Your system can create multiple types of .DMP files, and they vary in size and thoroughness. Most often, they contain bits and pieces of data that was stored in memory at the time of the error. Some .DMP files can be quite large, and other, more application-specific, dump files contain just the most pertinent data relating to the error and are respectively small enough to easily post in a forum without getting flamed. We’ll go more in-depth regarding the size and types of .DMP files later, but first, let’s make sure your system is configured to generate them in the first place.
Automatic Memory Dump
This is the default write debugging setting, and the dump files it produces are indistinguishable from those generated using the Kernel Memory Dump setting. The system picks this one whenever the page file is set to a system-managed size, and the respective size of the paging file in this instance is designed to be large enough to capture a vast majority of the kernel memory dumps your system will potentially generate. Although we won’t touch on manually adjusting the paging file in this article, Microsoft recommends making sure it is capacious enough to store one or more of your chosen memory dump types.
Small Memory Dump (256KB)
Designed to be a lightweight memory dump that’s easy to share online. The small memory dump we created actually weighed in at 260KB, but that’s still a compact file. It includes the BSOD information, a list of drivers that were loaded at the time of the stop error, process information, and a small amount of kernel data. It isn’t as thorough as other memory dumps, but you can usually rely on it to pinpoint the problem.
Complete Memory Dump
Includes everything contained in physical memory. Some sources report that if there’s 8GB of system memory occupied at the time of a crash, then the complete memory dump will be 8GB in size. When we generated a complete memory dump on an otherwise idle system, the complete memory dump was a whopping 15.8GB in size, which is the amount of addressable RAM installed on our system. In either case, this memory dump type likely contains significantly more information than you’ll need to troubleshoot a BSOD problem. Because of their unwieldy size, complete memory dumps typically get purged shortly after creation unless you click the checkbox to disable automatic deletion.
Active Memory Dump
Win10 brings a new dump type to the table in the form of the Active Memory Dump, which is significantly more svelte than a Complete Memory Dump but includes kernel and user-mode space data stored in active memory. This type is a godsend for developers afflicted with slow networks.
Kernel Memory Dump
This type of memory dump will tend to include more data than the small variety, but it can be as large as one-third of the amount of RAM installed on the system. If you have 16GB of memory for instance, that could result in a kernel memory dump of more than 5.3GB. When we generated a kernel memory dump, admittedly with the system relatively idle, the file was a mere 383KB (we’re using a system with 16GB of system memory).
Microsoft reports that this dump file type includes memory allocated to the Windows kernel, hardware abstraction level, kernel-mode drivers, and other kernel-mode programs, but it excludes unallocated memory and memory set aside for user-mode applications. Microsoft also claims that this memory dump is the most useful for users like you and me, who are just trying to track down problems.