Windows XP

Windows memory dump files.

One reason not to disable virtual memory on any Windows boxen is that you might need to grab information from a dump file. If a booted OS doesn’t have at least 2MB of virtual memory then no dump file. The default location of memory dump files in Windows XP is %systemroot%/minidump (btw %systemroot% is your Windows install directory). These are created as a result of a blue screen (bsod is not your friend – unless you’re testing a DoS). Since blue screens are typically due to hardware or drivers, and there are often many of each of those, it can help to check out the dump files. If you have a host that’s getting a blue screen then you can grab the minidump folder from that host and copy it to another computer that will boot up.

These dump files will contain the actual stop message on the blue screen, stop message parameters, a list of loaded drivers at the time of the stop, the processor state at the time of stop, the kernel context for the process/thread that caused the stop and some other useful information. The dump file can then be read using Windows DumpChk.exe. Each time I need to review those I go back to this site at Microsoft for help doing so.