Create a full memory dump



You need to create a full memory dump on a Windows calculator, and provide the deck to Symantec. Before you begin, see Overview of memory dump file options for Windows on for an overview and best practices of the memory dump work .
See How to configure system bankruptcy and convalescence options in Windows for extra guidance .

Check the page file settings

  1. In Windows, navigate to Start > Control Panel > System > Advanced system settings. The System Properties window appears
  2. In the Advanced tab, under Performance, click Settings
  3. Click the Advanced tab
  4. Under Virtual Memory, click Change
  5. Ensure that the page file on the boot drive is large enough to store the entire contents of the computer’s memory, plus one megabyte. For example, if the computer has 1 gigabyte of memory (1024 megabytes), the “Initial size” field should be at least 1025 (memory size plus 1 MB). Adjust the page file size if necessary
  6. Click Set
  7. Click OK
  8. Dismiss any “reboot required” dialog boxes; you will restart later
  9. Click OK
  10. Leave the System Properties window open and proceed to the next section

Enable complete memory dumps

memory dumps represent the stallion contents of all system memory written to disk. The standard rule of flick to ensure that there is adequate spare phonograph record distance to capture a entire memory dump is :

dislodge Disk Space = All of Physical Memory + 1 MB
If the calculator itselt can not provide enough free phonograph record distance, you can attach an NTFS formatted USB drive that has enough absolve phonograph record space

To enable complete memory dumps:

  1. In the System Properties windows, under Startup and Recovery, click Settings
  2. From the Write debugging information drop-down menu, select Complete memory dump
  3. Check Overwrite any existing file
  4. Click OK
  5. A message about pagefile requirements may appear; if it does, click Yes
  6. Click OK

Note: If the Complete memory dump choice is missing from the drop-down menu, you can enable it through the register rather. See How to generate a kernel or a accomplished memory dump file in Windows Server on for more information .


After a blue screen crash

When a blue screen crash occurs, it will write the contents of system memory to the page charge .
IMPORTANT: Write down the Stop Code displayed on-screen .
Upon restarting, a process called savedump.exe copies the contents from the page file to the MEMORY.DMP file on disk. Do not interrupt the savedump.exe process while it is running ; otherwise the MEMORY.DMP file will be truncated and possibly corrupted .
To confirm that the memory dump process is finished, watch the action in Task Manager until it is completed, to ensure the memory dump is wholly written.

The resulting MEMORY.DMP file can be quite large. however most of the contents are zero memory, so it should compress to a much smaller size. A one gigabyte memory dump will normally compress down to 100-300 megabytes, which will allow for much easier transplant across the network .
CAUTION: Some travel rapidly compaction routines have been known to corrupt the original file if it is over 2GB in size. For original files over 2GB in size, Symantec recommends one of the adopt options :

  • Use RAR compressions to compress the original file.
  • Copy the original file to a removable, NTFS formatted USB drive and ship it to Symantec. Symantec’s policy is to return the media once the data analysis is complete.

More on non full memory dumps

The more complex the issue, the more detail that is required to effectively analyze and determine beginning causal agent. While kernel dumps or other types of memory dumps may contain the minimum datum required, Symantec may require extra data to effectively determine rout cause .
Depending on the primary function of the system that is experiencing the write out ( DNS waiter, Exchanges server, firewall, etc. ) —and which generates the dump—you may find that scheduling maintenance clock time to gather extra data is baffling. further discussion may be necessity to decide what type of deck to generate .
Note: In general, a mini-dump ( Microsoft default. ) or a ADPlus deck are not informative enough for effective beginning cause psychoanalysis .

Technical information

To learn how to generate a kernel or a complete memory dump file in Windows Server 2008, see hypertext transfer protocol : //

Collecting a complete memory dump on Windows 2000, XP, or 2003 computers with over 2 GB of RAM can be difficult. You can work around this return by limiting the sum of memory visible to Windows, using one of the take after options :

  • Use the /maxmem switch. See
  • Use the /burnmemory switch, which is recommended for Windows XP or 2003. See

For more detail on how to accomplish a full dump on these operating systems, see hypertext transfer protocol : //
You may need to initiate the memory dump as an administrator if the write out under probe does not cause the organization to crash. There are two normally accepted methodologies for causing a calculator to generate a memory dump :

  • BANG! — Crash on Demand Utility

    Usage: bang [-s] : where -s indicates to automatically crash the system

  • Keyboard initiated dump – This Windows feature lets you generate a memory dump file by using the keyboard. See:
source :
Category : Tech

About admin

I am the owner of the website, my purpose is to bring all the most useful information to users.

Check Also


Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.