• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 797
  • Last Modified:

analyse huge dump file

Hi All,

I have 1 GB memory.dmp. Do you know any tools that can analyse such a huge file? MS site has an article about small memory.dmp only.

Thanks,
Stand
0
hstandit
Asked:
hstandit
  • 8
  • 8
  • 2
  • +1
3 Solutions
 
moss_iconCommented:
0
 
cpc2004Commented:
Windbg can analyze memory.dmp, minidump and userdump.
Refer  the followiing webpage for beginner.
http://www.jsiinc.com/SUBJ/tip4900/rh4981.htm

Advance command for memory dump
!memusage    (memory usage)
!thread           (display the current thread)
!process            (display the current process)
!process 0 0    (display all the process)
lm t n             (list loaded module)
!deadlock        (display dead lock)
u xxxxxx          (disassemble)
dc xxxxx          (display the memory location)

If there has a lot of commands, refer the help
0
 
Wayne BarronCommented:
You need to Split the files.

http://www.dekabyte.com/filesplitter/download.html

Simply use this program to grab the .dmp file.
And then Choose the amount of MB per file.

If it is the 500mb file.
Then you will want to do at the least "5mb"
At the most "10mb"

It is going to make a lot of files, but it works.

User "Notepad" to open the files.
Depending on the CPU Speed and Memory of your computer.
Will depend on how long it will take to load the files.

Once you load the file into "Notepad"
Choose [Format] | [Word Wrap] From the Options Menu.

So that you do not have to Scroll side to side.
Only Up and Down.
While going through the files.

I will tell you now.
I did this about 7yrs ago, and it took me about 12hrs
To go through all the files, to only find out that it was a Driver
Issue with a Network Card on the 2nd to the last file.

Good Luck
Carrzkiss
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
cpc2004Commented:
Carrzkiiss,

I have 512MB full memory.dmp and I can use windbg to process it.  I believe that Windbg can process 1GB memory dump. The memory.dmp is an unformatted dump and I wonder how you can use notedpad to read winodws minidump or full dump. I don't think it works.

cpc2004




0
 
Wayne BarronCommented:
You are not going to be able to read the special characters (Computer language)
Using any program that I am currently aware of unless you work for Microsoft.

Using Notepad.
You simply scroll through the file(s) that are split.
And look for information reguarding to a paritcular faluar in your system.
Rather Hardware or software.

I have been reading these files for many years using just "notepad"
I do not allow for the "Full Memory Dump" unless the problem persist and I cannot
Find the answer in the "Minidump" file.

But like I mentioned, I have done this for years.
You just cannot read the Computer Data Language.

Good Luck
Carrzkiss
0
 
cpc2004Commented:
Hi carrzkiss,

I think you are referring Dr Watson log and it is formatted dump. Dr Watson log is used for debugging application problem and the author wants to debug BSOD (blue screen of death).  He has a memory.dmp which is unformatted.
0
 
Wayne BarronCommented:
ok.
This I know. I am referring too reading the lines of a BSOD files.
Try it. take a look at a dump file.
Open it up in "Notepad" and have a look at it.
You will not be able to decode the language (Characters are Computer Language Based)
But you will be able to view the text. and the text is what you are after.
You will need to look for all the Text information that is in the files.
And see which line(s) tell you the problem.

cpc2004.
I know you mean well, but take my word on this.
I would have never posted to this question if I did not know what I was talking about.
Like mentioned above, I have been reading these .dmp files for over 7yrs.
And I have always read them using "notepad" As wordpad does not give an option to do
Word Wrap.

p.s.
I have not seen a Dr. Watson dump file in over 6yrs.
I am a software Developer, and Dr. Watson is disabled on all my Win2k Computers.
Only my NT4 Servers have Dr. Watson enabled. and I have not ever seen
A Dr. Watson dump file on them.

Take Care
Carrzkiss
0
 
Wayne BarronCommented:
hstandit
This question is old, and needs to be Finalized.
Either:  Accept Answer (or) Remove/Refund

Thanks
0
 
cpc2004Commented:
Hi Carrzkiss,

I've read over 700 minidumps within this years. I have resolved over 80 BSOD problem at this forum. You can check answer my answer. I also resolve a lot of BSOD problem at techspot.com. I am very sure my approach to analyse minidump is correct. How do you analyse the stack trace of a minidump by means of notepad?

Anyway I agree the author should accept or reject the answer. He has never respond this thread.
0
 
Wayne BarronCommented:
It does not matter to me who gets the points on this one.
I would just like to see it to be Finalized.
Rather you, me whoever.

I have never used [Windbg] but will have to take a look.
And since you are able to analyze the Stack Trace, then it would be better then Notepad.
So, since you are able to do that, then give you the points, sounds good to me.

Notepad, you are able to see what drivers where called at the point of the dump.
And what was fired. Sometimes I am right dead on the money using Notepad, and
Sometimes I am off slightly.

Either way, this question needs to be resolved.

Take Care
0
 
cpc2004Commented:
I am not here not hunting for points.  Most of my time I am at techspot.com which is free site. They have much more BSOD cases than here.
0
 
cpc2004Commented:
The comment from from carrzkiiss is incorrect, Notepad cannot analyze memory.dmp and the windbg is the proper tools.

Refer the following webpage
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
0
 
VenabiliCommented:
carrzkiss gets the points for the splitting of the files. AND notepad CAN help. Not the best way but if you do not have any other tool notepad is just great.
0
 
Wayne BarronCommented:
I would have to agree with "cpc2004" on the "notepad", after using information provided from
cpc2004 on using the "windbg" it is a lot easier to Debug the .dmp files.

Using "Notepad" will take an awful long time, but "does" show the problem.
But viewing huge files is a pain in the butt though.

So I will leave it up to the "Mods" on rather or not they think that I deserve a split in the points or not.

Take Care All
Carrzkiss
0
 
cpc2004Commented:
Hi Venabili,

Windows memory dump is not save at text format and it is required debugging tools to format the dump. Split the dump file will cause windows debugging tool unable to format the dump file because the dump is incomplete. If you accept Carrzkiss's comment. It will wrong expression that notepad and spluit the memory file is the proper procedure for dump reading.

cpc
0
 
cpc2004Commented:
Hi Venabilli,

Refer the following case.  
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21717644.html

You can send a message to Lee Tutor to confirm whether notepad is the right tool to view windows memory dump or not.  I am not hunting for points and I want this thread provides the correct answer.
0
 
Wayne BarronCommented:
That is the reason why I wrote what I wrote cpc2004.
You have helped me understand the program better, and now it is what I use to assist
People with. As I had never heard of the program before.
Never to old to learn something new.
0
 
VenabiliCommented:
Nah. My mistake here... I thought we are talking for another dump... Sorry :)

Changed recommendation: Split: moss_icon {http:#13943667} & cpc2004 {http:#13944515}
0
 
Wayne BarronCommented:
agree
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 8
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now