Link to home
Start Free TrialLog in
Avatar of hstandit
hstandit

asked on

analyse huge dump file

Hi All,

I have 1 GB memory.dmp. Do you know any tools that can analyse such a huge file? MS site has an article about small memory.dmp only.

Thanks,
Stand
ASKER CERTIFIED SOLUTION
Avatar of moss_icon
moss_icon

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Wayne Barron
Wayne Barron
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Carrzkiiss,

I have 512MB full memory.dmp and I can use windbg to process it.  I believe that Windbg can process 1GB memory dump. The memory.dmp is an unformatted dump and I wonder how you can use notedpad to read winodws minidump or full dump. I don't think it works.

cpc2004




You are not going to be able to read the special characters (Computer language)
Using any program that I am currently aware of unless you work for Microsoft.

Using Notepad.
You simply scroll through the file(s) that are split.
And look for information reguarding to a paritcular faluar in your system.
Rather Hardware or software.

I have been reading these files for many years using just "notepad"
I do not allow for the "Full Memory Dump" unless the problem persist and I cannot
Find the answer in the "Minidump" file.

But like I mentioned, I have done this for years.
You just cannot read the Computer Data Language.

Good Luck
Carrzkiss
Hi carrzkiss,

I think you are referring Dr Watson log and it is formatted dump. Dr Watson log is used for debugging application problem and the author wants to debug BSOD (blue screen of death).  He has a memory.dmp which is unformatted.
ok.
This I know. I am referring too reading the lines of a BSOD files.
Try it. take a look at a dump file.
Open it up in "Notepad" and have a look at it.
You will not be able to decode the language (Characters are Computer Language Based)
But you will be able to view the text. and the text is what you are after.
You will need to look for all the Text information that is in the files.
And see which line(s) tell you the problem.

cpc2004.
I know you mean well, but take my word on this.
I would have never posted to this question if I did not know what I was talking about.
Like mentioned above, I have been reading these .dmp files for over 7yrs.
And I have always read them using "notepad" As wordpad does not give an option to do
Word Wrap.

p.s.
I have not seen a Dr. Watson dump file in over 6yrs.
I am a software Developer, and Dr. Watson is disabled on all my Win2k Computers.
Only my NT4 Servers have Dr. Watson enabled. and I have not ever seen
A Dr. Watson dump file on them.

Take Care
Carrzkiss
hstandit
This question is old, and needs to be Finalized.
Either:  Accept Answer (or) Remove/Refund

Thanks
Hi Carrzkiss,

I've read over 700 minidumps within this years. I have resolved over 80 BSOD problem at this forum. You can check answer my answer. I also resolve a lot of BSOD problem at techspot.com. I am very sure my approach to analyse minidump is correct. How do you analyse the stack trace of a minidump by means of notepad?

Anyway I agree the author should accept or reject the answer. He has never respond this thread.
It does not matter to me who gets the points on this one.
I would just like to see it to be Finalized.
Rather you, me whoever.

I have never used [Windbg] but will have to take a look.
And since you are able to analyze the Stack Trace, then it would be better then Notepad.
So, since you are able to do that, then give you the points, sounds good to me.

Notepad, you are able to see what drivers where called at the point of the dump.
And what was fired. Sometimes I am right dead on the money using Notepad, and
Sometimes I am off slightly.

Either way, this question needs to be resolved.

Take Care
I am not here not hunting for points.  Most of my time I am at techspot.com which is free site. They have much more BSOD cases than here.
The comment from from carrzkiiss is incorrect, Notepad cannot analyze memory.dmp and the windbg is the proper tools.

Refer the following webpage
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
carrzkiss gets the points for the splitting of the files. AND notepad CAN help. Not the best way but if you do not have any other tool notepad is just great.
I would have to agree with "cpc2004" on the "notepad", after using information provided from
cpc2004 on using the "windbg" it is a lot easier to Debug the .dmp files.

Using "Notepad" will take an awful long time, but "does" show the problem.
But viewing huge files is a pain in the butt though.

So I will leave it up to the "Mods" on rather or not they think that I deserve a split in the points or not.

Take Care All
Carrzkiss
Hi Venabili,

Windows memory dump is not save at text format and it is required debugging tools to format the dump. Split the dump file will cause windows debugging tool unable to format the dump file because the dump is incomplete. If you accept Carrzkiss's comment. It will wrong expression that notepad and spluit the memory file is the proper procedure for dump reading.

cpc
Hi Venabilli,

Refer the following case.  
https://www.experts-exchange.com/questions/21717644/windows-debug.html

You can send a message to Lee Tutor to confirm whether notepad is the right tool to view windows memory dump or not.  I am not hunting for points and I want this thread provides the correct answer.
That is the reason why I wrote what I wrote cpc2004.
You have helped me understand the program better, and now it is what I use to assist
People with. As I had never heard of the program before.
Never to old to learn something new.
Nah. My mistake here... I thought we are talking for another dump... Sorry :)

Changed recommendation: Split: moss_icon {http:#13943667} & cpc2004 {http:#13944515}