Principles of WinDBG functioning

G

Gadgety

New member
Local time
3:16 PM
Messages
37
On the forum I find instructions of how to install and test WinDBG, but I have a hard time finding descriptions of how it works in principle.

Here are my questions:

1. Are dumpfiles overwritten? That is, does dmp work as a buffer, so when new dmp files are created by the system, the old ones are overwritten? I read somewhere the dmp file can get pretty large, in that case dmp files would be saved until explicitly deleted. I'm asking because when doing the BugCheckAnalysis of the dmp only the latest BSOD is part of the readout. They can still be found in the Log Book for administrative occurences (sorry if this Log Book is the incorrect term, Windows mixes English with local language)

2. Are dumpfiles temporary and once read and analysed, are they gone? I can't regenerate the report.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build
OS
Windows 7 Professional 64 bit
CPU
Xeon X5650
Motherboard
EVGA SR-2
Memory
Crucial CT3KIT102472BB160B
Graphics Card(s)
Nvidia Quadro 2000
Monitor(s) Displays
Acer
Screen Resolution
1024
Hard Drives
Samsung 840 EVO 250GB
WD Red 3TB
PSU
Silverstone Strider ST-1500
Case
Lian-Li PC-90
Keyboard
Logitech KU-1255 ThinkPad Compact USB with Trackpoint
Mouse
Trackpoint on keyboard; Logitech G600
Internet Speed
LTE 50-80 MB/s
Antivirus
MSE+Antimalwarebytes
Browser
Firefox primary; IE11 secondary
Other Info
Secondary system:
W7 Pro x64
AMD A8-7600 Kaveri
AsRock FM2A88X-ITX+
ADATA 2x4GB DDR 2133 PC3-17000
Kingston Tech SSDNOW 300 120GB
External WD 1021 2TB USB
Samsung Slimline SN-506BB Bluray Writer
Lian-Li PC-Q02
DVB-T2 Hauppage PCTV 292e USB stick
Hello mate look as far as I know the dump files should be in a list form and I am wondering if you have cleared any dump files by using a disk clean up something like this Disk Cleanup - Open and Use the first option in C: Properties - right click on the C: drive > Properties > General tab > Disk Cleanup will list clear dump files for example there is a second option that will clear old updates etc too

Edit Imeant to add that the dumps should remain after reading them not deleted so try this Dump Files - Configure Windows to Create on BSOD
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build (new) Desk1 / Asus ROG Win 7 / Desk2 1st build
OS
Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
CPU
Desk1 i5 3750K / Laptop i7 GTX 860M / Desk2 i5 2500
Motherboard
Desk1 Asus P877-V / Desk2 Gigabyte H67 UD3H / Laptop ?
Memory
Desk1 8GB (1866) / Desk2 16GB (1333) / Laptop 8Gb DDR3
Graphics Card(s)
Desk 1& 2NVidia GTX 650 & Laptops on board Intel
Sound Card
Desk 1 & 2 -XONAR DG Realtek High Def audio Laptop
Monitor(s) Displays
Desk 1 Benq HD 2450 / Desk2 Philips 24" / Laptop 17.5"
Screen Resolution
1920x1080 D1 & D2 & Laptop 1
Hard Drives
Desk1 Samsung 120GB 830 SSD
Asus ROG 256GB 850 Pro SSD
Desk2 Samsung 840 256 SSD
Toshiba 120GB EVO
PSU
Desk 1 Corsair HX 1050/ Laptop ? / Desk 2 Corsair HX 650
Case
Desk 1 Cooler HAF XM ? Toshiba laptop / Desk2 Coolermaster
Cooling
Fans on all Desk1 -2 Desk2 - all Coolermasters 5 Laptop ?
Keyboard
Desk 1 MS Sidewinder X6 Desk 2 MS Sidewinder X 4
Mouse
Desk 1&2 - Gigabyte MS 900 gamer - laptop - Logitec wireless
Internet Speed
ADSL2+
Other Info
One other Desktop (tester) and spare Toshba laptop both with SSD's
Running Kaspersky 2016 ISS on all machines config'd identically
Logitec audio stereo systems on each machine (x3)
Canon MG5250MFC
Router/modem TP-Link running WPA2SK
Thank you ICIT2LOL. No I haven't done any dump file clearing or disk clean up. Thank you for the link.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Own build
OS
Windows 7 Professional 64 bit
CPU
Xeon X5650
Motherboard
EVGA SR-2
Memory
Crucial CT3KIT102472BB160B
Graphics Card(s)
Nvidia Quadro 2000
Monitor(s) Displays
Acer
Screen Resolution
1024
Hard Drives
Samsung 840 EVO 250GB
WD Red 3TB
PSU
Silverstone Strider ST-1500
Case
Lian-Li PC-90
Keyboard
Logitech KU-1255 ThinkPad Compact USB with Trackpoint
Mouse
Trackpoint on keyboard; Logitech G600
Internet Speed
LTE 50-80 MB/s
Antivirus
MSE+Antimalwarebytes
Browser
Firefox primary; IE11 secondary
Other Info
Secondary system:
W7 Pro x64
AMD A8-7600 Kaveri
AsRock FM2A88X-ITX+
ADATA 2x4GB DDR 2133 PC3-17000
Kingston Tech SSDNOW 300 120GB
External WD 1021 2TB USB
Samsung Slimline SN-506BB Bluray Writer
Lian-Li PC-Q02
DVB-T2 Hauppage PCTV 292e USB stick
Hi Gadgety,

- The MEMORY.dmp (located in %systemroot%) is the dump that gets overwritten by default, because it contains all kernel data the RAM had at the time of the crash, depending on the amount of memory the size could get up to gigabytes.
If you uncheck the overwrite option, Windows will not delete this file and insteads creates a new file, the downside of this is that it takes a lot of space on the disk.

- The minidumps (located in %systemroot%\minidump) are the dumps that do not get overwritten. However some do get deleted when there are about 50 dumps in this location present (if I'm correct). These dumps we mostly use.


Dump files are not temporary files, dumps are present on the disk so long as they are not deleted by utilities like disk cleanup or Ccleaner.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom build
OS
Windows 10 Pro
CPU
i5-6500
Motherboard
Gigabyte B150-HD3P-CF
Memory
16GB DDR4 2133 Crucial Ballistix Sport LT
Graphics Card(s)
MSI GeForce GTX 1060 GAMING X 6G
Sound Card
Intel Display Audio
Monitor(s) Displays
Liyama ProLite XB2483HSU-B2
Screen Resolution
1920 x 1080
Hard Drives
Crucial MX200 500GB & Toshiba DT01ACA300 3TB
PSU
Corsair RM550x
Case
Fractal Design Define S
Cooling
Cooler Master TX3 i
Keyboard
Func KB-460 (MX Red)
Mouse
Corsair Gaming M65 RGB
Antivirus
Bitdefender Total Security 2016 + MBAM Pro + MBAE Pro
Browser
Google Chrome
Other Info
Creative Sound Blaster Tactic3D Rage V2 headset
You must log in or register to reply here.

Similar threads

How to pick a specific event for BSOD analysis be found in the dmp?
Replies
1
Views
1K
Gadgety
G
Minidump of kiosk style, standalone system
Replies
1
Views
1K
Golden
Golden
WinDBG: The very basics
2 3 4
Replies
61
Views
67K
rll3273
R
BCCode:50 Problem is happening even on fresh reload of windows.
Replies
1
Views
2K
Pauly
Pauly
Huge amount of BSOD need help please!! Using WinDbg debugging tools.
2
Replies
20
Views
8K
Dave76
Dave76
Back
Top