Dumpchk Exe Download

In order to read the Minidump files, I have to install the command-line Dumpchk utility. It is installed with the Setup.exe program in the Support Tools folder on the CD. I read this, but I couldn't find the 'Winsdows XP CD-ROM', all I have is a 'Reinstallation CD Microsoft. Wacom intuos 2 driver windows 10. It's part of Windows 7 or 8 debugging tools that you can download from WDK and WinDbg downloads page. To avoid download and installing a whole pack of SDK just for one debugging tool, you can also directly download a zipped version of dumpchk.exe from this link. This article describes Dumpchk.exe, which is a command-line utility that you can use to verify that a memory dump file has been created correctly. Dumpchk does not. Select Finish on the next page. Reboot the system and wait for it to crash to the Blue Screen. For more information on Dumpchk.exe and other debugging utilities, see Appendix A in the Windows NT 3.51 Resource Kit Update and Update 2. For additional information, click the following article number to view the article in the Microsoft Knowledge Base. In order to read the Minidump files, I have to install the command-line Dumpchk utility. It is installed with the Setup.exe program in the SupportTools folder on the CD. I read this, but I couldn't find the 'Winsdows XP CD-ROM', all I have is a 'Reinstallation CD Microsoft.

This article describes how to check a memory dump file by using Dumpchk.

Original product version: Windows 10 - all editions, Windows Server 2012 R2
Original KB number: 156280

Note

For a Microsoft Windows XP version of this article, see 315271.

Summary

Dumpchk is a command-line utility you can use to verify that a memory dump file has been created correctly. Dumpchk does not require access to symbols.

Dumpchk is located in the following locations:

• Windows NT 4.0 CD-ROM: SupportDebugDumpchk.exe

• Windows 2000 CD-ROM: Install the Support Tools by running Setup.exe from the SupportTools folder on the CD-ROM. By default, Dumpchk.exe is installed to the Program FilesSupport Tools folder.

Dumpchk command-line switches

Dumpchk has the following command-line switches:

DUMPCHK [options]

• -? Display the command syntax.

• -p Prints the header only (with no validation).

• -v Specifies verbose mode.

• -q Performs a quick test. Not available in the Windows 2000.

Additional switches that are only available in Windows 2000 Dumpchk.exe version:

• -c Do dump validation.

• -x Extra file validation. Takes several minutes.

• -e Do dump exam.

• -y Set the symbol search path for dump exam.

  • If the symbol search path is empty, the CD-ROM
  • is used for symbols.

• -b Set the image search path for dump exam.

  • If the symbol search path is empty, system32
  • is used for symbols.

• -k Set the name of the kernel to File.

• -h Set the name of the hal to File.

Dumpchk displays some basic information from the memory dump file, then verifies all the virtual and physical addresses in the file. If any errors are found in the memory dump file, Dumpchk reports them. The following is an example of the output of a Dumpchk command:

Filename . . . . . . .memory.dmp
Signature. . . . . . .PAGE
ValidDump. . . . . . .DUMP
MajorVersion . . . . .free system
MinorVersion . . . . .1057
DirectoryTableBase . .0x00030000
PfnDataBase. . . . . .0xffbae000
PsLoadedModuleList . .0x801463d0
PsActiveProcessHead. .0x801462c8
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000

ExceptionCode. . . . .0x80000003
ExceptionFlags . . . .0x00000001
ExceptionAddress . . .0x80146e1c

NumberOfRuns . . . . .0x3
NumberOfPages. . . . .0x1f5e
Run #1
BasePage . . . . . .0x1
PageCount. . . . . .0x9e
Run #2
BasePage . . . . . .0x100
PageCount. . . . . .0xec0
Run #3
BasePage . . . . . .0x1000
PageCount. . . . . .0x1000

Wpdusb.sys is located in the C:WindowsSystem32drivers folder. Known file sizes on Windows 10/8/7/XP are 18,944 bytes (75% of all occurrences), 40,448 bytes or 38,528 bytes. The driver can be started or stopped from Services in the Control Panel or by other programs. The program is not visible. The development of Microsoft® Windows® Operating System by Microsoft prompted the latest creation of WpdUsb.sys. It is also known as a WPD USB Driver file (file extension SYS), which is classified as a type of Win64 EXE (Driver) file. The first version of WpdUsb.sys for Windows Vista was introduced on in Windows Vista.

**************--> Validating the integrity of the PsLoadedModuleList

**************--> Performing a complete check (^C to end)

**************--> Validating all physical addresses

**************--> Validating all virtual addresses

**************--> This dump file is good!

If there is an error during any portion of the output displayed above, the dump file is corrupted and analysis cannot be performed.

In this example, the most important information (from a debugging standpoint) is the following:

MajorVersion . . . . .free system
MinorVersion . . . . .1057
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000

This information can be used to determine what Kernel STOP Error occurred and, to a certain extent, what version of Windows was in use.

The information in this article is from the Windows NT Resource Kit. For more information on Dumpchk.exe and other debugging utilities, see Appendix A in the Windows NT 3.51 Resource Kit Update and Update 2.

**************--> Validating the integrity of the PsLoadedModuleList

**************--> Performing a complete check (^C to end)

**************--> Validating all physical addresses

**************--> Validating all virtual addresses

**************--> This dump file is good!

If there is an error during any portion of the output displayed above, the dump file is corrupted and analysis cannot be performed.

In this example, the most important information (from a debugging standpoint) is the following:

MajorVersion . . . . .free system
MinorVersion . . . . .1057
MachineImageType . . .i386
NumberProcessors . . .1
BugCheckCode . . . . .0xc000021a
BugCheckParameter1 . .0xe131d948
BugCheckParameter2 . .0x00000000
BugCheckParameter3 . .0x00000000
BugCheckParameter4 . .0x00000000

This information can be used to determine what Kernel STOP Error occurred and, to a certain extent, what version of Windows was in use.

The information in this article is from the Windows NT Resource Kit. For more information on Dumpchk.exe and other debugging utilities, see Appendix A in the Windows NT 3.51 Resource Kit Update and Update 2.

Related Utilities

• WinCrashReport - Displays a report about crashed Windows application.
• WhatIsHang - Get information about Windows software that stopped responding (hang)
• AppCrashView - View application crash information on Windows 7/Vista.

See Also

• NK2Edit - Edit, merge and fix the AutoComplete files (.NK2) of Microsoft Outlook.

Description

Versions History

• Version 1.55:
  • Added Drag & Drop support: You can now drag a single MiniDump file from Explorer into the main window of BlueScreenView.
  • Fixed bug: BlueScreenView failed to remember the last size/position of the main window if it was not located in the primary monitor.
• Version 1.52:
  • Added 'Google Search - Bug Check' and 'Google Search - Bug Check + Parameter 1' options.
• Version 1.51:
  • Added automatic secondary sorting ('Crash Time' column).
  • Added 64-bit build.
• Version 1.50:
  • The 'Crash Time' now displays more accurate date/time of the crash.In previous versions, the value of 'Crash Time' column was taken from the date/time of dump file, which actually represents that time that Windows loaded again, after the crash.The actual crash time is stored inside the dump file , and now the 'Crash Time' displays this value.
  • Added 'Dump File Time' column, which displays the modified time of the dump file.
• Version 1.47:
  • Added 'Auto Size Columns+Headers' option, which allows you to automatically resize the columns according to the row values and column headers.
• Version 1.46:
  • Fixed issue: The properties and the 'Advanced Options' windows opened in the wrong monitor, on multi-monitors system.
• Version 1.45:
  • You can now choose to open only a specific dump file - from the user interface or from command-line.
  • You can now also specify the MiniDump folder or MiniDump file as a single parameter, and BlueScreenViewwill be opened with the right dump file/folder, for example:BlueScreenView.exe C:windowsminidumpMini011209-01.dmp
• Version 1.40:
  • Added 'Raw Data' mode on the lower pane, which displays the processor registers and memory hex dump.
• Version 1.35:
  • Added 'Crash Address' column.
  • Added 3 columns that display that last 3 calls found in the stack(Only for 32-bit crashes)
• Version 1.32:
  • Added 'Mark Odd/Even Rows' option, under the View menu. When it's turned on, the odd and even rows are displayed in different color, to make it easier to read a single line.
• Version 1.31:
  • Added 'Google Search - Bug Check+Driver' for searching in Google the driver name and bug check code of the selected blue screen.
• Version 1.30:
  • Added 'Dump File Size' column.
• Version 1.29:
  • You can now send the list of blue screen crashes to stdout by specifying an empty filename (') in the command-line of all save parameters.
    For example: bluescreenview.exe /stab ' > c:tempblue_screens.txt
• Version 1.28:
  • Added 'Add Header Line To CSV/Tab-Delimited File' option. When this option is turned on, the column names are addedas the first line when you export to csv or tab-delimited file.
• Version 1.27:
  • Fixed issue: removed the wrong encoding from the xml string, which caused problems to some xml viewers.
• Version 1.26:
  • Fixed 'DumpChk' mode to work properly when DumpChk processing takes more than a few seconds.
• Version 1.25:
  • Added 'DumpChk' mode, which displays the output of Microsoft DumpChk utility (DumpChk.exe).You can set the right path and parameters of DumpChk in 'Advanced Options' window.By default, BlueScreenView tries to run DumpChk from '%programfiles%Debugging Tools for Windows'
  • The default MiniDump folder is now taken from HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlCrashControl
• Version 1.20:
  • Added 3 new columns in the upper pane: Processors Count, Major Version, Minor Version.
  • Added 'Explorer Copy' option, which allows you to copy dump files to the clipboard and then paste them into Explorer window.
• Version 1.15:
  • Added option to view the blue screen list of multiple computers on your network.The computer names are specified in a simple text file. (See below).
  • Added Combo-Box to easily choose the MiniDump folders available in the hard-disks currently attached to your computer.
  • Added 'Computer Name' and 'Full Path' columns.
• Version 1.11:
  • Added /sort command-line option.
• Version 1.10:
  • Added accelerator keys for allowing you to toggle between modes more easily.
  • Added command-line options for saving the crash dumps list to text/csv/html/xml file.
  • Added command-line option for opening BlueScreenView with the desired MiniDump folder.
  • Fixed focus problems when opening the 'Advanced Options' window.
  • Added 'default' button to the 'Advanced Options' window.
  • Added 'processor' column - 32-bit or x64.
• Version 1.05 - Added support for x64 MiniDump files.
• Version 1.00 - First release.

BlueScreenView Features

• Automatically scans your current minidump folder and displays the list of all crash dumps, including crash dump date/time and crash details.
• Allows you to view a blue screen which is very similar to the one that Windows displayed during the crash.
• BlueScreenView enumerates the memory addresses inside the stack of the crash, and find all drivers/modules that might be involved in the crash.
• BlueScreenView also allows you to work with another instance of Windows, simply by choosing the right minidump folder (In Advanced Options).
• BlueScreenView automatically locate the drivers appeared in the crash dump, and extract their version resource information, including product name, file version, company, and file description.

Dumpchk Symbol Search Path

System Requirements

• BlueScreenView works with Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, Windows 7, Windows 8, Windows 10, as long as Windows is configured to save minidump files during BSOD crashes.If your system doesn't create MiniDump files on a blue screen crash, try to configure it according to the following article:How to configure Windows to create MiniDump files on BSOD
• BlueScreenView can read the MiniDump files of both 32-bit and x64 systems.
• Be aware that on Windows 10, some of the created MiniDump files might be empty and BlueScreenView will not display them.

Using BlueScreenView

Crashes Information Columns (Upper Pane)

• Dump File: The MiniDump filename that stores the crash data.
• Crash Time: The created time of the MiniDump filename, which also matches to the date/time that the crash occurred.
• Bug Check String: The crash error string. This error string is determined according to the Bug Check Code, and it's also displayed in the blue screen window of Windows.
• Bug Check Code: The bug check code, as displayed in the blue screen window.
• Parameter 1/2/3/4: The 4 crash parameters that are also displayed in the blue screen of death.
• Caused By Driver: The driver that probably caused this crash.BlueScreenView tries to locate the right driver or module that caused the blue screen by looking inside the crash stack.However, be aware that the driver detection mechanism is not 100% accurate, and you should also look in the lower pane, that display all drivers/modules found in the stack. These drivers/modules are marked in pink color.
• Caused By Address: Similar to 'Caused By Driver' column, but also display the relative address of the crash.
• File Description: The file description of the driver that probably caused this crash.This information is loaded from the version resource of the driver.
• Product Name: The product name of the driver that probably caused this crash.This information is loaded from the version resource of the driver.
• Company: The company name of the driver that probably caused this crash.This information is loaded from the version resource of the driver.
• File Version: The file version of the driver that probably caused this crash.This information is loaded from the version resource of the driver.
• Crash Address:The memory address that the crash occurred. (The address in the EIP/RIP processor register)In some crashes, this value might be identical to 'Caused By Address' value, while in others,the crash address is different from the driver that caused the crash.
• Stack Address 1 - 3:The last 3 addresses found in the call stack. Be aware that in some crashes, these values will be empty.Also, the stack addresses list is currently not supported for 64-bit crashes.

Dumpchk Tool

Drivers Information Columns (Lower Pane)

• Filename: The driver/module filename
• Address In Stack: The memory address of this driver that was found in the stack.
• From Address: First memory address of this driver.
• To Address: Last memory address of this driver.
• Size: Driver size in memory.
• Time Stamp: Time stamp of this driver.
• Time String: Time stamp of this driver, displayed in date/time format.
• Product Name: Product name of this driver, loaded from the version resource of the driver.
• File Description: File description of this driver, loaded from the version resource of the driver.
• File Version: File version of this driver, loaded from the version resource of the driver.
• Company: Company name of this driver, loaded from the version resource of the driver.
• Full Path: Full path of the driver filename.

Lower Pane Modes

1. All Drivers: Displays all the drivers that were loaded during the crash that you selected in the upper pane.The drivers/module that their memory addresses found in the stack, are marked in pink color.
2. Only Drivers Found In Stack: Displays only the modules/drivers that their memory addresses found in the stack of the crash.There is very high chance that one of the drivers in this list is the one that caused the crash.
3. Blue Screen in XP Style: Displays a blue screen that looks very similar to the one that Windows displayed during the crash.
4. DumpChk Output: Displays the output of Microsoft DumpChk utility.This mode only works when Microsoft DumpChk is installed on your computer and BlueScreenView is configured to run it from the right folder (In the Advanced Options window).
   You can get DumpChk from the installation CD/DVD of Windows orwith the installtion of Debugging Tools for Windows.

Crashes of Remote Network Computer

Notice: If you fail to get full administrator access to the remote computer, you should read the instructions in the following Blog post:How to connect a remote Windows 7/Vista/XP computer with NirSoft utilities.

Watching the crashes of multiple computers on your network

Dumpchk.exe Download Windows 7

In order to use this feature, prepare a list of all computer names/IP addresses that you want to inspect, and save it to a simple text file.The computer names in the list can be delimited by comma, semicolon, tab character, or Enter (CRLF).
Example for computer names list:After you have a text file contains the computers list, you can go to Advanced Options window (Ctrl+O), choose the second option and type the computers list filename.

Command-Line Options

Examples:
BlueScreenView.exe /shtml 'f:tempcrashes.html' /sort 2 /sort ~1
BlueScreenView.exe /shtml 'f:tempcrashes.html' /sort 'Bug Check String' /sort '~Crash Time'

License

Disclaimer

Feedback