Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Generating a full memory dump on Windows Server 2008 R2 and Windows 7

    • Updated:
    • 13 Oct 2021
    • Product/Version:
    • OfficeScan 10.6
    • OfficeScan 11.0
    • OfficeScan 11.0
    • Worry-Free Business Security Advanced
    • Worry-Free Business Security Standard
    • Worry-Free Business Security Standard/Advanced 7.0
    • Platform:
    • Windows 2008 Enterprise
    • Windows 2011 Small Business Server Standard
    • Windows 7 32-bit
    • Windows 7 64-bit
Summary

This article shows you how to generate a full memory dump on Windows 10 and Windows Server 2016 /2019 Machines.

Details
Public

By default, complete memory dump is disabled. Enable this option if your computer has more than 2 GB of physical RAM.

To generate a full memory dump:

  1. Do any of the following:
    • On your desktop:
      1. Click File Explorer, then click This PC, and select Properties.
      2. Click Advanced system settings.
      3. Click Advanced tab.
      4. Under the Writing debugging information section, click Settings.
      5. Select the Complete memory dump.

        Complete Memory Dump

         
        By default, the dump file will be saved in %SystemRoot%\Memory.dmp.
         
    • Using the Registry Editor
      1. Open the Registry Editor.
         
        Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
         
      2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl and set the value of the "CrashDumpEnabled" to "0x1".
      3. Restart the Windows.
  2. Follow the procedure in this Microsoft article: Forcing a System Crash from the Keyboard.

Alternative Options

Below are some SysInternals tools that can help in generating a full memory dump:

NotMyFault Tool automates the process of capturing a Complete Memory Dump of the SYSTEM, similar to simulating a crash on a system.

  1. Download the NotMyFault tool.
  2. Click Start, and then select Command Prompt.
  3. At the command line, run the following command:
    notMyfault.exe /crash

Procdump (Process Dump) is used for capturing a Complete memory dump of a PROCESS, which can be useful for troubleshooting behavior monitoring concerns.

  1. Download the Procdump tool.
  2. Click Start, and then select Command Prompt.
  3. At the command line, run the following command:
    C:\>procdump -ma <PID of the Process that needs to be checked>

Process Explorer is used for generating complete memory dumps of a PROCESS on a GUI.

  1. Download the Process Explorer tool.
  2. Extract the ProcessExplorer.zip. then run the procexp.exe on the target machine.
  3. Right-click the process name, and select Create Dump > Create Full Dump.

    Process Explorer

    Click the image to enlarge.

Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
1059775
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.