Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Generating a memory dump by forcing a system crash from the keyboard

    • Updated:
    • 18 Nov 2021
    • Product/Version:
    • Apex One 2019
    • Apex One as a Service
    • Deep Security
    • OfficeScan XG
    • ServerProtect
    • Worry-Free Business Security Advanced 10.0
    • Worry-Free Business Security Services 6.7
    • Worry-Free Business Security Standard 10.0
    • Platform:
Summary

Generate a memory dump of the Windows operating system by forcing a system crash from the keyboard.

Details
Public

To generate a complete memory dump:

 
Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
 
  1. Enable complete memory dump by setting the "CrashDumpEnabled" DWORD to 1. Do the following:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
    DWORD: CrashDumpEnabled=1

  2. Enable crash via keyboard stroke by setting the following registry entries:
    • For PS/2 keyboards: (Available in Windows 2000 and later versions of Windows):

      [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters]
      DWORD: CrashOnCtrlScroll=1

    • For USB keyboards: (Available in Windows Vista and later versions of Windows):

      [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters]
      DWORD: CrashOnCtrlScroll=1

    • Hyper-V keyboards: (Available in Windows 10 version 1903 and later versions of Windows)

      [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hyperkbd\Parameters]
      DWORD: CrashOnCtrlScroll=1

  3. Reboot the machine and verify that "Complete memory dump" is selected by going to Control Panel > System and Security > System. Select Advanced system settings. Under the Startup and Recovery section, select Settings.

    System Properties

    Memory Dump

    Click the image to enlarge.
  4. Test whether you can obtain a manual memory dump file:

    Hold down the right "CTRL" key while pressing the "Scroll Lock" key two times. The system should go to BSoD and the memory dumping process would appear on the screen. After the machine restarts, wait for disk activity to stop. The dump file should be the same size as the physical memory and is found in %SystemRoot%\MEMORY.DMP.

  5. Send the following to Trend Micro Technical Support.

For more details about enabling crash dump in Windows, follow the steps in this Microsoft KB article.

Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
1096135
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.