Summary
Generate a memory dump of the Windows operating system by forcing a system crash from the keyboard.
Details
To generate a complete memory dump:
Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.
- Enable complete memory dump by setting the "CrashDumpEnabled" DWORD to 1. Do the following: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
DWORD: CrashDumpEnabled=1 - Enable crash via keyboard stroke by setting the following registry entries: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters]
DWORD: CrashOnCtrlScroll=1HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters
DWORD: CrashOnCtrlScroll=1 - Reboot the machine and verify that "Complete memory dump" is selected by going to My Computer > Properties > Advanced tab > Startup and Recovery > Settings > Write Debug Information.
- Test whether you can obtain a manual memory dump file: Press the right "CTRL" key while pressing the "Scroll Lock" key two times. The system should go to BSoD and the memory dumping process would appear on the screen. After the machine restarts, wait for disk activity to stop. The dump file should be the same size as the physical memory and is found in %SystemRoot%\MEMORY.DMP.
- Send the following to Trend Micro Technical Support.
- Case Diagnostic Tool
- %SystemRoot%\MEMORY.DMP
For more details about enabling crash dump in Windows, follow the steps in this Microsoft KB article.
