Sign In with your
Trend Micro Account

Sign in to MySupport

Need Help?

Need More Help?

Create a technical support case if you need further support.

Generating a memory dump by forcing a system crash

- Updated:
- 27 Jun 2019
- Product/Version:
- Core Protection Module - ESP
- Deep Security
- OfficeScan
- ServerProtect
- Worry-Free Business Security Advanced
- Worry-Free Business Security Standard
- Platform:
- Windows 2000 Advanced Server
- Windows 2000 Professional
- Windows 2000 Server
- Windows 2003 Enterprise
- Windows 2003 Enterprise 64-bit
- Windows 2003 Standard
- Windows 2003 Standard 64-bit
- Windows 2008 Enterprise
- Windows 2008 Server Core
- Windows 2008 Server R2
- Windows 2008 Standard
- Windows 2008 Standard 64-bit
- Windows 2012 Enterprise
- Windows 2012 Web Server Edition
- Windows 7 32-bit
- Windows 7 64-bit
- Windows 8 32-bit
- Windows 8 64-bit
- Windows Vista 32-bit
- Windows Vista 64-bit
- Windows XP Home
- Windows XP Professional
- Windows XP Professional 64-bit

Summary

Generate a memory dump of the Windows operating system by forcing a system crash from the keyboard.

Details

To generate a complete memory dump:

Always back up the whole registry before making any modifications. Incorrect changes to the registry can cause serious system problems.

Enable complete memory dump by setting the "CrashDumpEnabled" DWORD to 1. Do the following:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
DWORD: CrashDumpEnabled=1
Enable crash via keyboard stroke by setting the following registry entries:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters]
DWORD: CrashOnCtrlScroll=1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters
DWORD: CrashOnCtrlScroll=1
Reboot the machine and verify that "Complete memory dump" is selected by going to My Computer > Properties > Advanced tab > Startup and Recovery > Settings > Write Debug Information.
Test whether you can obtain a manual memory dump file:
Press the right "CTRL" key while pressing the "Scroll Lock" key two times. The system should go to BSoD and the memory dumping process would appear on the screen. After the machine restarts, wait for disk activity to stop. The dump file should be the same size as the physical memory and is found in %SystemRoot%\MEMORY.DMP.
Send the following to Trend Micro Technical Support.
- Case Diagnostic Tool
- %SystemRoot%\MEMORY.DMP

For more details about enabling crash dump in Windows, follow the steps in this Microsoft KB article.

Rating:

Category:

Troubleshoot

Solution Id:

1096135

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.