Wednesday, July 15, 2009

Cause a Manual Memory Dump - KB244139

On Windows XP, 2003, Vista and 2008 you can cause a PC to manually blue screen in order to dump memory for analyse when diagnosing problems. For this to work you need to add a registry key depending on what type of keyboard you have plugged into the server. This will not work via RDP or other remote access methods, only for physical keyboards plugged into the server.

For a PS/2 Keyboard perform this:

1. Start Registry Editor.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
3. On the Edit menu, click Add Value, and then add the following registry entry:
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
4. Exit Registry Editor, and then restart the computer.

For a USB Keyboard perform this:

1. Start Registry Editor.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
3. Make sure that the following registry entry is enabled:
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
4. Exit Registry Editor.

Once you have added in this value reboot the server. To manually cause the server to bluescreen and dump memory hold in the Right CTRL key and press Scroll Lock twice.

There is a full MS KB article on this, find it here:
http://support.microsoft.com/kb/244139

If you wish to a memory dump through an RDP session and you do not have access to the physical keyboard on that server, what you can do is use a tool by sysinternals called notmyfault which causes a server to bluescreen and dump memory. Download it from here, it contains a x86 and x64 version.

http://download.sysinternals.com/Files/Notmyfault.zip

No comments:

Post a Comment