This post has been republished via RSS; it originally appeared at: Channel 9.
In this episode of Defrag Tools, Andrew Richards and Chad Beeder walk through the process of manually creating a full memory dump via the keyboard. This is useful when you want to capture the state of the operating system. For example, to debug a hang.
Resources:
Forcing a System Crash from the Keyboard
Registry files (.reg) demonstrated in this episode are on the Defrag Tools OneDrive share (ManualCrashRegistrySettings.zip)
PCI Express Dump Switch Card (if you need to use the NMI method)
Timeline:
[00:00] Welcome and Intro
[00:57] When would you need to manually force a crash dump?
[02:42] Typically you'll want to get a Complete Memory Dump
[05:57] ...which also requires you to set a large enough page file on the C: drive (RAM size plus some additional)
[08:00] Setting up manual crash dump via CrashOnCtrlScroll (if your keyboard has a ScrollLock key)
[13:20] Discussion of keyboards and keyboard scan codes. The old Peter Norton "pink shirt" book still comes through for this!
[16:55] Once you know the scan code, you can use the Dump1Keys and Dump2Key registry settings to choose your own keyboard combo. Make sure not to use CrashOnCtrlScroll at the same time!
[25:04] The big guns: If a system is hung badly enough that keyboard crash doesn't work, you can try CrashOnNMI. Usually requires special hardware like a PCIe NMI card.
[28:34] Looking at the memory dump we just created. Bugcheck 0xE2: MANUALLY_INITIATED_CRASH