Windows Embedded Home
Windows Embedded 8 Family
Windows Embedded 7 Family
Other Windows Embedded Products
Crash dumps can be configured via the control panel or by editing the relevant registry entries as shown below. Additional details can be found in KB article 307973.
Via Control Panel
Crash dumps (the .dmp files) are not created at the time of the crash. Instead, the dump data is written to the page file. Later on the next reboot, this page file is truncated, renamed and moved to its final destination (as configured by the user). By default, the paging file on the boot volume is used. If having a paging file on the boot volume is not feasible, a separate paging file can be dedicated for generating crash dumps, as outlined in the next section.
At the time of the crash, dump data is written directly to the sectors occupied by the page file. This bypasses the file system filters and storage volume filters such as EWF.
At the next reboot, SMSS looks for a valid crash dump header in the page file. Then it checks if the final destination for the dump file is on the same volume. If yes, the paging file is renamed to the appropriate location. If no, it renames the paging file to a temporary file (DumpXXX.tmp). Later WerFault.exe will move this temporary file to its final destination on a different volume. Note that WerFault.exe resides in the “Problem Reports and Solutions” feature package (“FeaturePack” => “Diagnostics” =>“Problem Reports and Solutions”). If this package is not present in the image, the .tmp files will not be renamed to .dmp files, but they will still be valid dump files.
To configure a custom paging file for use with crash dumps refer to the instructions in KB article 969028. The relevant section is titled “New behavior in Windows Vista and Windows Server 2008”.
After following the instructions in the KB article, verify the new paging file was indeed created. For example, if you specified D:\MyDedicatedDumpFile.sys as your custom paging file, verify this file actually exists on D:
Our testing shows this dedicated paging file will be created only when at least one regular page file has been configured. To work around this you can configure another regular page file of minimum size (16 MB) whose sole purpose is to trigger the creation of the dedicated paging file.
EWF in its current implementation blocks using any protected volume for crash dumps. To generate crash dumps use a dedicated paging file on a unprotected volume.
Use a dedicated paging file as outlined in the section above. This paging file and the final destination for the crash dump should be located on an unprotected volume.
Test this setup by manually initiating a crash. Details can be found in KB article 972110. Relevant section is titled “Generate a manual memory dump using Keyboard”.
Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition – by Mark Russinovich, David A. Solomon and David A. Solomon (Author). Refer to the section on “Crash Dump Generation�� in Chapter 14.