Obtaining a complete memory dump from a machine

Version 1

    Details

    All Lumension products

    When you run into a STOP (often referred as "blue screen of death" or "BSOD") and you suspect a HEATsoftware products is the cause of the BSOD, it is essential Support obtains the full memory dump so we can analyze the memory contents to detect any conflicts between drivers, HEATsoftware or not.

    Send an e-mail to support@HEATsoftware.com and upload the memory.dmp file to our ftp site:

    ftp://ftp.HEATsoftware.com (which is configured as a dropbox, you cannot list its contents but files will be saved correctly during upload)

    log on as anonymous
    destination directory: /incoming

    It is recommended to RENAME the dumpfile with the TICKET NUMBER and compress it before uploading, to save bandwidth (compress using ZIP, 7ZIP, RAR, ACE, TAR, LHA, LZH, etc).
    If your archiver supports spanning (result will be compressed chunks of predefined size instead of 1 big archive), it is recommended to use this as it will avoid having to reupload the whole archive in case the upload was interrupted. (we recommend therefore using WinRAR for this purpose)

    CONFIGURATION

    See the screenshots below to configure your windows to make a complete memory dump in case such a crash occurs. 
     

    Windows Vista/2008/7/2008R2

     

    How to obtain a full memory dump on machines with 2GB+ RAM:

     
    Registry values for startup and recovery (Source: http://support.microsoft.com/kb/254649)
     
    The following registry value needs to be set: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl

    CrashDumpEnabled (REG_DWORD) = 0x0 (None)
    CrashDumpEnabled (REG_DWORD) = 0x1 (Complete memory dump)
    CrashDumpEnabled (REG_DWORD) = 0x2 (Kernel memory dump)
    CrashDumpEnabled (REG_DWORD) = 0x3 (Small memory dump (64KB))
    AutoReboot (REG_DWORD) = 0x0
    DumpFile (REG_EXPAND_SZ) = %SystemRoot%\Memory.dmp
    LogEvent (REG_DWORD) = 0x1
    MinidumpDir (REG_EXPAND_SZ) = %SystemRoot%\Minidump
    Overwrite (REG_DWORD) = 0x1
    SendAlert (REG_DWORD) = 0x1
     

    NOTE: You must restart the system in order for your changes to take effect.

    Windows XP/2003/2003R2


     

    Windows 2000


     

    ADDITIONAL INFORMATION