EgoSecure GmbH
            Help Center Knowledge Base EN Solutions General

            Creating a Windows Memory Image in Case of Blue Screens

            ID: 18021501
            Languages: EN, DE
            Components: EgoSecure Server, EgoSecure Agents
            Operating system: Windows

            Task
            Configure and create a Windows memory dump to get help with blue screens.

            Requirements
            Enough hard disk space to create a complete image of the memory dump.

            Solution
            Define the Windows settings to create a full dump and start the driver check to reproduce the blue screen and create a dump. If necessary, reproduce the blue screen manually.
            Send the debugged information to the EgoSecure support.

            Defining the size of the Windows memory image
            1. Open the Windows Control Panel.
            2. Click System and then click Advanced system settings .
            ⇒  The System Properties window appears.
            3. In the Advanced tab, under Startup and Recovery, click Settings .
            ⇒  The Startup and Recovery dialog appears.
            4. Select Complete memory dump and disable the Automatically restart option.



            5. Make sure that you have enough hard disk space to map the memory.
            6. Restart the computer.

            Starting driver verification
            Driver verification performs a kind of stress test to reproduce errors and create a memory dump.
            For details, see Driver Verifier (Microsoft document)
            The order of the commands in the Driver Verifier Manager in Windows 7 may differ from the description below.
            1. If Windows doesn't start normally, start in the safe mode.
            2. Open the Windows Command Prompt and enter verifier.
            ⇒ The Driver Verifier Manager opens.
            3. Select Create custom settings (for code developers) and click Next .

             

            4. Check all settings from the list except the Systematic low resources simulation and Randomized low resources simulation settings (Win 7: Low resources simulation) and click Next.

             

            5. Set the Select driver names from a list radio button and click Next .

             

            6. Select the application drivers related to the problem if they are known.
            Select all EgoSecure drivers. Depending on the version and operating system, the drivers can be the following:
            esaccctl.sys , esaccctlfe.sys , esndislwf.sys , escdflt.sys , esndis.sys , eswfpfltwlh.sys , eswfpflt.sys , eswpdflt.dll and eswpdfltco.dll .
            If the drivers are not in the list, click Add currently not loaded driver(s) to the list… and select the drivers listed above.

             

            7. Restart the computer in the normal mode. 
            If the blue screen doesn't appear, trigger it manually to make the necessary memory image.

            Reproducing blue screen manually
            You can configure Windows to force a blue screen over the keyboard.
            The following Windows versions support this feature:
            • Windows Server 2003 SP1 with KB244139, Server 2003 SP2 or higher
            • Windows Server 2008 SP1 with KB971284, Server 2008 SP2 or higher
            • Windows Vista SP1 KB971284, Vista SP2 or higher
            • Windows 7 or higher
            For details, see Forcing a System Crash from the Keyboard (Microsoft docs)

            Triggering blue screen via keyboard

            1. If you use a USB keyboard:
            Create the following value under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdhid\Parameters
            • Name: CrashOnCtrlScroll
            • Type: REG_DWORD (32bit)
            • Value: 1

            2. If you use a PS2 keyboard:
            Create the following value under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt\Parameters
            • Name: CrashOnCtrlScroll
            • Type: REG_DWORD (32bit)
            • Value: 1

            3. If you use Windows 7:
            In addition, create the following 2 values under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
            • Name: CrashDumpEnabled
            • Type: REG_DWORD (32bit)
            • Value: 1

            • Name: AlwaysKeepMemoryDump
            • Type: REG_DWORD (32bit)
            • Value: 1

            4. Restart the computer.
            5. Wait for about 2 minutes till the problem reproduces.
            6. Hold down the rightmost Ctrl key and press the Scroll Lock key twice.
            ⇒ The system generates the blue screen with the MANUALLY_INITIATED_CRASH stop code and creates the memory image.
            7. To disable the command for triggering a blue screen with the keyboard, change the previously created registry value CrashOnCtrlScroll from 1 to 0 or delete it.

            Sending debug information
            Send the following files to the EgoSecure support:
            Please, note that due to the size, the data cannot be sent by e-mail. Make the data available for download or contact the support for an FTP access.

            Updated: 5 days ago
            Helpful?  
            Help us to make this article better
            0 0