Windows 10 Tip: What is Active Memory Dump

0

Whenever your Windows system encounters a major system crash, it throws a BSOD, the famous Blue Screen of Death, and collects data from memory into memory dump file on your hard drive for further investigation if needed. The memory file contains some valuable information that is very helpful to those advanced debuggers and system administrators who really want to get the bottom of the issue and solve it eventually.

There are four types of memory dumps you can choose from prior to Windows 10,

  • Small memory dump (256KB)
  • Kernel memory dump
  • Complete memory dump
  • Automatic memory dump – added in Windows 8 to support “System Managed” page file configuration.

It basically covers up quite nicely in all situations you can think of. Choose “Small memory dump” if you don’t care about the BSOD at all. But if you do care about the BSOD but are still worry about the space it takes, you can use “Kernel memory dump” to meet both sides of the world. And if you really want to get the bottom of the issue, “Complete memory dump” will provide you all the information you need to dig deep.

Windows 10 introduced a new dump file type called Active Memory Dump that cuts out a bunch of stuff that is not important in diagnosing the root cause of the crash and makes the final dump file much smaller and easier to save, copy, and diagnose.

While it sounds not much different from what “Kernel memory dump” does there is one key area that makes “Active Memory Dump” shine.

If your system has a few VMs running on Hyper-V, a complete memory dump will include the host state as well as a dump of what’s in RAM, a large portion of which are used by VMs. In result, the dump file could be massive with a lot of the data having nothing to do with the main computer that is crashing. With “Active Memory Dump” in place, it will filter out most memory pages allocated to VMs and makes the final memory dump file much smaller.

How small would it be? Here is an example shared on Microsoft Clustering blog:

As an example, I have a system with 16GB of RAM running Hyper-V and I initiated bluescreens with different crash dump settings to see what the resulting memory.dmp file size would be.  I also tried “Active memory dump” with no VMs running and with 2 VMS taking up 8 of the 16GB of memory to see how effective it would be:

Memory.dmp in KB% Compared to Complete
Complete Dump:

16,683,673

Active Dump (no VMs):

1,586,493

10%

Active Dump (VMs with 8GB RAM total):

1,629,497

10%

Kernel Dump (VMs with 8GB RAM total)

582,261

3%

Automatic Dump (VMs with 8GB RAM total)

587,941

4%

*The size of the Active Dump as compared to a complete dump will vary depending on the total host memory and what is running on the system.

So, where to check the memory dump settings?

The memory dump settings are located in Startup and Recovery window. Here is the path how you can locate it.

Control Panel → System and Security → System → Advanced System Settings (on the left panel) → Settings in Startup and Recovery section.

What to do with these memory dump file?

We have a post that covers just that, How To Exam Memory Dump File to Find the Cause of Blue Screen of Death. Check it out.

Conclusion

It sounds that Active Memory Dump could be more useful in a server environment that runs a lot of VMs but if your Windows 10 has a couple of VMs running on top of it, choosing Active Memory Dump makes more sense than using any other type of memory dump options.

LEAVE A REPLY

Please enter your comment!
Please enter your name here