Wednesday, November 24, 2010

Obtaining Blue Screen information after generating a memory dump file

Obtaining Blue Screen information after generating a memory dump file

You can configure a Windows-based operating system to write an event log message with bugcheck information. By default, Windows Server 2008 is set to write event log messages.

You can disable this feature by creating a LogEvent registry entry and setting it to 0 under the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

Note that the description and format of the event log differs from the format that is displayed when the computer is writing the memory dump file. However, the majority of the information is the same. The following is a sample of the event log:
Event ID: 1001 Source: BugCheck Description: The computer has rebooted from a bugcheck. The bugcheck was : 0xc00000E2 (0xffffffffffffffff, 0x0000000000000001, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 022309-16598-01

No comments: