DMP files (dump files) are useful for debugging Windows, so you should know how to open and read DMP files in Windows 7 or 8.1 if you want to debug blue screens. It’s very easy to open DMP files, but the difficult part is locating the actual problem and analyzing the DMP file correctly.
|1||Download Driver Kit|
|3||Use WinDBG to analyze files|
|4||Locating DMP files|
In order to open and view DMP files in Windows, you first have to install a driver kit and set the symbol path correctly. This will then allow you to open DMP files using the debugging tool. DMP (dump files) are the most useful files for you to debug your system, so there’s no way around this.
This shouldn’t take longer than 10 minutes, but if you have a slow connection, downloading the 700MB ISO file (debugging tools) might take a while.
1. Download Windows Driver Kit
To open DMP files, you will need the Windows Debugging Tools (additional download). The Debugging Tools are included in the Windows Driver Kit Version 7.1.0. You have to download this ~700MB large ISO file from Microsoft first.
|Windows 7||Download Windows Driver Kit Version for Windows 7|
|Windows 8/8.1||Download Windows Driver Kit For Windows 8/8.1|
2. Install Driver Kit
I’m usually to lazy to burn ISO files, but feel free to burn the downloaded driver kit to a DVD or Blu-Ray if you wish. Or alternatively open the ISO file using the built-in Windows tools and extract everything. In the Debuggers directory you will find a x32 and x64 installer for the Windows Debugging Tool. Make sure to install the correct one!
- 64-bit Windows: Run setup_amd64.exe
- 32-bit Windows: Run setup_x86.exe
Important: On Windows 7, select Custom installed and change the location to e.g. C:\Debug\ it will make things easier if you don’t like typing the full path.
On Windows 8, you can change the installation path by choosing the second option: Download the Windows Driver Kit for Windows 8.1 for installation on a separate computer
Don’t know how to open ISO files? Read this: How to open ISO files in Windows 7
3. Open WinDBG
Either go directly to C:\Debug (or wherever you installed the debugging tools to) and click on windbg.exe:
Or open WinDBG via the Start Menu:
Set Symbol File Path
1. Step Create a new folder on your main drive and call it “Symbols”, e.g. C:\Symbols
2. Step Click on “File” – “Symbol File Path …”:
3. Step Insert the following path:
Replace “C:\Symbols” with your own folder if you created it somewhere else in step 1.
Open DMP file via WinDBG (CTRL+D)
WinDBG still opened? Good, the quickest way to open DMP files now is the shortcut CTRL+D or go to “File” and click on “Open Crash Dump File..”:
Where are DMP files located?
DMP files are located in C:\Windows\Minidump!
You can change the location where they are stored.
Can’t open DMP files? Permission Error!
If you are receiving a permission error like the one below, you have to take ownership of the DMP files first.
Usually, the owner is not even set:
Important: If you still receive the error “you don’t have permission to open this file, contact the system administrator”, copy the DMP file that you want to open and copy it into a subfolder, then it will work.
Let’s analyze the DMP file!
When you’re asked if you want to save the workspace, click yes. WinDBG will now open the DMP file and process it. This will take some time! Have some patience.
Here’s the first Bugcheck Analysis:
Of course, we want to dig a little deeper and enter !analyze -v to get detailed information. Now, below the next paragraph “Bugcheck Analysis” you will find some more concrete details. For my DMP file it read:
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is
caused by drivers that have corrupted the system pool. Run the driver
verifier against any new (or suspect) drivers, and if that doesn’t turn up
the culprit, then use gflags to enable special pool.
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff80002c03000, address which referenced memory
In this case I had some corrupt drivers that attempted to access a IRQL that is too high, so my conclusion was to check my drivers. Now that you know the concrete error (my case: DRIVER_CORRUPTED_EXPOOL), you can also do some research and possibly find people with the same problem.
Driver Verifier Manager / Testing Drivers For System Interrupts
Sidenote: To run the driver verifier enter “verifier” into an elevated command prompt (how to open command prompt), you can then check the settings of currently loaded drivers for example. Keep in mind that this is advanced stuff, so you would have to do some research about it first.
If you like, you can read our detailed guide on finding and fixing system interrupts
I hope that this helped out some of you guys who wanted to open DMP files. Once you get used to reading DMP files, they can be handy for finding and solving problems in Windows 7 and Windows in general.