Skip to content

Decrypting Windows’ Minidump files

This article was been published more than a year ago. The information may be outdated.

When a Windows computer crashes, it will, if possible, write a minidump-file (filetype *.dmp) to the hard drive. These files are usually located in %SYSVOL%\Minidump, and they are usually called something like Mini042809-01.dmp. The problem with these files is that they are not exactly easy to read; here’s a small extract of my last minidump:
 

 
Luckily, Microsoft has made a set of tools to help us decrypt them. Debugging Tools for Windows are available for most versions of WindowsSimply download, install, and enjoy.
 
After installing the toolkit, and the symbolset that follows my install of Windows, the minidump is readable, and the conclusion is found at the end, and can look something like this:
 
Probably caused by : wanarp.sys ( wanarp+1d9b )
 
or like this:
 
Probably caused by : USBSTOR.SYS ( USBSTOR+4980 )
 
or even like this:
 
Probably caused by : win32k.sys ( win32k+3445 )

Be First to Comment

By posting a comment, you consent to our collecting the information you enter. See privacy policy for more information.