The following directions will ensure that a full memory dump is generated vs. a mini-dump.
Steps to enable complete memory dumps:
If Gflags.exe is not on the system, look in the SupportTools directory of the operating system media.
On reboot, a process called "savedump.exe" will copy the contents from the page file to the MEMORY.DMP file on disk. Do not interrupt the savedump.exe process while it is running, otherwise the MEMORY.DMP file will be truncated and possibly corrupted. To confirm that the memory dump process is finished, watch the process in Task Manager until it is completed, to ensure the memory dump is completely written.
A one gigabyte memory dump will usually compress down to 100-300 megabytes, which will allow for much easier transfer across the network.
For original files over 2GB in size, Symantec recommends one of the following options:
C. Many times the memory dump will need to be Administrator initiated if the issue under investigation does not cause the system to crash.
There are two commonly accepted methodologies for causing a system to generate a memory dump:
1. BANG! -- Crash on Demand Utility (See attachment, Band_v21.zip)
V2.1 Supports X64, IA64 and VISTA and the Drivers are signed. In the Zip file WNET is included. This is the srv2003 image distribution.
Usage: bang [-s] : where -s indicates to automatically crash the system
You will have to join OSR Online as a user, but it is free to join and then free to download the utility.
2. Keyboard initiated dump:
Windows feature lets you generate a memory dump file by using the keyboard -
BANG_v21.zip (135.8 KB)