What Does "System Memory Dump" Mean?

by Dan Stone

    The term "system memory dump" refers to when a computer creates a file with the system memory contents following a full system crash. System memory dumps are also called physical memory dumps. Programs are often configured to make dump files that store the program state at the time of a crash to help programmers go back and look at what the computer was doing at the time of the crash to prevent it from happening again.

    System Memory Dump Uses

    A system memory dump takes a snapshot of everything that's currently in the computer's physical memory whenever the system goes down. When you get the computer up and running again, you can either look at the file yourself or send it to someone else to help figure out why Windows crashed. Memory dump files are often used in the debugging process when system crashes are a regular event. Usually, a programmer has to rewrite part of a program to stop the crash from recurring. The debugging process usually involves recreating the crash situation to find the faulty code. Memory dump files make it easy for the programmer to recreate the problematic situation and identify the crash cause. For example, Kaspersky requests complete dump files for crashes related to the Kaspersky Lab program.

    System Memory Dump Creation

    In Windows, the computer writes a memory dump file whenever the "Blue Screen of Death" strikes. A message reading "dumping physical memory" appears, and the computer will show a progress percentage leading up to the completion of the memory dump file; it will then reboot. System memory dumps don't happen when a single program crashes and Windows keeps running: it only happens when Windows crashes or another program takes Windows down with it.

    System Memory Dump Types

    Windows supports three types of system memory dumps: small, kernel and complete. According to Microsoft, a small memory dump includes a list of loaded system drivers and process information about the system thread that caused the crash. According to security developing house Sophos, a kernel dump file contains the system kernel information and is not useful for debugging programs other than Windows itself. The system kernel is the part of the Windows code that interfaces with the computer hardware. A complete memory dump contains all of the contents of the system's memory at the time of the crash, and therefore provides the most information.

    Configuring Memory Dumps

    You may be asked to provide a complete memory dump to help a programmer resolve a recurring program crash. Windows 8 defaults to an automatic memory dump type that lets the computer decide which type to use. You can change the settings by searching for "system," then clicking "Settings | Advanced System Settings | Advanced | Settings." From here, change the "Write debugging information" drop-down menu to the desired memory dump file type and click "OK." The memory dump file created after the next crash can be used in the debugging process.

    About the Author

    Dan Stone started writing professionally in 2006, specializing in education, technology and music. He is a web developer for a communications company and previously worked in television. Stone received a Bachelor of Arts in journalism and a Master of Arts in communication studies from Northern Illinois University.

    Photo Credits

    • Ryan McVay/Photodisc/Getty Images