I just watched Mark Russinovich’s Technet webcasts and he demoed how to
create a Blue Screen of Death on a windows PC by using the right ctrl key +
scroll lock + scroll lock
This is very helpful when debugging OS issues but I thought it might cause a faint on one sysadmin or two if done without warning. EYE: Do not attempt on Production servers or face an immediate let go…
Here’s the KB article describing how to gather the memory dump and the types of memory dumps you can get with this technique. Cheers!
Windows includes a feature that you can use to cause the system to stop responding and to generate a memory dump file (Memory.dmp). When you do this, you receive a Stop error message that resembles the following:
*** STOP: 0x000000E2 (0x00000000,0x00000000,0x00000000,0x00000000)
The end-user manually generated the crashdump.
After you enable the feature, you can generate a memory dump file by holding down the right CTRL key and pressing the SCROLL LOCK key two times. The feature is available for both PS/2 and universal serial bus (USB) keyboards. PS/2 keyboards use the i8042prt.sys driver that is included with the keyboard. However, for USB keyboards that are attached to Windows Server 2003-based systems, you must install a hotfix for the Kbdhid.sys driver.For more information about this hotfix, see the resolution in the "More Information" section.
Note There is a limitation with the Kbdhid.sys driver that allows for you to generate the memory dump process by using a USB keyboard. The CTRL+SCROLL LOCK+SCROLL LOCK keyboard shortcut does not work if the computer stops responding at a high interrupt request level (IRQL). This limitation exists because the Kbdhid.sys driver operates at a lower IRQL than the i8042prt.sys driver.
This is very helpful when debugging OS issues but I thought it might cause a faint on one sysadmin or two if done without warning. EYE: Do not attempt on Production servers or face an immediate let go…
Here’s the KB article describing how to gather the memory dump and the types of memory dumps you can get with this technique. Cheers!
Windows includes a feature that you can use to cause the system to stop responding and to generate a memory dump file (Memory.dmp). When you do this, you receive a Stop error message that resembles the following:
*** STOP: 0x000000E2 (0x00000000,0x00000000,0x00000000,0x00000000)
The end-user manually generated the crashdump.
After you enable the feature, you can generate a memory dump file by holding down the right CTRL key and pressing the SCROLL LOCK key two times. The feature is available for both PS/2 and universal serial bus (USB) keyboards. PS/2 keyboards use the i8042prt.sys driver that is included with the keyboard. However, for USB keyboards that are attached to Windows Server 2003-based systems, you must install a hotfix for the Kbdhid.sys driver.For more information about this hotfix, see the resolution in the "More Information" section.
Note There is a limitation with the Kbdhid.sys driver that allows for you to generate the memory dump process by using a USB keyboard. The CTRL+SCROLL LOCK+SCROLL LOCK keyboard shortcut does not work if the computer stops responding at a high interrupt request level (IRQL). This limitation exists because the Kbdhid.sys driver operates at a lower IRQL than the i8042prt.sys driver.
No comments:
Post a Comment