This article describes steps that lead to setting up and collecting a complete memory dump.
Information in this article applies to Safetica ONE 10 or older.
The whole configuration process consists of two steps. First, we are about to configure a registry so the OS crash for obtaining the complete memory dump can be evoked manually. To do so, set up the registry value based on the type of keyboard you're about to use while evoking the crash.
- PS/2 keyboards
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters, create a value named CrashOnCtrlScroll, and set it equal to a REG_DWORD value of 0x01.
- USB keyboards
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters, create a value named CrashOnCtrlScroll, and set it equal to a REG_DWORD value of 0x01.
- Hyper-V keyboards
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hyperkbd\Parameters, create a value named CrashOnCtrlScroll, and set it equal to a REG_DWORD value of 0x01.
Once the registry value is successfully set, proceed with changing the level of the memory dump. This configuration can be done for example via the "systempropertiesadvanced" as shown below.
- Begin with "Run" and open the "systempropertiesadvanced"
2. Switch to tab "Advanced" and click "Settings..." in "Startup and Recovery" section.
3. Change the level of the dump to "Complete memory dump", confirm your selection by clicking the "OK" button. After that, you'll be prompted with an additional window asking if you would like to reboot immediately for changes to take effect. Do so once you're ready and all changes will be active right after rebooting.
To generate a complete memory dump while the issue is reproduced, hold down the rightmost CTRL key, and press the SCROLL LOCK key twice.