Analyze Windows Memory Dump .dmp files with WhoCrashed

Whenever a computer running Windows suddenly reboots without displaying any notice or Blue screen of death or Stop Error, the first thing that is often thought about is a hardware failure. In reality, most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, most computers running Windows do not show a blue screen unless they are configured to do so. Instead, these systems suddenly reboot without any notice.

Analyze Windows Memory Dump files

Analyze Windows Memory Dump WhoCrashed

Freeware WhoCrashed Home Edition, shows the drivers which have been crashing your computer with a single click. In most cases it can pinpoint the offending drivers which have been causing misery on your computer system in the past. It does a post-mortem crash-dump analysis of the Windows Memory Dumps and presents all gathered information in a comprehensible way.

Normally, debugging skills and a set of debugging tools are required to do post-mortem crash dump analysis. By using this utility, you do not need any debugging skills to be able to find out what drivers are causing trouble to your computer.

WhoCrashed relies on the Windows Debugging Package (WinDbg) from Microsoft. If this is not installed, WhoCrashed will download and extract this package automatically for you. Simply run the program and click on the Analyze button.

When you have WhoCrashed installed on your system and if it unexpectedly resets or shut down, the program will let you know if crash dumps are enabled on your computer, if not it will offer you suggestions on how to enable them.

WhoCrashed free download

The home edition is completely free for use. You can freeware WhoCrashed Home Edition from here. There’s even a paid version which you can use by paying a premium.

Posted by on , in Category Downloads with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.


  1. Dan

    As advice at WhoCrashed site says; “Note that WhoCrashed cannot
    always be exactly sure about the root cause of a system crash. Because
    all kernel modules run in
    the same address space, any driver or other kernel module can
    potentially corrupt another. Also, any driver may be able to cause
    problems to any other
    driver that runs in the same device stack. This is to say this software
    is not guaranteed to identify the culprit in every scenario”.

    Certainly hardware or malware could interfere with shutdowns, but often blue screens/shutdowns without any kind of dump file can be caused by having two antimalwares doing same thing at same time (race condition), or any routine drivers working on same/opposing tasks; for example, if I forget when having Privazer erase a pagefile at shutdown that I should let Privazer handle shutdown (as it erases WHILE shutting down), and instead tell Comodo to shut down after a security scan, I get a no-dump-file blue screen telling me Comodo’s driver halted due to power failure trying to override Privazer’s drivers wanting to task THEN shut down. Just an example of thinking what apps/programs might compete re no-report bsods as in WhoCrashed’s exceptions.

    So such exception is no reflection on WhoCrashed, which appears a good replacement for Nirsoft’s Blue Screen View as WhoCrashed can be used in Windows 7 and later ( of interest to me when I upgrade to 8 or 8.1). Thanks for this great tip!

  2. DomiChi

    I am looking for an utility that let me see the stack during run, because I am almost sure that the dump gives the wrong module. It is always the last mounted, another push it out?

  3. Well, crap… =( WhoCrashed crashed.

    WhoCrashedEx.exe – Ordinal Not Found
    The ordinal 1002 could not be located in the dynamic link library C:WINDOWSSYSTEM32dbgeng.dll.

    edit to add:
    According to the file properties, my DbgEng.Dll is version 10.0.14318.1022

  4. =D

    would have been great if admin would have answered DomiChi’s question since I also have this problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 2 =