A live kernel dump creates a consistent snapshot of kernel memory and saves it to a dump file without having to restart the computer.
The goal of kernel live dump is to gather data to trouble shoot an abnormal situation, but allow the OS to continue operation. This reduces downtime when compared to a bug check for “non-fatal” but high-impact failures and hangs. Kernel live dumps are used when it is possible to recover the OS to a known good state.
Starting with Windows 11 build 23419 and build 22624.1537, Microsoft is introducing a set of new developer-focused features in Task Manager to aid the collection of live kernel memory dumps (LKDs). This is in addition to the existing “Memory dump” for user mode processes. The goal of kernel live dump is to gather data to troubleshoot an abnormal situation but allow the OS to continue operation. This reduces downtime when compared to a bug check for “non-fatal” but high-impact failures and hangs.
A Full live kernel memory dump contains active kernel memory, with optional inclusion of hypervisor memory and user-mode memory. The options to capture hypervisor and user pages are available for full live kernel dumps. Alternatively, a Kernel stacks memory dump is a smaller file, limited to kernel processor states and all kernel thread stacks.
Task Manager live memory dump - Windows drivers
This topic describes how to take a live kernel memory dump using task manger.
Kernel Live Dump Code Reference - Windows drivers
This section contains descriptions of the common kernel live dumps, and describes how they are different from traditional bug checks.
You can go to the Task Manager Settings page to view/edit the settings for live kernel memory dumps.
This tutorial will show you how to change the live kernel memory dump options for your account in Windows 11.
1 Open Task Manager (Ctrl+Shift+Esc).
2 Click/tap on the Settings (gear) icon on the bottom of the left pane of Task Manager. (see screenshot below)
3 You can now check or uncheck the Live kernel memory dump options (Advanced) you want below.
You can click/tap on the top Revert memory dump settings to defaults button to restore default settings.
Abort if insufficient memory = When this The abort if memory pressure option is selected, the live dump process will be stopped if memory availability is not considered to be sufficient. This is the default setting to minimize the potential impact of capturing the live kernel dump on system responsiveness.
Capture Hypervisor pages = Select this Capture Hypervisor memory pages option to capture memory regions that are used by the hypervisor to support Hyper-V and virtual machines.
Include nonessential pages = You can include or not include nonessential hypervisor memory pages.
Capture User Pages = Enable Capture User Pages if the problem you are troubleshooting requires user-mode memory.