Use LiveKD to get dump out of VM

There is a way to extract memory content  and analyzed from snapshots and saved states from Hyper-V. Hyper-V saves this information in files with the extensions *.vsv and *.bin.  To convert these files to a usable dump full memory dump (*.dmp) compatible to Debugging Tools for Windows,  the “Hyper-V VM State to Memory Dump Converter” (vm2dmp.exe) was released in January 2010 (

Unfortunately this tool is no longer available at the portal .To understand how it works & used to work, please check following blog  VM2DMP Hyper-V VM State to Memory Dump Converter

However, this tool works only on files created with Hyper-V Version 1 & 2 (Hyper-V/Windows Server 2008 & R2). When snapshots or saved states created on Hyper-V 2012 or 2012 R2 are tried being converted, the tool will fail.

More about these files extension: Understanding where your virtual machine files are [Hyper-V]

However we can use LiveKD, this is a very good option to use and a dump can be taken without changing the state of the machine , I hope it may help us in our current scenario .

Steps to configure memory dump using LiveKD

1.) Install “Debugging Tools for Windows” on the virtual server host machine (not the VM).

  • Install the debugging tools for windows from (Windows Software Development Kit (SDK) for Windows 8.1)
  • Click on Download now. Then select “Run” as this is the installer package, not the actual debugging tools application.
  • On the page for “Select features”
  • Uncheck everything except for “Debugging Tools for Windows”
  • Click install.
  • Alternatively, you can install this on a workstation and copy “Debuggers” folder from “C:\Program Files (x86)\Windows Kits\8.1” to the server.

2.) Install “LiveKD”

3.) Configure environmental variables.

  • Open a command prompt with admin privilege and run the following command to set the symbol path.

4.) Dump the VM with LiveKD.

Navigate to the “x64” folder on command prompt and use following command  to get a memory dump of a Virtual Machine (TargetVM is the name of the VM)

LiveKD -p -hv {TargetVM} -o c:\TargetVM.DMP

Screen Shot 2016-06-21 at 4.28.49 PM

-o      Saves a memory.dmp to disk instead of launching the debugger

-p      Pauses the target Hyper-V VM while LiveKD is active

(recommended for use with -o).

-hv     Specifies the name or GUID of the Hyper-V VM to debug.

-hvl    Lists the names and GUIDs of running Hyper-V VMs.

Please note that the server will be in paused state until the memory dump is collected.

Screen Shot 2016-06-21 at 4.28.49 PM

How to live debug a VM in Hyper-V

Other Alternate Methods to take a dump of Hyper-V VM is NMI

Coming soon: How to generate a kernel or a complete memory dump file in Windows Server 2012 and Windows Server 2012 R2

“Notmyfault”,  Use this executable and driver to crash your system in several different ways.