Microsoft-Windows-Kernel-LiveDump

60 events across 2 channels

Event ID	Title	Channel
1	Live Dump Capture Dump Data API started.	Analytic
2	Live Dump Capture Dump Data API ended.	Operational
3	Writing dump file started.	Operational
4	Writing dump file ended.	Operational
5	Live Dump request aborted due to memory pressure on system	Analytic
6	LiveDump Event Generic	Operational
101	Sizing Workflow: Mirroring started.	Operational
102	Sizing Workflow: Mirroring Phase 0 ended.	Analytic
103	Sizing Workflow: Mirroring Phase 1 ended.	Analytic
104	Sizing Workflow: System Quiesce started.	Operational
105	Sizing Workflow: System Quiesce ended.	Operational
106	Sizing Workflow: Estimation.	Operational
107	Sizing Workflow: Allocation.	Operational
108	Sizing Workflow: RemovePages Callbacks started.	Analytic
109	Sizing Workflow: RemovePages Callbacks ended.	Analytic
110	Sizing Workflow: RemovePages Callback %1 started.	Analytic
111	Sizing Workflow: RemovePages Callback %1 ended.	Analytic
112	Sizing Workflow: RemovePages Callback %1 failed.	Analytic
113	Sizing workflow: %1 pages estimated to be allocated and %2 pages allocated.	Operational
114	Sizing Workflow: Query Hvl for dump size failed.	Operational
115	Sizing Workflow: Open VM memory partition failed.	Operational
116	Sizing Workflow: Buffer allocation from the VM memory partition failed.	Operational
117	Sizing Workflow: Capture processor context when the system is quiesced.	Analytic
118	Sizing Workflow: Mark required dump data when system is quiesced.	Analytic
119	Sizing Workflow: Mark important dump data when system is quiesced.	Analytic
120	Sizing Workflow: Populate bitmap for dump when system is quiesced.	Analytic
121	Sizing Workflow: Corral processors to quiesce the system.	Analytic
122	Sizing Workflow: Uncorral processors to quiesce the system.	Analytic
123	Sizing Workflow: MmDuplicateMemory failed.	Operational
124	IO space utilization disabled when HV/SK pages requested, NoSecrets mode …	Operational
125	Callout for %1 (included %2).	Operational
126	Sizing Workflow: Call to Hvl for preparing livedump descriptor failed.	Operational
151	Capture Pages Workflow: Mirroring started.	Analytic
152	Capture Pages Workflow: Mirroring Phase 0 ended.	Analytic
153	Capture Pages Workflow: Mirroring Phase 1 ended.	Analytic
154	Capture Pages Workflow: System Quiesce started.	Operational
155	Capture Pages Workflow: System Quiesce ended.	Operational
156	Capture Pages Workflow: Copy memory pages started.	Operational
157	Capture Pages Workflow: Copy memory pages ended.	Operational
158	Capture Pages Workflow: Capture processor context when the system is quiesced.	Analytic
159	Capture Pages Workflow: Mark required dump data when system is quiesced.	Analytic
160	Capture Pages Workflow: Mark important dump data when system is quiesced.	Analytic
161	Capture Pages Workflow: Populate bitmap for dump when system is quiesced.	Analytic
162	Capture Pages Workflow: Collect Hvl dump when system is quiesced.	Analytic
163	Capture Pages Workflow: Generate Ipt secondary data when system is quiesced.	Analytic
164	Capture Pages Workflow: Initiate state change to copy contents of marked pages …	Analytic
165	Capture Pages Workflow: Corral processors to quiesce the system.	Analytic
166	Capture Pages Workflow: Uncorral processors to quiesce the system.	Analytic
167	Capture Pages Workflow: Capture memory pages.	Operational
168	Capture Pages Workflow: MmDuplicateMemory failed.	Operational
169	Callout for %1 (included %2).	Operational
201	Live Dump Write Deferred Dump Data API started.	Analytic
202	Live Dump Write Deferred Dump Data API ended.	Operational
203	Write deferred dump data to file started.	Operational
204	Write deferred dump data to file ended.	Operational
251	Live Dump Discard Deferred Dump Data API started.	Analytic
252	Live Dump Discard Deferred Dump Data API ended.	Operational
271	AllowLiveDump policy.	Operational
272	AllowLiveDump policy value changed (AllowLiveDump = %1).	Operational
273	LiveDump disabled on boot by policy (AllowLiveDump = %1).	Operational

Event ID 1 — Live Dump Capture Dump Data API started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Live Dump Capture Dump Data API started.  Flags: %1.  AddPagesControl: %2

Fields

Name	Description
`ControlFlags`	—
`AddPagesControl`	—

Event ID 2 — Live Dump Capture Dump Data API ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Live Dump Capture Dump Data API ended. NT Status: %1.  BugcheckCode: %2. BugcheckParameter1: %3. BugcheckParameter2: %4. BugcheckParameter3: %5. BugcheckParameter4: %6. AbortIfMemoryPressure: %7. DumpCaptureDuration: %8ms. SelectiveDump: %9. DynamicLowMemoryThreshold: %10 bytes.  AvailablePhysicalMemory: %11 bytes.  TotalPhysicalMemory: %12 bytes.  IOSpaceEnabled: %13.

Fields

Name	Description
`NTStatus`	—
`BugcheckCode`	—
`BugCheckParameter1`	—
`BugCheckParameter2`	—
`BugCheckParameter3`	—
`BugCheckParameter4`	—
`AbortIfMemoryPressure`	—
`DumpCaptureDuration_ms`	—
`SelectiveDump`	—
`DynamicLowMemoryThresholdBytes`	—
`AvailablePhysicalMemoryInBytes`	—
`TotalPhysicalMemoryInBytes`	—
`IOSpaceEnabled`	—

Event ID 3 — Writing dump file started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Writing dump file started.

Event ID 4 — Writing dump file ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Writing dump file ended. NT Status: %1. Total %2 bytes (Header|Primary|Secondary: %3|%4|%5 bytes). DumpWriteDuration: %6ms.

Fields

Name	Description
`Writing_dump_file_ended_NT_Status`	Writing dump file ended. NT Status.
`NTStatus`	—
`TotalBytes`	—
`HeaderBytes`	—
`PrimaryDataBytes`	—
`SecondaryDataBytes`	—
`DumpWriteDuration_ms`	—

Event ID 5 — Live Dump request aborted due to memory pressure on system

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Live Dump request aborted due to memory pressure on system

Event ID 6 — LiveDump Event Generic

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

LiveDump Event Generic

Fields

Name	Description
`LiveDumpEventDescription`	—
`Parameter1Name`	—
`Parameter1Value`	—
`Parameter2Name`	—
`Parameter2Value`	—
`Parameter3Name`	—
`Parameter3Value`	—
`Parameter4Name`	—
`Parameter4Value`	—
`Parameter5Name`	—
`Parameter5Value`	—
`Parameter6Name`	—
`Parameter6Value`	—
`Parameter7Name`	—
`Parameter7Value`	—
`Parameter8Name`	—
`Parameter8Value`	—

Event ID 101 — Sizing Workflow: Mirroring started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: Mirroring started.

Event ID 102 — Sizing Workflow: Mirroring Phase 0 ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Mirroring Phase 0 ended.

Event ID 103 — Sizing Workflow: Mirroring Phase 1 ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Mirroring Phase 1 ended.

Event ID 104 — Sizing Workflow: System Quiesce started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: System Quiesce started.

Event ID 105 — Sizing Workflow: System Quiesce ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: System Quiesce ended.

Event ID 106 — Sizing Workflow: Estimation.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: Estimation. NT: %2 bytes (Minimum %1 bytes). Hypervisor: Primary %3 bytes. Secondary %4 bytes.

Fields

Name	Description
`Sizing_Workflow_Estimation_NT`	—
`NtEstimatedRequiredPrimaryDataBytes`	—
`NtEstimatedPrimaryDataBytes`	—
`HvEstimatedPrimaryDataBytes`	—
`HvEstimatedSecondaryDataBytes`	—
`SkEstimatedPrimaryDataBytes`	—
`MemoryEstimationDuration_ms`	—
`SystemQuiescedDuration_ms`	—
`EndMirroringPhasesDuration_ms`	—
`MirrorPhysicalMemoryDuration_ms`	—
`MirrorPhysicalMemorySizeInBytes`	—
`HvlCalculateLiveDumpSizeDuration_ms`	—

Event ID 107 — Sizing Workflow: Allocation.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: Allocation. NT: %1 bytes. Hypervisor: Primary %2 bytes. Secondary %3 bytes.

Fields

Name	Description
`Sizing_Workflow_Allocation_NT`	Sizing Workflow: Allocation. NT.
`NtPrimaryDataBytes`	—
`HvPrimaryDataBytes`	—
`HvSecondaryDataBytes`	—
`SkPrimaryDataBytes`	—
`AllocateDumpBuffersDuration_ms`	—
`AllocateExtraBuffersDuration_ms`	—
`HvlPrepareLivedumpDescriptorDuration_ms`	—

Event ID 108 — Sizing Workflow: RemovePages Callbacks started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: RemovePages Callbacks started.

Event ID 109 — Sizing Workflow: RemovePages Callbacks ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: RemovePages Callbacks ended.

Event ID 110 — Sizing Workflow: RemovePages Callback %1 started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: RemovePages Callback %1 started.

Fields

Name	Description
`CallbackIdentifier`	—

Event ID 111 — Sizing Workflow: RemovePages Callback %1 ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: RemovePages Callback %1 ended.

Fields

Name	Description
`CallbackIdentifier`	—

Event ID 112 — Sizing Workflow: RemovePages Callback %1 failed.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: RemovePages Callback %1 failed. NT Status: %2.

Fields

Name	Description
`CallbackIdentifier`	—
`NTStatus`	—

Event ID 113 — Sizing workflow: %1 pages estimated to be allocated and %2 pages allocated.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing workflow: %1 pages estimated to be allocated and %2 pages allocated (VM memory partition's IOSpace|VM memory partition|System partition's IOSpace|System partition: %3|%4|%5|%6 pages). Limit dump file size: %7. Dump file size limit: %8 bytes. Dump file size limit reached: %9. Aborted while buffer allocation: %10.

Fields

Name	Description
`Sizing_workflow`	—
`Dump_file_size_limit`	—
`bytes_Dump_file_size_limit_reached`	—
`Aborted_while_buffer_allocation`	—
`EstimatedPageCount`	—
`AllocatedPageCount`	—
`VMMemoryPartitionIOSpaceAllocatedPages`	—
`VMMemoryPartitionAllocatedPages`	—
`SystemPartitionIOSpaceAllocatedPages`	—
`SystemPartitionAllocatedPages`	—
`LimitDumpFileSize`	—
`DumpFileSizeLimitInBytes`	—
`DumpFileSizeLimitReached`	—
`AbortWhileBufferAllocation`	—

Event ID 114 — Sizing Workflow: Query Hvl for dump size failed.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: Query Hvl for dump size failed. NT Status: %1.

Fields

Name	Description
`NTStatus`	—

Event ID 115 — Sizing Workflow: Open VM memory partition failed.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: Open VM memory partition failed. NT Status: %1

Fields

Name	Description
`NTStatus`	—

Event ID 116 — Sizing Workflow: Buffer allocation from the VM memory partition failed.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: Buffer allocation from the VM memory partition failed. NT Status: %1

Fields

Name	Description
`NTStatus`	—

Event ID 117 — Sizing Workflow: Capture processor context when the system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Capture processor context when the system is quiesced. Duration: %1ms.

Fields

Name	Description
`Duration_ms`	—

Event ID 118 — Sizing Workflow: Mark required dump data when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Mark required dump data when system is quiesced. Duration: %1ms.

Fields

Name	Description
`MarkRequiredDumpDataDuration_ms`	—

Event ID 119 — Sizing Workflow: Mark important dump data when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Mark important dump data when system is quiesced. Duration: %1ms.

Fields

Name	Description
`MarkImportantDumpDataDuration_ms`	—

Event ID 120 — Sizing Workflow: Populate bitmap for dump when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Populate bitmap for dump when system is quiesced. PopulateBitmapForDumpDuration: %1ms. RemoveSystemCacheFromDumpDuration %2ms.

Fields

Name	Description
`PopulateBitmapForDumpDuration_ms`	—
`RemoveSystemCacheFromDumpDuration_ms`	—

Event ID 121 — Sizing Workflow: Corral processors to quiesce the system.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Corral processors to quiesce the system. CorralDuration: %1ms. DisableInterruptsDuration: %2ms. SaveSupervisorStateDuration: %3ms. SuspendClockTimerDuration: %4ms.

Fields

Name	Description
`CorralDuration_ms`	—
`DisableInterruptsDuration_ms`	—
`SaveSupervisorStateDuration_ms`	—
`SuspendClockTimerDuration_ms`	—

Event ID 122 — Sizing Workflow: Uncorral processors to quiesce the system.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Sizing Workflow: Uncorral processors to quiesce the system. UncorralDuration: %1ms. EnableInterruptsDuration: %2ms. RestoreSupervisorStateDuration: %3ms. ResumeClockTimerDuration: %4ms.

Fields

Name	Description
`UncorralDuration_ms`	—
`EnableInterruptsDuration_ms`	—
`RestoreSupervisorStateDuration_ms`	—
`ResumeClockTimerDuration_ms`	—

Event ID 123 — Sizing Workflow: MmDuplicateMemory failed.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: MmDuplicateMemory failed. NT Status: %1. MirrorInProgress: %2.

Fields

Name	Description
`NTStatus`	—
`MirrorInProgress`	—

Event ID 124 — IO space utilization disabled when HV/SK pages requested, NoSecrets mode disabled, and SK running.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

IO space utilization disabled when HV/SK pages requested, NoSecrets mode disabled, and SK running.

Event ID 125 — Callout for %1 (included %2).

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Callout for %1 (included %2).

Fields

Name	Description
`Callout`	—
`Included`	—

Event ID 126 — Sizing Workflow: Call to Hvl for preparing livedump descriptor failed.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Sizing Workflow: Call to Hvl for preparing livedump descriptor failed. NT Status: %1

Fields

Name	Description
`NTStatus`	—

Event ID 151 — Capture Pages Workflow: Mirroring started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Mirroring started.

Event ID 152 — Capture Pages Workflow: Mirroring Phase 0 ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Mirroring Phase 0 ended.

Event ID 153 — Capture Pages Workflow: Mirroring Phase 1 ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Mirroring Phase 1 ended.

Event ID 154 — Capture Pages Workflow: System Quiesce started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Capture Pages Workflow: System Quiesce started.

Event ID 155 — Capture Pages Workflow: System Quiesce ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Capture Pages Workflow: System Quiesce ended.

Event ID 156 — Capture Pages Workflow: Copy memory pages started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Capture Pages Workflow: Copy memory pages started.

Event ID 157 — Capture Pages Workflow: Copy memory pages ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Capture Pages Workflow: Copy memory pages ended.

Event ID 158 — Capture Pages Workflow: Capture processor context when the system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Capture processor context when the system is quiesced. Duration: %1ms.

Fields

Name	Description
`Duration_ms`	—

Event ID 159 — Capture Pages Workflow: Mark required dump data when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Mark required dump data when system is quiesced. Duration: %1ms.

Fields

Name	Description
`MarkRequiredDumpDataDuration_ms`	—

Event ID 160 — Capture Pages Workflow: Mark important dump data when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Mark important dump data when system is quiesced. Duration: %1ms.

Fields

Name	Description
`MarkImportantDumpDataDuration_ms`	—

Event ID 161 — Capture Pages Workflow: Populate bitmap for dump when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Populate bitmap for dump when system is quiesced. PopulateBitmapForDumpDuration: %1ms. RemoveSystemCacheFromDumpDuration %2ms.

Fields

Name	Description
`PopulateBitmapForDumpDuration_ms`	—
`RemoveSystemCacheFromDumpDuration_ms`	—

Event ID 162 — Capture Pages Workflow: Collect Hvl dump when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Collect Hvl dump when system is quiesced. Duration: %1ms.

Fields

Name	Description
`Duration_ms`	—

Event ID 163 — Capture Pages Workflow: Generate Ipt secondary data when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Generate Ipt secondary data when system is quiesced. Duration: %1ms.

Fields

Name	Description
`Duration_ms`	—

Event ID 164 — Capture Pages Workflow: Initiate state change to copy contents of marked pages when system is quiesced.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Initiate state change to copy contents of marked pages when system is quiesced. Duration: %1ms.

Fields

Name	Description
`Duration_ms`	—

Event ID 165 — Capture Pages Workflow: Corral processors to quiesce the system.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Corral processors to quiesce the system. CorralDuration: %1ms. DisableInterruptsDuration: %2ms. SaveSupervisorStateDuration: %3ms. SuspendClockTimerDuration: %4ms.

Fields

Name	Description
`CorralDuration_ms`	—
`DisableInterruptsDuration_ms`	—
`SaveSupervisorStateDuration_ms`	—
`SuspendClockTimerDuration_ms`	—

Event ID 166 — Capture Pages Workflow: Uncorral processors to quiesce the system.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Capture Pages Workflow: Uncorral processors to quiesce the system. UncorralDuration: %1ms. EnableInterruptsDuration: %2ms. RestoreSupervisorStateDuration: %3ms. ResumeClockTimerDuration: %4ms.

Fields

Name	Description
`UncorralDuration_ms`	—
`EnableInterruptsDuration_ms`	—
`RestoreSupervisorStateDuration_ms`	—
`ResumeClockTimerDuration_ms`	—

Event ID 167 — Capture Pages Workflow: Capture memory pages.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Capture Pages Workflow: Capture memory pages. MemoryCaptureDuration: %1ms. SystemQuiescedDuration: %2ms. EndMirroringPhasesDuration: %3ms. MirrorPhysicalMemoryDuration: %4ms. MirrorPhysicalMemorySizeInBytes: %5 bytes. HvlCollectLivedumpDuration: %6ms. DumpDataBufferingDuration: %7ms.

Fields

Name	Description
`MemoryCaptureDuration_ms`	—
`SystemQuiescedDuration_ms`	—
`EndMirroringPhasesDuration_ms`	—
`MirrorPhysicalMemoryDuration_ms`	—
`MirrorPhysicalMemorySizeInBytes`	—
`HvlCollectLivedumpDuration_ms`	—
`DumpDataBufferingDuration_ms`	—

Event ID 168 — Capture Pages Workflow: MmDuplicateMemory failed.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Capture Pages Workflow: MmDuplicateMemory failed. NT Status: %1. MirrorInProgress: %2.

Fields

Name	Description
`NTStatus`	—
`MirrorInProgress`	—

Event ID 169 — Callout for %1 (included %2).

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Callout for %1 (included %2).

Fields

Name	Description
`Callout`	—
`Included`	—

Event ID 201 — Live Dump Write Deferred Dump Data API started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Live Dump Write Deferred Dump Data API started.

Event ID 202 — Live Dump Write Deferred Dump Data API ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Live Dump Write Deferred Dump Data API ended. NT Status: %1. BugcheckCode: %2. BugcheckParameter1: %3. BugcheckParameter2: %4. BugcheckParameter3: %5. BugcheckParameter4: %6. DumpWriteDuration: %8ms.  SelectiveDump: %9. DynamicLowMemoryThreshold: %10 bytes.  AvailablePhysicalMemory: %11 bytes.  TotalPhysicalMemory: %12 bytes.  IOSpaceEnabled: %13.

Fields

Name	Description
`NTStatus`	—
`BugcheckCode`	—
`BugCheckParameter1`	—
`BugCheckParameter2`	—
`BugCheckParameter3`	—
`BugCheckParameter4`	—
`AbortIfMemoryPressure`	—
`DumpCaptureDuration_ms`	—
`SelectiveDump`	—
`DynamicLowMemoryThresholdBytes`	—
`AvailablePhysicalMemoryInBytes`	—
`TotalPhysicalMemoryInBytes`	—
`IOSpaceEnabled`	—

Event ID 203 — Write deferred dump data to file started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Write deferred dump data to file started.

Event ID 204 — Write deferred dump data to file ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Write deferred dump data to file ended. NT Status: %1. Total %2 bytes (Header|Primary|Secondary: %3|%4|%5 bytes). DumpWriteDuration: %6ms.

Fields

Name	Description
`NTStatus`	—
`TotalBytes`	—
`HeaderBytes`	—
`PrimaryDataBytes`	—
`SecondaryDataBytes`	—
`DumpWriteDuration_ms`	—

Event ID 251 — Live Dump Discard Deferred Dump Data API started.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Analytic

Message

Live Dump Discard Deferred Dump Data API started.

Event ID 252 — Live Dump Discard Deferred Dump Data API ended.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

Live Dump Discard Deferred Dump Data API ended. NT Status: %1. BugcheckCode: %2. BugcheckParameter1: %3. BugcheckParameter2: %4. BugcheckParameter3: %5. BugcheckParameter4: %6.

Fields

Name	Description
`NTStatus`	—
`BugcheckCode`	—
`BugCheckParameter1`	—
`BugCheckParameter2`	—
`BugCheckParameter3`	—
`BugCheckParameter4`	—
`AbortIfMemoryPressure`	—
`DumpCaptureDuration_ms`	—
`SelectiveDump`	—
`DynamicLowMemoryThresholdBytes`	—
`AvailablePhysicalMemoryInBytes`	—
`TotalPhysicalMemoryInBytes`	—
`IOSpaceEnabled`	—

Event ID 271 — AllowLiveDump policy.

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

AllowLiveDump policy: %1.

Fields

Name	Description
`AllowLiveDump_policy`	—
`OperationType`	—

Event ID 272 — AllowLiveDump policy value changed (AllowLiveDump = %1).

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

AllowLiveDump policy value changed (AllowLiveDump = %1). Configure live dump. NT status: %2

Fields

Name	Description
`PolicyValue`	—
`NTStatus`	—

Event ID 273 — LiveDump disabled on boot by policy (AllowLiveDump = %1).

Provider: Microsoft-Windows-Kernel-LiveDump
Channel: Operational

Message

LiveDump disabled on boot by policy (AllowLiveDump = %1).

Fields

Name	Description
`PolicyValue`	—