The crash dump driver stack, or just “crash dump stack”, refers to a series of drivers that work together to implement the crash dump mechanism in Windows.
A driver stack is a fundamental concept to the Windows Driver Model (WDM) and later driver frameworks present in the Windows operating system. Simply put, a driver stack is a series of layered drivers that work together to complete a task. An example is a mass storage driver stack that passes input/output (I/O) requests back and forth to complete operations. Typical driver stacks that control physical hardware have several key components:
- Port driver – an abstraction interface provided by the operating system; it hides underlying protocol details from class driver
- Miniport driver – a manufacturer-supplied driver to interface with physical hardware (Host Bus Adapter/HBA); it is linked against a port driver for a specific transport technology
- Class driver – a driver that abstracts the underlying technology of a category of devices that share similar qualities (e.g., cdrom.sys)
These types of drivers are present in any hardware stack in Windows – from network and mass storage devices to peripherals such as keyboards and mice.
The table below shows some common drivers found in the Windows crash dump driver stack.
|Driver Name On Disk||Driver Base Name in Memory||Purpose|
|diskdump.sys||dump_diskdump||SCSI/Storport dump port driver with required exports from scsiport.sys and storport.sys. This driver is unloaded.|
|dumpata.sys||dump_dumpata||IDE/ATA dump port driver with required ataport.sys exports. This driver is unloaded.|
|scsiport.sys||dump_scsiport||The final SCSI/Storport dump port driver.|
|ataport.sys||dump_ataport||The final IDE/ATA dump port driver.|
|atapi.sys||dump_atapi||An older, generic ATAPI miniport driver provided by the OS for IDE/ATA drives|
|vmscsi.sys||dump_vmscsi||The miniport driver provided by VMWare for SCSI drives.|
|LSI_SAS.sys||dump_LSI_SAS||The miniport driver provided by LSI Corporation for serial-attached storage drives.|
|dumpfve.sys||dump_dumpfve||Windows full volume encryption crash dump filter driver|