minidump

How can I create objects based on dump file memory in a WinDbg extension?

十年热恋 提交于 2019-12-20 14:39:43
问题 I work on a large application, and frequently use WinDbg to diagnose issues based on a DMP file from a customer. I have written a few small extensions for WinDbg that have proved very useful for pulling bits of information out of DMP files. In my extension code I find myself dereferencing c++ class objects in the same way, over and over, by hand. For example: Address = GetExpression("somemodule!somesymbol"); ReadMemory(Address, &addressOfPtr, sizeof(addressOfPtr), &cb); // get the actual

What is minimum MINIDUMP_TYPE set to dump native C++ process that hosts .net component to be able to use !clrstack in windbg

烂漫一生 提交于 2019-12-17 19:26:24
问题 There is native C++ application that hosts several .net components. When some error occurs this application creates mini dump using MiniDumpWriteDump function. Question here what is minimum set of [Flags ]enum MINIDUMP_TYPE { MiniDumpNormal = 0x00000000, MiniDumpWithDataSegs = 0x00000001, MiniDumpWithFullMemory = 0x00000002, MiniDumpWithHandleData = 0x00000004, MiniDumpFilterMemory = 0x00000008, MiniDumpScanMemory = 0x00000010, MiniDumpWithUnloadedModules = 0x00000020,

Failed to write core dump. minidumps are not enabled by default on client version of windows

只愿长相守 提交于 2019-12-12 08:47:49
问题 I have this Java class I am trying to run using Eclipse Mars.1 IDE. Here's the code : import com.xuggle.mediatool.IMediaReader; import com.xuggle.mediatool.IMediaWriter; import com.xuggle.mediatool.ToolFactory; import com.xuggle.xuggler.ICodec; public class VideoToAudio { public void convertVideoToAudio(){ IMediaReader reader = ToolFactory.makeReader("C:/Users/hbxd78/Desktop/test.mp4"); IMediaWriter writer = ToolFactory.makeWriter("C:/Users/hbxd78/Desktop/agf.mp3", reader); int sampleRate =

CDB is unable to load dump file but VS 2013 loads it fine

那年仲夏 提交于 2019-12-11 18:08:54
问题 I have built an automated crash dump analysis, but I can't get CDB to load a specific crash dump. It loads just fine in VS 2013. I'm using the Debugger Tool from the Windows Driver Kits 8.1 (6.3.9600.16384) which seems to be the latest one. When I run cdb.exe on the file, I get: C:\Users\me>"C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64\cdb.exe" -z "D:\DumpFiles\crashdump.mdmp" Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64 Copyright (c) Microsoft Corporation. All rights

windbg dump command fails with error 0x8007012b

允我心安 提交于 2019-12-10 15:55:57
问题 A customer is attempting to capture a minidump of a hang. He fires up WindDbg and successfully attaches to the process. WinDbg displays its header: Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. and the loaded modules are enumerated. He enters a dump command: .dump /m c:\problem.dmp It reports: Creating c:\problem.dmp - mini user dump WriteMemoryFromProcess.Read(0x1f1e000, 0x2000) failed, 0x8007012b Dump creation failed,

Invalid call stack in crash dump due to mismatched/missing *system* binary file?

浪尽此生 提交于 2019-12-10 12:18:36
问题 Got this callstack when I open a Windows crash dump in Visual Studio 2005: > myprog.exe!app_crash::CommonUnhandledExceptionFilter(_EXCEPTION_POINTERS * pExceptionInfo=0x0ef4f318) Line 41 C++ pdm.dll!513fb8e2() [Frames below may be incorrect and/or missing, no symbols loaded for pdm.dll] kernel32.dll!_UnhandledExceptionFilter@4() + 0x1c7 bytes ... Looking at the module load info: ... 'DumpFM-V235_76_1_0-20110412-153403-3612-484.dmp': Loaded '*C:\Program Files\Common Files\Microsoft Shared

Windbg分析DMP文件

北城以北 提交于 2019-12-10 04:12:21
1、提取Dump格式文件   有两种方式:   第一种,程序崩溃时,启动任务管理器,选择崩溃的*.exe进程,右键选择创建转储文件,通过  开始—运行—输入 %temp% --确定--在打开Temp窗口中即可找到*.dmp文件。   第二种,通过windbg生成dump 文件。   步骤:    1) 打开Windbg并将之Attach 到crash的程序进程   2) 输入产生dump 文件的命令   Windbg产生dump 文件的命令是 .dump ,可以选择不同的参数来生成不同类型的dump文件。   选项(1): /m     命令行示例:.dump /m C:\dumps\*.dmp     注解: 缺省选项,生成标准的minidump, 转储文件通常较小,便于在网络上通过邮件或其他方式传输。 这种文件的信息量较少,        只包含系统信息、加载的模块(DLL)信息、 进程信息和线程信息。     选项(2): /ma     命令行示例:.dump /ma C:\dumps\*.dmp     注解: 带有尽量多选项的minidump(包括完整的内存内容、句柄、未加载的模块,等等),文件很大(第一种方法产生的DMP文件        大小与此相同),但如果条件允许(本机调试,局域网环境), 推荐使用这中dump。     选项(3):/mFhutwd    

installing debugging tools to analyse minidumps on windows 7

别说谁变了你拦得住时间么 提交于 2019-12-09 16:43:00
问题 I've been trying to install the 'Debugging Tools', in order to try to analyse the dump file a server-crash (Windows Server 2008 R2). I used to do this in the past, but I cannot find how to install / locate the Debugging Tools for Windows 7. I've read this KB article: http://support.microsoft.com/kb/315263. I've then tried to download the 'Debugging Tools for Windows' from the following article (http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx). I chose the 'Install Debugging

Embedding thread names in Windows minidump files

大城市里の小女人 提交于 2019-12-08 04:15:55
问题 Our 32-bit C++ application names its threads using the standard approach on Windows. We generate minidumps when errors occur, but when the dumps are loaded into Visual Studio 2013 the thread names are missing. This makes it harder to debug the problem given the high number of threads present. The only way I've heard of to improve this comes from this Microsoft User Voice posting, where the caller suggests embedding them in a custom stream, and writing a custom Visual Studio extension to

WinDbg调试的前因后果

天涯浪子 提交于 2019-12-07 16:33:44
参考文章: 文章一 , 文章二 , 文章三 , 文章四 事情的起因是这样子的,一次在qq群里有人问了这么一个问题 ,“如果我的程序崩溃了,我想把崩溃时的地址和寄存器值显示出来用什么方法啊”,看到这个问题就想起了有时用vs调试器调试程序时弹出的一个什么提示都没有的警告框,只是说某某地址访问冲突了,但是这些信息对于找到是程序什么地方出问题基本没有什么帮助,要是程序恰好有一个指针形状的东西指向了程序的某行代码那还好说,可以在他附近仔细找找有什么问题,要是没有这个指针形状的东西基本上就是抓瞎了。 然后群里有大神回复了可以使用一个开源库“crashrpt”或者使用“ms的dbghelp”,基于我以往的认识,开源的东西往往文档很少,而且我最近的打算是把ms的一套东西都尽可能地多了解,于是想着看看dbghelp,至于crashrpt,虽然说上面那个大神更加推崇,只能暂时放弃。 在网上继续搜索,发现dbghelp原来只是ms里面的一个动态链接库,就是dbghelp.dll这个库,之前还以为它是一个可以执行的小工具。那么显然接下来就是搜寻这个库的使用方法了,一个我可以很容易理解的用法如下(来着 这篇文章 ),它的基本思路是在程序出错时会将错误信息写入dump文件中,基于此,它自己定义了一个minidump.h文件,这个头文件非常小,使用时包含它就可以了。这个是 下载链接 。 #include
订阅 minidump