DumpType = 0xA, Kernel range dump

Question

DumpType = 0xA, Kernel range dump

0vercl0k opened this issue 2 years ago · 0 comments

Based on 0vercl0k/wtf#139 this looks like yet another new dump format:

kd> dx @$cursession
@$cursession                 : 64-bit Kernel range dump: testapps\state\mem.dmp

It doesn't seem to be supported by the dbgeng.dll shipped w/ the regular windbg that I got in the SDK:

0:000> lmvm dbgeng
Browse full module list
start             end                 module name
00000001`80000000 00000001`8087a000   dbgeng     (pdb symbols)          c:\work\dbg\sym\dbgeng.pdb\DA8D57515A772495F39B6FECD19C2C8D1\dbgeng.pdb
    Loaded symbol image file: dbgeng.dll
    Mapped memory image file: c:\program Files (x86)\windows kits\10\debuggers\x64\dbgeng.dll
    Image path: c:\program Files (x86)\windows kits\10\debuggers\x64\dbgeng.dll
    Image name: dbgeng.dll
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        2249EE61 (This is a reproducible build file hash, not a timestamp)
    CheckSum:         0084EADC
    ImageSize:        0087A000
    File version:     10.0.22621.1
    Product version:  10.0.22621.1
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     DbgEng.Dll
        OriginalFilename: DbgEng.Dll
        ProductVersion:   10.0.22621.1
        FileVersion:      10.0.22621.1 (WinBuild.160101.0800)
        FileDescription:  Windows Symbolic Debugger Engine
        LegalCopyright:   © Microsoft Corporation. All rights reserved.