How to get memory dump file?

Question

How to get memory dump file?

Closed this issue 9 years ago · 1 comments

Hey
When a crash happens, we get a .crash file and a .log file. but we are not able to analyze .crash file inside windbg as it has different file format than actual memory dump file. So is there a way, I can get the dump file from .crash file or I can analyze .crash itself by any other means?

Answer 1 · 2015-05-07T10:20:43.000Z

The .crash file is text file containing some debugger output like stack trace, registers, some disassembly around EIP and so on. If you have set up encryption you will need to decrypt the .crash file first [0].

If you want to get proper memory dumps that you can open in WinDbg you could try experimenting with the MiniDumpWriteDump API [1]. Modifying the grinder node debugger [2] to call MiniDumpWriteDump instead (or as well as) generating the text .crash file should work nicely.

[0] https://github.com/stephenfewer/grinder#setting-up-encryption-for-crash-information
[1] https://msdn.microsoft.com/en-us/library/ms680360.aspx
[2] https://github.com/stephenfewer/grinder/blob/master/node/core/debug/debugger.rb#L414