How can I find a line in a large MEMORY.DMP file generated by Windows BSOD (Windows 8.1 64 bit)?
In 32-bit Windows, the command
s -a 0 ffffffff "my pattern"
seems to work.
But for 64-bit windows
s -a 0 ffffffff`ffffffff "my pattern"
takes almost infinite time, although the total size of MEMORY.DMP is about 400 MB, and a simple one grepcan find a template in seconds.
My goal is to find the virtual address of the line to determine which area of the stack / heap / text was overwritten by it.
I finally resorted to manually interpreting the MEMORY.DMP file format if a link or file format specification is available. Any clues?
source
share