How to create a core dump using WinDbg

Question

How to create a core dump using WinDbg

I am debugging a kernel mode device driver for Windows using WinDbg. Is it possible to create a mini pump on demand?

I mean that one of my control points has hit, the system is stopped. I want to create minidump (let only the stack say). Is there a WinDbg keyword for this?

Thanks in advance

+7

kernel windbg minidump

valdo Nov 22 '12 at 20:40

source share

2 answers

Please note that .dump cannot create a core memory dump, only dumps of full or small memory (/ f or / m). To get a kernel memory dump, you need to use the control panel to enable dump file recording, and then use .crash in the debugger to cause a crash that will result in dump file writing.

For more information on how to use it, see the windbg help for .crash, including a link to "Creating a dump file in kernel mode."

+2

Austin donnelly Apr 23 '14 at 15:45

source share

Edchum · Accepted Answer · 2012-11-22T21:18:56+0000

You can write minidump like this when it reaches a breakpoint:

bp myDLL!myFunc ".dump /ma c:\myDump.dmp;g"

This will add a breakpoint to your function and execute the commands in quotation marks, this will write a mini-drive with most flags, and then continue.

See here for more information on .dump and here in the bp syntax.

To unload full memory in user or kernel mode:

 .dump /f

but the /ma switch does provide more user mode information.

If you get an error message:

 Unable to create file 'c:\myDump.dmp' - Win32 error 0n5 "Access is denied."

try writing the file to the c: \ users \ public \ directory.

 .dump /fc:\users\public\myDump.dmp

How to create a core dump using WinDbg

More articles: