LKBEN10868: Howto create a memory dump from an application in windows with windbg
LKB | Created: 02/04/2020 | Version: 0 | Language: EN | Rating: 0 | Outdated: False | Marked for deletion: False
Author: Wim Peeters - Keskon GmbH & Co. KG
Symptom
You can use the windbg debugger to create a crash dump (memory dump) file from a process
Cause
none
Solution
You connect your debugger on a certain process or you start the executable via the debugger and break into the debugger. (via Ctrl-Break or via the menu of the debugger) Now you can dump a memory dump. e.g.
.dump /mfhp c:\temp\gooddump.dmp
There are quite a few options for the parameters. These previous command will create a usefull dump.
more parameters:
m creates a minidump
a Creates a minidump with all optional additions
f Adds full memory data to the minidump. All accessible committed pages owned by the target application will be included.
F Adds all basic memory information
h Adds data about the handles associated with the target application to the minidump.
u Adds unloaded module information to the minidump
t Adds additional thread information to the minidump
i Adds secondary memory to the minidump
p Adds process environment block (PEB) and thread environment block (TEB) data to the minidump
w Adds all committed read-write private pages to the minidump.
d Adds all read-write data segments within the executable image to the minidump.
c Adds code sections within images.
About the Author
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux in different European countries and different European languages. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform where he is one of the most important contributors and the main developer.