I'm not sure why I'm getting such a result. I'm trying to create a complete kernel dump from a live system.
Here's the steps to repro:
- I break into the Win10 kernel with WinDbgX (downloaded from the Windows Store).
- I then run:
0: kd> .dump /f c:\path-to\comp_64.dmp
Creating c:\path-to\comp_64.dmp - Full memory range dump
0% written.
Wrote 101.9 MB in 16 sec.
The average transfer rate was 6.4 MB/s.
Dump successfully written
- Then if I try to open the created .dmp file, I'm getting (also from WinDbg):
Loading Dump File [c:\path-to\comp_64.dmp]
Kernel Complete Dump File: Full address space is available
************************************************************
WARNING: Dump file has been truncated. Data may be missing.
************************************************************
and a bunch of errors and warnings after that.
Why is it truncating it?
PS. I noticed that if I try to repeat this a few more times, the size of the resulting .dmp file that is saved is different by multiples of KB.