hello,
in a crash dump file, the lmvm command gives the date stamp. but i want the
actual file version which had the build number etc, the one we embed with
the rc file. how can i et that in windbg?
A P wrote:
in a crash dump file, the lmvm command gives the date stamp. but i
want the actual file version which had the build number etc, the one
we embed with the rc file. how can i et that in windbg?
That’s asking quite a lot. I’m not sure the resources section is
guaranteed to stay in memory.
Are you storing your binaries in your symbol cache using symstore? By
doing that, you can map the timestamp to the exact binary.
Do you know how to convert the timestamp to a date and time? The number
is a time_t value, which can be converted to a string using the ctime()
function.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
tim,
thanks for explaining the time stamp.
This is a customer crash, and all we got is a minidump with a totally
illegible stack trace.
No we dont have symstore.
On Thu, Jul 14, 2011 at 2:36 AM, Tim Roberts wrote:
> A P wrote:
> >
> > in a crash dump file, the lmvm command gives the date stamp. but i
> > want the actual file version which had the build number etc, the one
> > we embed with the rc file. how can i et that in windbg?
>
> That’s asking quite a lot. I’m not sure the resources section is
> guaranteed to stay in memory.
>
> Are you storing your binaries in your symbol cache using symstore? By
> doing that, you can map the timestamp to the exact binary.
>
> Do you know how to convert the timestamp to a date and time? The number
> is a time_t value, which can be converted to a string using the ctime()
> function.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
A P wrote:
thanks for explaining the time stamp.
This is a customer crash, and all we got is a minidump with a totally
illegible stack trace.
No we dont have symstore.
The driver’s resource section is definitely not going to be in a minidump.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
On 14-Jul-2011 00:06, Tim Roberts wrote:
A P wrote:
>
> in a crash dump file, the lmvm command gives the date stamp. but i
> want the actual file version which had the build number etc, the one
> we embed with the rc file. how can i et that in windbg?That’s asking quite a lot. I’m not sure the resources section is
guaranteed to stay in memory.Are you storing your binaries in your symbol cache using symstore? By
doing that, you can map the timestamp to the exact binary.Do you know how to convert the timestamp to a date and time? The number
is a time_t value, which can be converted to a string using the ctime()
function.
The resources section normally won’t stay in memory, but I’ve seen some
drivers where it somehow is marked non-discardable and stays resident -
probably for this purpose.
Albert: I have a small program that scans collection of driver packages
and finds the binary by the time stamp.
if you want it, please send me private email.
Regards,
–pa
On Thu, Jul 14, 2011 at 9:11 PM, Pavel A wrote:
> The resources section normally won’t stay in memory, but I’ve seen some
> drivers where it somehow is marked non-discardable and stays resident -
> probably for this purpose.
You can mark resources section (.rsrc) as non-discardable during build
time via linker flag in sources file:
LINKER_FLAGS=/SECTION:.rsrc,!d
Or change section flags after binary is already built (in WDK cmd line):
link -edit -section:.rsrc,!d <your_driver.sys>
Though I’m pretty sure that version information still won’t be
included in minidump.
Kris</your_driver.sys>