I have a complete memory dump, but I need to generate the user mode dump of specific process for further analysis. Is there any way to do that?
Thanks,
Bronislav
Depending on what scenario you actually want to handle you have couple
of options here:
- Attach windbg to a given process and use ‘.dump’ command to create
dump manually. - Use built-in task manager or Sysinternals’ Process Explorer (right
click on process and then pick dump item). - Use combination of MiniDumpWriteDump() and
SetUnhandledExceptionFilter() APIs to create dump automatically when
your application crashes. - Configure WER (Windows Error Reporting - see
http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx)
to create them automatically - this is global setting so dumps will be
created automatically for any crashing application.
Kris
On Wed, Aug 14, 2013 at 8:48 AM, wrote:
> I have a complete memory dump, but I need to generate the user mode dump of specific process for further analysis. Is there any way to do that?
>
> Thanks,
> Bronislav
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kris
Kris,
thanks for the response. I am sorry I was not clear enough. Unfortunately I am not investigating the live system. I am doing a post-mortem analysis of the complete memory dump. The process which I want to have dumped separately is a JVM and I would like to investigate the state of JVM threads. I can see just native threads, which is not very helpful for me.
Thanks,
Bronislav
By complete memory dump you mean Windows complete system memory dump,
right? If so then the only thing you can do is to investigate state of
native threads in this JVM process (eg. ‘!process 0 1f
<jvm_image_name.exe>’). I don’t think there is anything similar to
.NET SOS extensions for java.
And no, you can’t just extract JVM process data to separate dump.
The only possibility that I can think of would be to load PDB/symbol
file for this JVM (native) process (I don’t know if they are actually
available) and try to manually reconstruct java threads (and decode
them with whatever symbolic information you have in java world). Or
better yet write debugger extension to do it.
Kris
On Wed, Aug 14, 2013 at 11:56 AM, wrote:
> Kris,
>
> thanks for the response. I am sorry I was not clear enough. Unfortunately I am not investigating the live system. I am doing a post-mortem analysis of the complete memory dump. The process which I want to have dumped separately is a JVM and I would like to investigate the state of JVM threads. I can see just native threads, which is not very helpful for me.
>
> Thanks,
> Bronislav
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kris</jvm_image_name.exe>
Kris,
right, it is the complete system memory dump. It seems that there is no acceptable/easy way how to analyze the internal JVM state. My thought was to gain the user mode process dump and use java tools on it.
I appreciate your help.
Thanks