Hello,
I read in the windbg documentation that I am unable to create a
kernel-memory-only dump. I can only create a mini-dump and a
full-memory dump. I noticed though that with a minidump, there are
several other options I can specify in order to add more information
to my dump. Is there a way that I could sort of mimic a kernel-dump
using the mini-dump + other options? For convenience, I’ve listed the
options below. What are some useful options that I can use? What are
useless?
Thanks
/m[MiniOptions]
Creates a small memory dump (in kernel mode) or a minidump (in user
mode). If neither /f nor /m is specified, /m is the default.
In user mode, /m can be followed with additional MiniOptions
specifying extra data that is to be included in the dump. If no
MiniOptions are included, the dump will include module, thread, and
stack information, but no additional data. You can add any of the
following MiniOptions to change the contents of the dump file; they
are case-sensitive.
MiniOption Effect
a Creates a minidump with all optional additions. The /ma option is
equivalent to /mfFhut ? it adds full memory data, handle data,
unloaded module information, basic memory information, and thread time
information to the minidump.
f Adds full memory data to the minidump. All accessible committed
pages owned by the target application will be included.
F Adds all basic memory information to the minidump. This adds a
stream to the minidump that contains all basic memory information, not
just information about valid memory. This allows the debugger to
reconstruct the complete virtual memory layout of the process when the
minidump is being debugged.
h Adds data about the handles associated with the target application
to the minidump.
u Adds unloaded module information to the minidump. This is available
only in Windows Server 2003 and later versions of Windows.
t Adds additional thread information to the minidump. This includes
thread times, which can be displayed by using the !runaway extension
or the .ttime (Display Thread Times) command when debugging the
minidump.
i Adds secondary memory to the minidump. Secondary memory is any
memory referenced by a pointer on the stack or backing store, plus a
small region surrounding this address.
p Adds process environment block (PEB) and thread environment block
(TEB) data to the minidump. This can be useful if you need access to
Windows system information regarding the application’s processes and
threads.
w Adds all committed read-write private pages to the minidump.
d Adds all read-write data segments within the executable image to
the minidump.
c Adds code sections within images.
r Deletes from the minidump those portions of the stack and store
memory that are not useful for recreating the stack trace. Local
variables and other data type values are deleted as well. This option
does not make the minidump smaller (because these memory sections are
simply zeroed), but it is useful if you want to protect the privacy of
other applications.
R Deletes the full module paths from the minidump. Only the module
names will be included. This is a useful option if you want to protect
the privacy of the user’s directory structure.
> Is there a way that I could sort of mimic a kernel-dump using the
mini-dump + other options?
No, a mini-dump is a mini-dump, you’re not going to get anything near like
what you get with a kernel summary dump.
Note that there is also the .crash command, which will cause the target
machine to bugcheck. This is handy if you’ve already configured the target
machine to write a crash dump out on bugcheck.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“Jonathon” wrote in message news:xxxxx@windbg…
> Hello,
>
> I read in the windbg documentation that I am unable to create a
> kernel-memory-only dump. I can only create a mini-dump and a
> full-memory dump. I noticed though that with a minidump, there are
> several other options I can specify in order to add more information
> to my dump. Is there a way that I could sort of mimic a kernel-dump
> using the mini-dump + other options? For convenience, I’ve listed the
> options below. What are some useful options that I can use? What are
> useless?
>
> Thanks
>
> ----
>
> /m[MiniOptions]
> Creates a small memory dump (in kernel mode) or a minidump (in user
> mode). If neither /f nor /m is specified, /m is the default.
> In user mode, /m can be followed with additional MiniOptions
> specifying extra data that is to be included in the dump. If no
> MiniOptions are included, the dump will include module, thread, and
> stack information, but no additional data. You can add any of the
> following MiniOptions to change the contents of the dump file; they
> are case-sensitive.
>
> MiniOption Effect
> a Creates a minidump with all optional additions. The /ma option is
> equivalent to /mfFhut — it adds full memory data, handle data,
> unloaded module information, basic memory information, and thread time
> information to the minidump.
> f Adds full memory data to the minidump. All accessible committed
> pages owned by the target application will be included.
> F Adds all basic memory information to the minidump. This adds a
> stream to the minidump that contains all basic memory information, not
> just information about valid memory. This allows the debugger to
> reconstruct the complete virtual memory layout of the process when the
> minidump is being debugged.
> h Adds data about the handles associated with the target application
> to the minidump.
> u Adds unloaded module information to the minidump. This is available
> only in Windows Server 2003 and later versions of Windows.
> t Adds additional thread information to the minidump. This includes
> thread times, which can be displayed by using the !runaway extension
> or the .ttime (Display Thread Times) command when debugging the
> minidump.
> i Adds secondary memory to the minidump. Secondary memory is any
> memory referenced by a pointer on the stack or backing store, plus a
> small region surrounding this address.
> p Adds process environment block (PEB) and thread environment block
> (TEB) data to the minidump. This can be useful if you need access to
> Windows system information regarding the application’s processes and
> threads.
> w Adds all committed read-write private pages to the minidump.
> d Adds all read-write data segments within the executable image to
> the minidump.
> c Adds code sections within images.
> r Deletes from the minidump those portions of the stack and store
> memory that are not useful for recreating the stack trace. Local
> variables and other data type values are deleted as well. This option
> does not make the minidump smaller (because these memory sections are
> simply zeroed), but it is useful if you want to protect the privacy of
> other applications.
> R Deletes the full module paths from the minidump. Only the module
> names will be included. This is a useful option if you want to protect
> the privacy of the user’s directory structure.
>
> ----
>
Thanks Scott. The reason I bring this up is that when the machine
crashes, the target does not generate a dump. I am not sure why. I
have to attach to the machine and forcefully generate a dump when I
get the bug check.
J
On Tue, Mar 2, 2010 at 10:57 AM, Scott Noone wrote:
>> Is there a way that I could sort of mimic a kernel-dump using the
>> mini-dump + other options?
>
> No, a mini-dump is a mini-dump, you’re not going to get anything near like
> what you get with a kernel summary dump.
>
> Note that there is also the .crash command, which will cause the target
> machine to bugcheck. This is handy if you’ve already configured the target
> machine to write a crash dump out on bugcheck.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Jonathon” wrote in message news:xxxxx@windbg…
>>
>> Hello,
>>
>> I read in the windbg documentation that I am unable to create a
>> kernel-memory-only dump. ?I can only create a mini-dump and a
>> full-memory dump. ?I noticed though that with a minidump, there are
>> several other options I can specify in order to add more information
>> to my dump. ?Is there a way that I could sort of mimic a kernel-dump
>> using the mini-dump + other options? ?For convenience, I’ve listed the
>> options below. ?What are some useful options that I can use? What are
>> useless?
>>
>> Thanks
>>
>> ----
>>
>> /m[MiniOptions]
>> Creates a small memory dump (in kernel mode) or a minidump (in user
>> mode). If neither /f nor /m is specified, /m is the default.
>> In user mode, /m can be followed with additional MiniOptions
>> specifying extra data that is to be included in the dump. If no
>> MiniOptions are included, the dump will include module, thread, and
>> stack information, but no additional data. You can add any of the
>> following MiniOptions to change the contents of the dump file; they
>> are case-sensitive.
>>
>> MiniOption Effect
>> a ?Creates a minidump with all optional additions. The /ma option is
>> equivalent to /mfFhut ? it adds full memory data, handle data,
>> unloaded module information, basic memory information, and thread time
>> information to the minidump.
>> f ?Adds full memory data to the minidump. All accessible committed
>> pages owned by the target application will be included.
>> F ?Adds all basic memory information to the minidump. This adds a
>> stream to the minidump that contains all basic memory information, not
>> just information about valid memory. This allows the debugger to
>> reconstruct the complete virtual memory layout of the process when the
>> minidump is being debugged.
>> h ?Adds data about the handles associated with the target application
>> to the minidump.
>> u ?Adds unloaded module information to the minidump. This is available
>> only in Windows Server 2003 and later versions of Windows.
>> t ?Adds additional thread information to the minidump. This includes
>> thread times, which can be displayed by using the !runaway extension
>> or the .ttime (Display Thread Times) command when debugging the
>> minidump.
>> i ?Adds secondary memory to the minidump. Secondary memory is any
>> memory referenced by a pointer on the stack or backing store, plus a
>> small region surrounding this address.
>> p ?Adds process environment block (PEB) and thread environment block
>> (TEB) data to the minidump. This can be useful if you need access to
>> Windows system information regarding the application’s processes and
>> threads.
>> w ?Adds all committed read-write private pages to the minidump.
>> d ?Adds all read-write data segments within the executable image to
>> the minidump.
>> c ?Adds code sections within images.
>> r ?Deletes from the minidump those portions of the stack and store
>> memory that are not useful for recreating the stack trace. Local
>> variables and other data type values are deleted as well. This option
>> does not make the minidump smaller (because these memory sections are
>> simply zeroed), but it is useful if you want to protect the privacy of
>> other applications.
>> R ?Deletes the full module paths from the minidump. Only the module
>> names will be included. This is a useful option if you want to protect
>> the privacy of the user’s directory structure.
>>
>> ----
>>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Yuck, bummer (sorry, should have noticed you’re the one that posted
earlier). .dump /f might be your only friend, if you’re on a 1394 connection
it shouldn’t be too big of a deal. If you’re on serial then start the .dump
and just go home early…
I’ll post some things to look for in the other thread in terms of tracking
down the original issue.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“Jonathon” wrote in message news:xxxxx@windbg…
> Thanks Scott. The reason I bring this up is that when the machine
> crashes, the target does not generate a dump. I am not sure why. I
> have to attach to the machine and forcefully generate a dump when I
> get the bug check.
>
> J
>
> On Tue, Mar 2, 2010 at 10:57 AM, Scott Noone wrote:
>>> Is there a way that I could sort of mimic a kernel-dump using the
>>> mini-dump + other options?
>>
>> No, a mini-dump is a mini-dump, you’re not going to get anything near
>> like
>> what you get with a kernel summary dump.
>>
>> Note that there is also the .crash command, which will cause the target
>> machine to bugcheck. This is handy if you’ve already configured the
>> target
>> machine to write a crash dump out on bugcheck.
>>
>> -scott
>>
>> –
>> Scott Noone
>> Consulting Associate
>> OSR Open Systems Resources, Inc.
>> http://www.osronline.com
>>
>>
>> “Jonathon” wrote in message news:xxxxx@windbg…
>>>
>>> Hello,
>>>
>>> I read in the windbg documentation that I am unable to create a
>>> kernel-memory-only dump. I can only create a mini-dump and a
>>> full-memory dump. I noticed though that with a minidump, there are
>>> several other options I can specify in order to add more information
>>> to my dump. Is there a way that I could sort of mimic a kernel-dump
>>> using the mini-dump + other options? For convenience, I’ve listed the
>>> options below. What are some useful options that I can use? What are
>>> useless?
>>>
>>> Thanks
>>>
>>> ----
>>>
>>> /m[MiniOptions]
>>> Creates a small memory dump (in kernel mode) or a minidump (in user
>>> mode). If neither /f nor /m is specified, /m is the default.
>>> In user mode, /m can be followed with additional MiniOptions
>>> specifying extra data that is to be included in the dump. If no
>>> MiniOptions are included, the dump will include module, thread, and
>>> stack information, but no additional data. You can add any of the
>>> following MiniOptions to change the contents of the dump file; they
>>> are case-sensitive.
>>>
>>> MiniOption Effect
>>> a Creates a minidump with all optional additions. The /ma option is
>>> equivalent to /mfFhut — it adds full memory data, handle data,
>>> unloaded module information, basic memory information, and thread time
>>> information to the minidump.
>>> f Adds full memory data to the minidump. All accessible committed
>>> pages owned by the target application will be included.
>>> F Adds all basic memory information to the minidump. This adds a
>>> stream to the minidump that contains all basic memory information, not
>>> just information about valid memory. This allows the debugger to
>>> reconstruct the complete virtual memory layout of the process when the
>>> minidump is being debugged.
>>> h Adds data about the handles associated with the target application
>>> to the minidump.
>>> u Adds unloaded module information to the minidump. This is available
>>> only in Windows Server 2003 and later versions of Windows.
>>> t Adds additional thread information to the minidump. This includes
>>> thread times, which can be displayed by using the !runaway extension
>>> or the .ttime (Display Thread Times) command when debugging the
>>> minidump.
>>> i Adds secondary memory to the minidump. Secondary memory is any
>>> memory referenced by a pointer on the stack or backing store, plus a
>>> small region surrounding this address.
>>> p Adds process environment block (PEB) and thread environment block
>>> (TEB) data to the minidump. This can be useful if you need access to
>>> Windows system information regarding the application’s processes and
>>> threads.
>>> w Adds all committed read-write private pages to the minidump.
>>> d Adds all read-write data segments within the executable image to
>>> the minidump.
>>> c Adds code sections within images.
>>> r Deletes from the minidump those portions of the stack and store
>>> memory that are not useful for recreating the stack trace. Local
>>> variables and other data type values are deleted as well. This option
>>> does not make the minidump smaller (because these memory sections are
>>> simply zeroed), but it is useful if you want to protect the privacy of
>>> other applications.
>>> R Deletes the full module paths from the minidump. Only the module
>>> names will be included. This is a useful option if you want to protect
>>> the privacy of the user’s directory structure.
>>>
>>> ----
>>>
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>