Process information in dump

Question

I learnt that .tlist command in windbg dumps all the processes running in the system at the time of creating crash dump.

I would like to see the Memory Information of each process. So that it will help me to see if the system is over loaded by any specific process.

Answer 1

!process 0 1 will list all the processes and show memory related info for each. I issued this command using livekd and got all the processes. And here's my chrome process (which I picked out from the output):

PROCESS fffffa8007cb4200
SessionId: 1  Cid: 1158    Peb: 7efdf000  ParentCid: 0ff8
DirBase: 1b7962000  ObjectTable: fffff8a00addb010  HandleCount: 135.
Image: chrome.exe
VadRoot fffffa80090a6f80 Vads 169 Clone 0 Private 4037. Modified 3702. Locked 0.
DeviceMap 0000000000000000
Token                             fffff8a0091f9120
ElapsedTime                       00:05:49.161
UserTime                          00:00:00.000
KernelTime                        00:00:00.000
QuotaPoolUsage[PagedPool]         0
QuotaPoolUsage[NonPagedPool]      0
Working Set Sizes (now,min,max)  (8020, 50, 345) (32080KB, 200KB, 1380KB)
PeakWorkingSetSize                10137
VirtualSize                       144 Mb
PeakVirtualSize                   151 Mb
PageFaultCount                    66631
MemoryPriority                    BACKGROUND
BasePriority                      8
CommitCharge                      5784
Job                               fffffa8009822e30

Note memory related properties such as "Working Set Sizes", "Virtual Size", etc.

ps. Works with livekd and with system memory dumps (which I believe is what livekd does).

Marc

Answer 2

This information is not contained in process dump. .tlist queries your current system, not the state when the dump was taken. If you can take a system dump, than you can check out processes and their memory usage, as Marc Sherman already answered.