Can WER produce dumps similar to .dump /ma

StackOverflow https://stackoverflow.com/questions/19689712

  •  01-07-2022
  •  | 
  •  

My impression is that dumps produced my winDbg

.dump /ma

contains more than just a full dump

Configuring WER explains DumpType 0: Custom dump CustomDumpFlags bitwise combination of MINIDUMP_TYPE But what hex value gives dumps similar dumps as .dump /ma

All the bit combinations are a bit overwhelming for me.

有帮助吗?

解决方案

WinDbg's .dump /ma saves the dump with these flags:

Flags           41826
                0002 MiniDumpWithFullMemory
                0004 MiniDumpWithHandleData
                0020 MiniDumpWithUnloadedModules
                0800 MiniDumpWithFullMemoryInfo
                1000 MiniDumpWithThreadInfo
                40000 MiniDumpWithTokenInformation

You can verify this by opening the crash dump file in WinDbg and issuing the (undocumented) .dumpdebug command.

So you will want to specify 41826 (hex) or 268326 (decimal) in the CustomDumpFlags registry key.

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top