Can WER produce dumps similar to .dump /ma

StackOverflow https://stackoverflow.com/questions/19689712

  •  01-07-2022
  •  | 
  •  

Question

My impression is that dumps produced my winDbg

.dump /ma

contains more than just a full dump

Configuring WER explains DumpType 0: Custom dump CustomDumpFlags bitwise combination of MINIDUMP_TYPE But what hex value gives dumps similar dumps as .dump /ma

All the bit combinations are a bit overwhelming for me.

Was it helpful?

Solution

WinDbg's .dump /ma saves the dump with these flags:

Flags           41826
                0002 MiniDumpWithFullMemory
                0004 MiniDumpWithHandleData
                0020 MiniDumpWithUnloadedModules
                0800 MiniDumpWithFullMemoryInfo
                1000 MiniDumpWithThreadInfo
                40000 MiniDumpWithTokenInformation

You can verify this by opening the crash dump file in WinDbg and issuing the (undocumented) .dumpdebug command.

So you will want to specify 41826 (hex) or 268326 (decimal) in the CustomDumpFlags registry key.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top