Question

I have a minidump written to a file via: MiniDumpWriteDump. The file was sent to me from a client (i.e. I cannot use some sort of just-in-time debugger). My question is: how do I open it? Visual Studio gives the error: "Debugging older format crashdumps is not supported." I googled that and found that people were opening kernel dumps with visual studio. This is not a kernel dump, just a dump of an app crash. I also tried to open it with WinDbg, but that was unable to open it as well. How can I get the information?

Was it helpful?

Solution

The tool: http://technet.microsoft.com/el-gr/sysinternals/dd996900.aspx

A post you didn't see already in stackoverflow: Getting started with dump file analysis

If you're still having a problem send me the minidump file. I was interested some time ago but reading these files is toooo frustrating!

PS: Book i used: http://books.google.gr/books/about/Windows_Forensic_Analysis_DVD_Toolkit.html?id=6LX9PRoX5zgC&redir_esc=y

OTHER TIPS

Just use

BOOL WINAPI MiniDumpReadDumpStream(
  _In_   PVOID BaseOfDump,
  _In_   ULONG StreamNumber,
  _Out_  PMINIDUMP_DIRECTORY *Dir,
  _Out_  PVOID *StreamPointer,
  _Out_  ULONG *StreamSize
);

MiniDumpReadDumpStream

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top