Module versions in a crash dump
https://stackoverflow.com/questions/182365
-
06-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is there a way to figure out versions of modules that were loaded into the process' address space when the process crashed from a crash dump that was generated by the process calling the MiniDumpWriteDump function? In other words, is any version information stored inside a dmp file?
Thanks.
Solution
load your minidump into WinDbg, then there's a Modules item off the Debug menu that shows checksum and timestamp information. That may be enough info for your purposes.
You can get the version from all loaded modules by typing "LM v" in the command window, in WinDBG. The list is long and you get lots, including the Product and File version strings. However, I think it fetches this information from locally-stored modules that it loads, making sure its got the right ones from checksum information it uses to match them to the symbol files.
OTHER TIPS
Load your dump file to WinDbg and type this command:
lm v <name_of_module> // shows information about specified module
lm v will show you information about all modules.
