Acustomer reports application.exe crashes and you ask for adump file. You get a dump, open it and seethe dump is not from your application.exe. You ask for print spooler crash dump and you get mplayer.exe crash dump.I originally thought to call it Wrong Dump pattern and place it into patterns category but after writing about Zippocricy I clearly see itasanti-pattern. It is not a rocket scienceto check process name in a dump file before sending itfor analysis:
- Load the user process dump in WinDbg
- Typecommand .symfix; .reload; !analyze -vand wait
until WinDbg is not busy analyzing
- Find PROCESS_NAME: in the output. You get something like:
PROCESS_NAME: spoolsv.exe
You can also use dumpchk.exe from Debugging Tools for Windows.
I’malso writing a new version ofCitrix DumpCheck Explorer extensionthat willinclude process name in its output.
Another example is when you ask for a complete memory dump but you get a kerneldumpor you getvarious mini-dumps. Fortunately DumpCheck extension can warnusers before they submita dump.
- Dmitry Vostokov -
'Crash dump 불펌스페샬' 카테고리의 다른 글
| Bugchecks depicted: IRQL_NOT_LESS_OR_EQUAL (0) | 2007.10.08 |
|---|---|
| Crash Dump Analysis AntiPatterns (Part 2) (0) | 2007.05.14 |
| Crash Dump Analysis AntiPatterns (Part 3) (0) | 2007.05.14 |
| Crash Dump Analysis AntiPatterns (Part 1) (0) | 2007.05.14 |
| Crash Dump Analysis Patterns (Part 13a) (1) | 2007.05.14 |
