4

I have a minidump written to a file via: MiniDumpWriteDump. The file was sent to me from a client (i.e. I cannot use some sort of just-in-time debugger). My question is: how do I open it? Visual Studio gives the error: "Debugging older format crashdumps is not supported." I googled that and found that people were opening kernel dumps with visual studio. This is not a kernel dump, just a dump of an app crash. I also tried to open it with WinDbg, but that was unable to open it as well. How can I get the information?

Joe
  • 41,484
  • 20
  • 104
  • 125
chacham15
  • 13,719
  • 26
  • 104
  • 207
  • What specific error(s) do you get with windbg? That should work. – Joe Jan 11 '14 at 00:19
  • @Joe "Could not find the C:\dump.dmp Dump File, Win32 error 0n87. The Parameter is incorrect." – chacham15 Jan 11 '14 at 00:27
  • What platform are you on, and what ver of Windbg? – Joe Jan 11 '14 at 00:36
  • @Joe Win7x64 Windbg:6.2.9200.16384 X86 (the executable is 32-bit) – chacham15 Jan 11 '14 at 00:51
  • Clearly your client has a very old version of DbgHelp.dll on his machine, one that generates the minidump in an ancient format that your machine no longer supports. This is going to require either the client updating his machine or you recovering an ancient version of the tooling to still read his minidump. It is up to you to decide how to tackle this. In general, not promising to support clients that refuse to keep their machine updated is reasonable. – Hans Passant Jan 11 '14 at 00:58
  • 1
    @HansPassant I mirrored the situation using my machine as the client and I get the same result. – chacham15 Jan 11 '14 at 01:02
  • That doesn't get us anywhere. If you want somebody else to take a look at the file then you'll have to put it on a file sharing service. – Hans Passant Jan 11 '14 at 01:05
  • My apologies: these tools do work, I just had a memory error that was causing this. Im really sorry to everyone who put in the effort to help me with this. I feel really bad. – chacham15 Jan 11 '14 at 01:17

2 Answers2

2

The tool: http://technet.microsoft.com/el-gr/sysinternals/dd996900.aspx

A post you didn't see already in stackoverflow: Getting started with dump file analysis

If you're still having a problem send me the minidump file. I was interested some time ago but reading these files is toooo frustrating!

PS: Book i used: http://books.google.gr/books/about/Windows_Forensic_Analysis_DVD_Toolkit.html?id=6LX9PRoX5zgC&redir_esc=y

Community
  • 1
  • 1
Jimx
  • 90
  • 1
  • 7
1

Just use

BOOL WINAPI MiniDumpReadDumpStream(
  _In_   PVOID BaseOfDump,
  _In_   ULONG StreamNumber,
  _Out_  PMINIDUMP_DIRECTORY *Dir,
  _Out_  PVOID *StreamPointer,
  _Out_  ULONG *StreamSize
);

MiniDumpReadDumpStream

deW1
  • 5,562
  • 10
  • 38
  • 54
  • I saw that, but it is essentially saying that I'd need to make my own parsing tool. I was hoping that there is one ready to use. Why reinvent the wheel, right? – chacham15 Jan 11 '14 at 00:16