windbg抓取dump

This is used for your reference to enableand get crash dumps. There are 5 parts:

WindowsDump Settings

Crash Dump ForProcesses

WindbgSettings Via Kdnet

SolutionsFor BSOD Dump Missing

Reference

 

 

Windows Dump Settings

·        Launch Control Panel ->System -> Advanced system settings

·        Tap Startup and Recovery Settings

·        Choose “Complete memory dump” (Full dump), see below screenshot

·        Save and reboot your machine to apply it

Dump file can be found at: %SystemRoot%\MEMORY.DMP

Crash Dump For Processes

1.      Capture Crash dump explicitly (Crash UI)

·        Launch ‘Task Manager”

·        Find the process and right click it, select “Create dump file”

 

2.      Windbg Auto Triggered If Apps Crash

Two ways:

a.       Set in task manager:

·        Launch “Task manager”

·        Open “File->Run new task” and choose “Create this task with administrativeprivileges”

·        Enter command to run

“<Windbg Path>\windbg.exe”-I

b.       Set in registry

·        Addbelow registry:

Key:

For X86:  HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/AeDebug/Debugger

For X64: HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Microsoft/WindowsNT/CurrentVersion/AeDebug/Debugger

Value:

auto = 1,”Debugger = <Windbg Path>\windbg.exe”-p 1%d -e%1d -g

 

Note: If app crashes, it will launch windbg and break automatically,you can use below command to generate crash dump file:

 .dump -ma C:\test.dmp”

 

Windbg Settings Via Kdnet

(Host compute must be Windows XP or later,and the target compute must be Windows 8 or later)

Target Computer:

·        Open CMD as Administrator

·        Run below bcdedit command:

bcdedit /debug on

bcdedit /set testsigning on

bcdedit /dbgsettings net hostip:w.x.y.zport:n key:key

(If not set ‘Key:key”, you need to copy the key generated bybcdedit)

         If thereis more than one network adapter intarget computer, run below command:

bcdedit /set “{dbgsettings}” busparamsPCI.DEVICE.FUNCTION

 

·        reboot this target compute

 

HostComputer:

In WinDbg, choose Kernel Debug -> NET tab, then enterPort Numberand Key:

 

Solutions For BSOD Dump Missing

Below is the solution from an BSOD but dump missingissue, it will save the dump to USB drive (D: disk is the USB drive).

·        Add below registry settings:

reg addHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl /vDedicatedDumpFile /t REG_SZ /d “D:\dedicateddumpfile.sys” /f

 

reg addHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl /v AutoReboot/t REG_DWORD /d 0x0 /f

 

regaddHKLM\SYSTEM\CurrentControlSet\Control\crashControl /v DumpFile /tREG_EXPAND_SZ /d “D:\MEMORY.DMP” /f

·        Remove USB drive after device BSODand dump file 100% generated

 

Reference

·        Windbg Help document

·        https://osgwiki.com/wiki/Missing_Windows_Dump_File