When we crawled Dump file, we grab the right way, it contains the information we want, not available, and this document or in the transmission process or crawling species, there is no damage, or I do not want Windbg detailed analysis, just want to know about abnormal information in such demand, there are no tools to help us quickly browse information file Dump it, there is, today introduces two tools.
A, DumpChk.exe
DumpChk crash dump is Microsoft File Checker tool, is quickly analyze a crash dump of an executable file. You can view information about the dump file contains summary information. If the dump file is corrupted, not by the debugger open , dumpchk will tell us. When the Debugging Tools for Windows tools that you install, you will have this procedure.
DumpChk command options
DUMPCHK [options] <CrashDumpFile>
-? Displays the command syntax.
-p Prints the header only (with no validation).
-v Specifies verbose mode.
-q Performs a quick test. Not available in Windows XP.
-c Does dump validation.
-x Does extra file validation; takes several minutes.
-e Does dump exam.
-y <Path> Sets the symbol search path for a dump exam.
If the symbol search path is empty, the CD-ROM
is used for symbols.
-b <Path> Sets the image search path for a dump exam.
If the symbol search path is empty, %SystemRoot%\System32
is used for symbols.
-k <File> Sets the name of the kernel to File.
-h <File> Sets the name of the HAL to File.
Usually we use this Dumpchk xxxx.dmp, such as
一个正常的dmp我们可以看到异常信息,文件头信息和流信息,并且最后一定会输出"Finished dump check"。
在看一个有问题的dmp文件
看不到上面说的那些信息且会报错误,打印具体的错误是什么。我们用Windbg打开看看,是不是也会报错误
用Windbg打开时取报如下错误
两者报的错误一样。
二、MinidumpExplorer
这个一款图形界面的Dump文件浏览器
打开上面的两个文件试试
首页我们可以看到部分头信息和全部的流信息,还可以在左边选择查看流的详细信息,比如我们看下异常流信息
打开有问题的Dump文件看下
看不头信息了,流信息也识别不了
总之,以上两款工具我们都可以用来大致浏览下dump文件,也可以判断dump文件是否可用,只不过一个命令行的,一个图形界面的