Dumping processes without breaking them

Dumping processes without breaking them

Postby VDO » Sat Oct 28, 2006 7:40 pm

Code: Select all
ntsd -pvr -p <PID> -c “.dump /ma /u process.dmp; q”


Blog: http://www.dumpanalysis.org/blog/index. ... king-them/
VDO
Site Admin
 
Posts: 509
Joined: Mon May 01, 2006 10:34 am
Location: Dublin, Ireland

Re: Dumping processes without breaking them

Postby sainath22 » Mon Jun 14, 2010 4:53 am

Hi Dimitry,

I have tested the below command , and also along with the cdb

So the 'r' switch for windbg wont work .

-pvr is a good option under noninvasive and provides the following advantages

a) perform debugging on running applicaitons

b) you can still use
x < your exe > ! <your function> to know the function address ( not the return address )

Question
=======
I understand we cannot use "breakin or go commands "under the noninvasive, but if we add those functionality , does non invasive be similar to live debugging a process ?
sainath22
 
Posts: 3
Joined: Tue Jun 01, 2010 3:45 am


Return to Saving and collecting dumps

Who is online

Users browsing this forum: No registered users and 1 guest

cron