Dmp2Txt

Dmp2Txt

Postby VDO » Sat Dec 09, 2006 2:14 pm

Blog: http://www.dumpanalysis.org/blog/index. ... y-problem/

Code: Select all
C:\Program Files\Debugging Tools for Windows>WinDbg.exe -y "srv*c:\mss*http://msdl.microsoft.com/download/symbols" -z MEMORY.DMP -c "$$><c:\WinDbgScripts\Dmp2Txt.txt;q" -Q -QS -QY –QSY


Code: Select all
$$
$$ Dmp2Txt: Dump all necessary information from complete full memory dump into log
$$
.logopen /d
!analyze -v
!vm
lmv
!locks
!poolused 3
!poolused 4
!exqueue f
!irpfind
r $t0 = nt!PsActiveProcessHead
.for (r $t1 = poi(@$t0); (@$t1 != 0) & (@$t1 != @$t0); r $t1 = poi(@$t1))
{
    r? $t2 = #CONTAINING_RECORD(@$t1, nt!_EPROCESS, ActiveProcessLinks);
    .process @$t2
    .reload
    !process @$t2   
    !ntsdexts.locks 
    lmv
}
.logclose
q
$$
$$ Dmp2Txt: End of File
$$


If you have kernel dump only the script is simpler:

Code: Select all
$$
$$ KeDmp2Txt: Dump all necessary information from kernel dump into log
$$
.logopen /d
!analyze -v
!vm
lmv
!locks
!poolused 3
!poolused 4
!exqueue f
!irpfind
!process 0 7
.logclose
q
$$
$$ KeDmp2Txt: End of File
$$
VDO
Site Admin
 
Posts: 549
Joined: Mon May 01, 2006 10:34 am
Location: Dublin, Ireland

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

cron