For an introduction and overview of crash dump files, see Crash Dump Files.
Opening Dump Files
To open a crash dump file for use as a debugger target, use OpenDumpFile or OpenDumpfileWide. These methods are similar to the .opendump debugger command.
The engine doesn't completely attach to the dump file until the WaitForEvent
method has been called. When a dump file is created from a process or kernel, information about the last event is stored in the dump file. After the dump file is opened, the next time execution is attempted, the engine will generate this event for the event callbacks. Only then does the dump file become available in the debugging session. See Debugging Session and Execution Model
for more details.
Additional files can be used to assist in debugging a crash dump file. The methods AddDumpInformationFile and AddDumpInformationFileWide register files containing page-file information to be used when the next dump file is opened. These methods must be called before the dump file is opened. GetNumberDumpFiles will return the number of such files that were used when the current dump file was opened and GetDumpFile will return a description of these files.
User-mode minidump files contain several streams of information. These streams can be read using the Request operation DEBUG_REQUEST_READ_USER_MINIDUMP_STREAM.
Creating Dump Files
To create a crash dump file of the current target -- user-mode or kernel-mode -- use WriteDumpFile2. This method is similar to the .dump debugger command.
Send comments about this topic to Microsoft