Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

type of process dump when its generated from task manager

Starting from Windows Vista, now one can generate a process dump right from task manager. Typically I generate a process dump either by using Adplus or right from Windbg. If I use one of these option, I have to provide some switches with my command in order to describe what type of dump is been generated. Given that all these details are hidden when I generate a process dump from task manager, does someone know what type of dump it is and what is contained in it? I remember reading somewhere that process dump generated from task manager does not contains details on the handle table. Any ideas on this as well?

like image 514
palm snow Avatar asked Dec 09 '11 16:12

palm snow


1 Answers

The dump is a "User Mini Dump File with Full Memory", so for most tasks you're good.

However, you can't specify that the dump should be created at some specific event. Tools like adplus and procdump allow you to create a dump for various conditions (exception, work load etc). So essentially task manager only supports give me a snapshot of the process (which is usable for a hanging process). For other situations you need to use adplus or procdump.

Also, you should be aware that 64 bit Windows ships with two versions of the task manager. The 64 bit manager will create 64 bit dumps - even for 32 bit processes (i.e. the dump will contain the Wow64 stuff needed to run the 32 bit process). However, if you use the 32 bit version of task manager (located in \Windows\SysWOW64) you'll get a proper 32 bit dump.

like image 187
Brian Rasmussen Avatar answered Oct 08 '22 18:10

Brian Rasmussen