This section explains Window mini-dump files.
This file contains enough information to perform basic debugging
operations by still keeping
the minidump size as small as possible. Current versions of Microsoft Office and Microsoft
Windows create these minidump files for the purpose of analyzing
failures on customers' computers.
The current configuration options
used to generate this dump are:
MINIDUMP_TYPE flags
| MiniDumpNormal, MiniDumpWithIndirectlyReferencedMemory, MiniDumpScanMemory |
MiniDumpCallback | IncludeThreadCallback, IncludeModuleCallback, ThreadCallback, ModuleCallback |
The MINIDUMP_TYPE enumeration is a set of flags that provides control over the contents of the minidump. We use this combination to debug more complex problems than a simple access violation or a deadlock. Here is a description of the flags used:
- MiniDumpNormal
This flag represents the basic set of data that is always present in minidump. Here are the kind of data belongs to this set:
- Information about the operating system and CPU, including: operating system version (including service pack), number of processors and their model
- Information about the process, including: process ID, process times (creation time, and the time spent executing user and kernel code)
- For every executable module loaded by the process, the following information is included: load address, size of the module, file name (including path), version information (VS_FIXEDFILEINFO structure), module identity information that helps debuggers to locate the matching module and load debug information for it (checksum, timestamp, debug information record)
- For every thread running in the process, the following information is included: thread ID, priority, thread content, suspend count
- Address of the thread environment block (TEB) (but the contents of TEB are not included)
- For every thread, the contents of its stack memory are included into the minidump. It allows us to obtain call stacks of the threads, inspect the values of function parameters and local variables.
- For every thread, 256 bytes of memory around the current instruction pointer are stored. It allows us to see the disassembly of the code the thread was executing at the moment of failure, even if the executable module itself is not available on the developer's machine.
- Exception information can be included into the minidump via the fifth parameter of the MiniDumpWriteDump function: Exception record (EXCEPTION_RECORD structure, thread context at the moment of the exception, Instruction window (256 bytes of memory around the address of the instruction that raised the exception).
- MiniDumpScanMemory
- This flag allows us to save space in the minidump by excluding executable modules that are not needed to debug the problem. The flag works in close cooperation with MiniDumpCallback function.
- MiniDumpWithIndirectlyReferencedMemory
With this flag specified, the MiniDumpWriteDump function will scan the stack
memory of every thread looking for pointers that point to other
readable memory pages in the process' address space. For every
pointer found, 1024 bytes of memory around the location it points
to will be stored in the minidump (256 bytes before and 768 bytes
after).
The MiniDumpCallback function is used to customize the
contents of our minidump beyond MINIDUMP_TYPE flags. This is a
user-defined callback, which is called byMiniDumpWriteDump to get decision on whether to
include/exclude some data into the minidump. In our configuration,
we use:
Even with this configuration, we may not be able to see the
values of global variables, and cannot inspect the data allocated
on the heap and in TLS (unless it is referenced from the thread
stacks).
More information about minidump
can be found in the official Microsoft
documentation.