- Code: Select all
C:\Program Files\Debugging Tools for Windows>WinDbg.exe -y "srv*c:\mss*http://msdl.microsoft.com/download/symbols" -z MEMORY.DMP -c "$$><c:\WinDbgScripts\Dmp2Txt.txt;q" -Q -QS -QY –QSY
- Code: Select all
$$
$$ Dmp2Txt: Dump all necessary information from complete full memory dump into log
$$
.logopen /d
!analyze -v
!vm
lmv
!locks
!poolused 3
!poolused 4
!exqueue f
!irpfind
r $t0 = nt!PsActiveProcessHead
.for (r $t1 = poi(@$t0); (@$t1 != 0) & (@$t1 != @$t0); r $t1 = poi(@$t1))
{
r? $t2 = #CONTAINING_RECORD(@$t1, nt!_EPROCESS, ActiveProcessLinks);
.process @$t2
.reload
!process @$t2
!ntsdexts.locks
lmv
}
.logclose
q
$$
$$ Dmp2Txt: End of File
$$
If you have kernel dump only the script is simpler:
- Code: Select all
$$
$$ KeDmp2Txt: Dump all necessary information from kernel dump into log
$$
.logopen /d
!analyze -v
!vm
lmv
!locks
!poolused 3
!poolused 4
!exqueue f
!irpfind
!process 0 7
.logclose
q
$$
$$ KeDmp2Txt: End of File
$$