What is a memory dump file?
======================================
There are many types of snapshot. Dump files of a process or system at a given time when a memory dump file is being dumped. Different types of dump files contain non-accurate data.
User-mode memory dump file vs kernel-mode Memory Dump File
======================================
If you capture the dump file of a process, you capture the user-mode dump file.
If you capture the dump file of the entire system memory, you will capture the dump file in kernel mode.
Generally, the processing of Hung, crash, memory leak, and exception does not need to know what the operating system was doing during that time. Therefore, capturing the kernel dump wastes hard disk space. net debugging is almost impossible in the kernel state.
Mini dump (mini dump) vs full dump (full dump)
======================================
Generally, dump is classified as mini dumps or full dumps. In fact, this concept is a bit incorrect. Full dump is actually a mini dump with additional information.
Full dump is the dump file captured by the/Ma switch. This switch means that you have captured the following information:
- Full memory data-full memory data
- Handle data-handle data
- Unloaded module information-unloaded module information
- Basic memory information-basic memory information
- Module information-module information
- Thread and stack information including time information-thread and stack information including thread time information.
In short, you will get more information in a file than you want.
Mini dump is a dump file captured by the/MDI switch. This switch means that the following information will be captured:
- Module-Module
- Thread-Thread
- Stack-Stack
- Any memory referenced by the pointer on the stack-any memory that is referenced by a pointer on a stack
- Some read/write segments-some read-write segments
Most of these things are used to view what the thread is executing when the dump file is generated. the size of the mini dump is usually only a few megabytes, so it will be written quickly without occupying any space. The disadvantage is that you won't get much information. net Information.
Here, the switch refers to the switch of the. Dump command of windbg.exe.
In addition, when you run the reference program to crash, you will be asked whether to send the error message to Microsoft. In this case, you will send the mini dump, no personal information will be sent out.
What is SOS. dll?
============================
Discuss the debugging process without mentioning SOS. DLL is unimaginable. you can load some extension components in windbg and CDB, which will help you automatically complete some actions you need to manually complete, and some of these actions are very difficult to manually complete, for example, in an unmanaged stack, create a stack hosted by the device. this is SOS. DLL.
You can find SOS. dll in the clr10 directory of your debugger.
You can go through! Commandname to run commands, such! Clrstack to get a thread-managed stack.
The complete command list can be run through! SOS. Help Command to get.
Translated from:
Back to basics-how do I get the memory dumps in the first place? And what is SOS. dll?
Http://blogs.msdn.com/tess/archive/2006/01/11/511773.aspx