I'm debugging a kernel-mode device driver for Windows, using WinDbg. Is it possible to create a minidump on-demand?
I mean, one of my breakpoints is hit, the system is stopped. I want to create a minidump (let's say stack only). Is there a WinDbg keyword for this?
Thanks in advance
You can write a minidump like so when it hits your breakpoint:
bp myDLL!myFunc ".dump /ma c:\myDump.dmp;g"
This will add a breakpoint to your function and execute the commands in the quotation marks, this will write a minidump with most flags and then continue.
See here for more info on .dump and here on bp syntax.
To dump the complete memory in user or kernel mode:
.dump /f
but /ma switch actually puts more information in for user-mode.
If you get the error:
Unable to create file 'c:\myDump.dmp' - Win32 error 0n5
"Access is denied."
try writing the file to the c:\users\public\ directory.
.dump /f c:\users\public\myDump.dmp