typesdumpflagsminidumpminidumpwritedump

MiniDumpWriteDump and its MINIDUMP_TYPE type


Not so long time ago we understood that even the release build can function incorrectly - can fall - can hang and etc. So we decided to implement dump creation procedure. All steps rather quickly have been found at Internet. But one - the main thing - is still not understandable for us.

MINIDUMP_TYPE according to MSDN supports 23 flags. But there is no deep technical explanation for next question: do they all independent in theirs fields of application? Or can they be used in pairs, triples? Can they all be used simultaneously? Can I use them in some groups (like for ex. some 3 flags - are generating practically the same dump as some other 5 flags.) I mean that when I will use for ex. 1+3 flag - it will be absolutely equal to using of flags 4+6+9. Or flag 1 or flag 3 or ... - is the superposition of all other flags? Or what? I want to understand all possible crossings between all available flags. Because maybe there is no practical sense to use flags 3+12+14 For ex, my current aim - is to create dump with absolutely all available data in memory. I should be able to look at all threads, all local-static-global-in_heap variables. I mean that when I will open some dump generated with combination of flags bla+bla+bla - it should be absolutely the same as in case when I can attach the debugger directly to the process. I should obtain all possible data!

P.S. MiniDumpWithFullMemory - does not give to me such ability((( Why? the word @FULL@ memory - does not mean FULL? it's only a part of what?


Solution

  • For future reference and since information is still only sparsely available: A similar question has already been asked, see What combination of MINIDUMP_TYPE enumeration values will give me the most 'complete' mini dump?. The answers mention the excellent albeit (a bit) outdated debugging resource DebugInfo.com pointing to the article http://www.debuginfo.com/articles/effminidumps.html#minidumptypes in particular. Note that new-ish flags (available since Windows 7 and possibly earlier versions such as Windows Vista) are indeed not being explained. There seems to be no comprehensive version history of MINIDUMP_TYPE flags and the minium version given by the API documentation does not always seem to be true as I have had issues in the past using flags such as MiniDumpWithFullMemoryInfo allegedly available since DbgHelp.dll 6.1 on Windows 7 until I upgraded DbgHelp.dll version 6.8 to (the most recent Windows 7) DbgHelp.dll version 6.12.

    Windows 7 did introduce Windows Error Reporting (WER) and looking at the documentation of WerReportAddDump one will stumble (among others) across the WerDumpTypeHeapDump, which (as of 2020-07-27) seems to be equivalent to a minidump type of

    MiniDumpWithDataSegs
     | MiniDumpWithProcessThreadData
     | MiniDumpWithHandleData
     | MiniDumpWithPrivateReadWriteMemory
     | MiniDumpWithUnloadedModules
     | MiniDumpWithFullMemoryInfo
     | MiniDumpWithThreadInfo
     | MiniDumpWithTokenInformation
     | MiniDumpWithPrivateWriteCopyMemory
    

    with the last three flags apparently only being available since Windows 7 (and requiring a sufficiently recent DbgHelp.dll). This seems to be the most comprehensive dump that can be recorded by WER (ignoring custom dump types) and is probably a good starting point in terms of minimum information that should be recorded for post-mortem debugging as if a debugger was attached to the process beforehand.