Minidump Browser
Minidump Browser is a software tool that allows to you to examine the contents of a minidump or kernel dump. The minidump might result from an application crash or a minidump created as part of some application profiling. A kernel dump will have been written when the operating system crashed, providing the infamous Blue Screen of Death.
Typically the only way to interact with a minidump or kernel dump is to load it into a debugger and see where the application that generated the minidump crashed.
Minidumps can also be generated without a crash being required, and crash minidumps can contain a lot more information than just information about an exception.
That’s why we created Minidump Browser. Now you can inspect memory protection regions, thread information, including thread names, open handles at the time of the crash, and various information about the host computer hardware, and it’s performance.
Viewing Minidumps
When viewing a minidump, the following information displays are available.
Summary
The Summary view gives an overview of what the minidump contains.
The Comments view displays any comments that were added to the minidump at the time it was created. This section is empty in most minidumps.
Crash
The Exception view shows information relating to any exception that is present in the minidump. Not all minidumps contain an exception.
If your application crashed, the Exception view will probably be the most interesting part of the minidump.
We display the exception information plus some additional information we can calculate: symbol name, filename, line number, DLL name.
You can copy the exception details to a text file, or use DbgHelp Browser, TDS Browser, Map File Browser to find the crash address details (symbol name, filename, line number) in debugging information to handle the case where Minidump Browser fails to find the symbol information you require.
Below the exception display we show the source code for the exception location, the callstack and the context registers.
Threads
Information about the running threads in the process at the time of the minidump.
Not all threads have names. Learn how to name Threads.
The threads sections contains multiple displays.
One display per thread related stream in the minidump and an additional Callstacks display which synthesises this information into one display.
The other three displays are provided to allow inspection of the raw data for the case where you can’t find what you want using the Callstacks display.
Handles
The handles section shows what handles are open at the time of the minidump and what operations are being performed with the handles.
Not all minidumps contain this information.
The handle, the type of the handle and when that handle is file related, the path to the file, access rights granted, etc.
Memory
The memory sections lists which memory ranges are present in the minidump, the memory state and memory protection of that memory, and virtual memory counters.
Not all minidumps contain this information.
If you’re curious about visualising these memory protections, load your minidump into VM Validator.
Information about the many memory counters contained in the minidump.
Modules
The modules section lists all the modules loaded into the application at the time of the minidump, and all the modules that have been previously unloaded.
The information in the unloaded modules view can help you identify pointers that are pointing to invalid memory.
System
The System section shows you all the system related and miscellaneous data in the minidump.
Viewing the virtual memory in a minidump
To view the virtual memory described by data in a minidump you can load the minidump into Virtual Memory Validator.
Viewing Kernel dumps
When viewing a kernel dump, the following information displays are available.
Header
General information about the Kernel Dump header.
Crash
The Crash section details the Blue Screen of Death bug check code and the exception details.
Information about the BugCheck, the parameters and a link to the official Microsoft documentation for this BugCheck.
We display the kernel dump exception information plus some additional information we can calculate: symbol name, filename, line number, DLL name.
Below the exception display we show the source code for the exception location, the callstack and the context registers.
Modules
The modules section lists all the modules and drivers loaded at the time of the kernel dump, and all the modules that have been previously unloaded.
The information in the unloaded modules view can help you identify pointers that are pointing to invalid memory.
Data
The Data display shows the kernel dump attributes and other miscellaneous information.
Information about the attributes for the Kernel Dump.
Additional miscellaneous information about the Kernel Dump.
Pointers
The pointers included in the Kernel Dump.
Processor architectures
Minidumps from both x86 and x64 processors are supported.
For any minidumps that refuse to load, which is typically caused by unsupported data sizes for particular sections of a minidump, we can also display those minidumps. This allows us to display minidumps from ARM and IA64 systems – although you may find that some data is missing when this happens.
Debug Symbols
On all displays, wherever there is a pointer we will try to provide a DLL name, symbol name, filename and line number.
We can provide symbol information using PDB, TDS, DWARF, STABS, COFF and Metrowerks debug formats. Symbol servers are supported.
This allows us to provide symbols for compilers for all major languages (C, C++, Delphi, Fortran, VB6, Rust) and compilers (Visual Studio, Delphi, C++ Builder, GCC, G++, Visual Basic, Rust).