调试 OCA 小型转储文件Debugging OCA minidump files

联机崩溃分析 (OCA) 是适用于 Windows 错误报告 (WER) 信息的报告机构。Online Crash Analysis (OCA) is the reporting facility for Windows Error Reporting (WER) information. 贵公司可以使用 OCA 崩溃转储来分析客户问题。Your company can use OCA crash dumps to analyze customer problems.

分析转储文件Analyzing dump files

转储文件是发生崩溃时计算机(或进程)状态的快照。Dump files are a snapshot of the state of the computer (or process) at the time of the crash.

若要分析此数据,开发人员必须使用可以读取用户小型转储文件的调试程序。To analyze this data, a developer must use a debugger that can read user minidump files. 调试程序还必须能够同时访问与转储文件内容匹配的映像和符号。The debugger must also have access to both the images and symbols that match the contents of the dump file. 大多数开发人员注意到在调试实时崩溃时,需要使用匹配的符号,但是,当调试小型转储时,调试程序也需使用匹配的映像。Most developers are aware of the need to use matching symbols when debugging a live crash; however, when debugging a minidump, matching images must also be available for the debugger.

由于小型转储文件存储的信息非常少,而且它们只存储发生崩溃时的一些不稳定信息,因此匹配的映像必须处于可用状态。Matching images must be available because minidump files store very little information; they store only some of the volatile information at the time of the crash. 它们不存储计算机加载到内存的基本代码流。They do not store the basic code streams that the computer loaded into memory. 为了节省空间,小型转储文件仅存储在发生崩溃的计算机上加载的映像的名称和时间戳。Instead, to save space, the minidump file stores only the name and time stamp of the images loaded on the crashing computer.

若要检查在发生崩溃的计算机上运行的代码,调试程序必须能够访问发生崩溃的计算机上运行的相同二进制文件。To examine the code that was running on the crashing computer, the debugger must be given access to the same binaries that the crashing computer was running. 当开发人员需要调试崩溃时,调试程序使用存储在小型转储文件中的名称和时间戳对二进制文件进行独特地匹配和加载。The debugger uses the name and time stamp stored in the minidump file to uniquely match and load the binaries when the developer wants to debug the crash.

在调试程序中加载了映像和符号后,你可以分析发生崩溃时系统的状态,其中包括崩溃发生后保存的数据。After the images and symbols are loaded in the debugger, you can analyze the state of the system at the time of the crash, including data that was saved after the crash occurred. 然而,小型转储无法重现导致特定故障的步骤。The minidump does not, however, reproduce the steps that led to the specific failure. 要查找根本原因,需要分析驱动程序的源代码,以确定可能会导致故障的代码路径。Finding the root cause requires analyzing the driver's source code to determine what code path may have led to the failure. 经验表明,分析转储文件和源代码可以了解和处理大多数故障。Experience has shown that a large percentage of failures can be understood and addressed by analyzing dump files and source code.

使用符号将可执行代码与源代码进行匹配Using Symbols to Match Executable Code with Source Code

访问匹配的映像和符号的最佳方式是使用 Microsoft 符号服务器。The best way to access matching images and symbols is to use the Microsoft symbol server. 符号是使调试程序能够将可执行代码映射回源代码的数据。Symbols are data that enable the debugger to map the executable code back to the source code. 构建程序时,通常将程序的符号存储在符号文件中。When you build a program, the program's symbols are usually stored in symbol files. 当调试程序分析某个程序时,它需要访问程序的符号。When a debugger analyzes a program, it needs to access the program's symbols.

符号文件可以包含以下任意或全部内容:Symbol files can include any or all of the following:

  • 所有函数的名称和地址。The names and addresses of all functions.

  • 所有数据类型、结构和类定义。All data type, structure, and class definitions.

  • 全局变量的名称、数据类型和地址。The names, data types, and addresses of global variables.

  • 局部变量的名称、数据类型、地址和范围。The names, data types, addresses, and scopes of local variables.

  • 对应于每个二进制指令的源代码中的行号。The line number in the source code that corresponds to each binary instruction.

Windows 驱动程序工具包 (WDK) 包括一些可用于减少符号文件中符号数量的工具。The Windows Driver Kit (WDK) includes tools that can be used to reduce the number of symbols in a symbol file. 将包含所有源级信息的符号文件称为完整的符号文件。The symbol files that contain all of the source-level information are called full symbol files. 简化信息的符号文件被称为剥离符号文件。The symbol files with reduced information are called stripped symbol files.

由于符号数据对于从 Windows 错误报告 (WER) 数据中获取有意义的崩溃信息至关重要,因此鼓励你在提交要签名的驱动程序时提交符号。Because symbol data is crucial for getting meaningful crash information from Windows Error Report (WER) data, we encourage you to submit your symbols when you submit drivers to be signed. 提交符号时,将它们存储在服务器上,从而使符号数据与相关联的 WER 进程同步。When symbols are submitted, they are stored on a server that synchronizes symbol data with the associated WER processes. 通过此存储流程,你可以轻松地对小型转储文件中报告的崩溃进行分类,并最终接收从 Microsoft 返回的更佳数据。With this storage process, you can easily categorize the crashes reported in the minidump files and ultimately receive better data back from Microsoft.

Microsoft 在 Internet 上提供符号服务器,你可以使用它来分析显示在小型转储文件中的 Windows 模块。Microsoft provides a symbol server on the Internet that you can use to analyze the Windows modules that are present in minidump files. 此服务器包括 Windows 中的剥离符号文件和其他一些产品。The server includes stripped symbol files for Windows and a few other products. Microsoft 已添加了适用于 Windows XP 和 Windows Server 2003 的二进制文件。Microsoft has added the binaries for Windows XP and Windows Server 2003. 可以使用 Internet 符号服务器和 Windows 调试工具来分析小型转储文件。You can use the Internet symbol server and the Debugging Tools for Windows to analyze minidump files.

将 WER 集成到应用程序中Integrating WER into Applications

有关将 WER 集成到应用程序中的信息,请参阅 MSDN 上的使用 WERInformation on integrating WER into applications can be found on MSDN at Using WER.

WER 调试资源WER debugging resources

WER 和 OCA 聊天脚本WER and OCA chat transcripts

向 Microsoft 发送有关该主题的评论Send comments about this topic to Microsoft