分析用户模式转储文件Analyzing a User-Mode Dump File

本主题包括以下内容:This topic includes:

分析具有 WinDbg 的用户模式转储文件Analyzing a User-Mode Dump File with WinDbg

可以通过 WinDbg 分析用户模式内存转储文件。User-mode memory dump files can be analyzed by WinDbg. 处理器或创建转储文件的 Windows 版本不需要在其运行 WinDbg 平台相匹配。The processor or Windows version that the dump file was created on does not need to match the platform on which WinDbg is being run.

安装符号文件Installing Symbol Files

分析内存转储文件前, 你需要安装生成转储文件的 Windows 版本的符号文件。Before analyzing the memory dump file, you will need to install the symbol files for the version of Windows that generated the dump file. 选择要用于分析转储文件调试程序将使用这些文件。These files will be used by the debugger you choose to use to analyze the dump file. 有关符号文件的正确安装的详细信息,请参阅安装 Windows 符号文件For more information about the proper installation of symbol files, see Installing Windows Symbol Files.

此外需要安装的用户模式进程,所有符号文件的应用程序或系统服务,导致系统生成的转储文件。You will also need to install all the symbol files for the user-mode process, either an application or system service, that caused the system to generate the dump file. 如果您编写此代码时,符号文件应已生成代码时编译和链接时。If this code was written by you, the symbol files should have been generated when the code was compiled and linked. 如果这是商业代码,检查产品 CD-ROM 上或与软件制造商联系以这些特定的符号文件。If this is commercial code, check on the product CD-ROM or contact the software manufacturer for these particular symbol files.

启动 WinDbgStarting WinDbg

若要分析的转储文件,启动的 WinDbg z命令行选项:To analyze a dump file, start WinDbg with the -z command-line option:

windbg -y SymbolPath -i ImagePath -z DumpFileNamewindbg -y SymbolPath -i ImagePath -z DumpFileName

-V选项 (详细模式) 也是很有用。The -v option (verbose mode) is also useful. 有关选项的完整列表,请参阅 WinDbg 命令行选项For a full list of options, see WinDbg Command-Line Options.

如果 WinDbg 已在运行和处于休眠模式,则可以通过选择打开故障转储文件 |打开故障转储菜单命令或按 CTRL + D 快捷方式键。If WinDbg is already running and is in dormant mode, you can open a crash dump by selecting the File | Open Crash Dump menu command or pressing the CTRL+D shortcut key. 打开故障转储出现对话框,请输入完整路径和崩溃转储文件中的名称文件名文本框中或使用对话框中选择正确的路径和文件名称。When the Open Crash Dump dialog box appears, enter the full path and name of the crash dump file in the File name text box, or use the dialog box to select the proper path and file name. 选择适当的文件后,单击打开When the proper file has been chosen, click Open.

通过使用运行调试器后,还可以打开转储文件 .opendump (打开转储文件) 命令,然后使用 g (转向) .You can also open a dump file after the debugger is running by using the .opendump (Open Dump File) command, followed with g (Go).

就可以同时调试多个转储文件。It is possible to debug multiple dump files at the same time. 这可以通过包含多个z打开命令行中 (每个后跟一个不同的文件名称),或通过使用 .opendump 以添加更多的转储文件作为调试器的目标。This can be done by including multiple -z switches on the command line (each followed by a different file name), or by using .opendump to add additional dump files as debugger targets. 有关如何控制多个目标会话的信息,请参阅调试多个目标For information about how to control a multiple-target session, see Debugging Multiple Targets.

以扩展.dmp 或.mdmp 通常结尾转储文件。Dump files generally end with the extension .dmp or .mdmp. 可以使用网络共享或通用命名约定 (UNC) 文件名的内存转储文件。You can use network shares or Universal Naming Convention (UNC) file names for the memory dump file.

它也很常见的转储文件,将打包为 CAB 文件。It is also common for dump files to be packed into a CAB file. 如果之后指定文件的名称 (包括.cab 扩展名) z选项或作为参数 .opendump 命令,调试器可以读取的转储文件直接从 CAB。If you specify the file name (including the .cab extension) after the -z option or as the argument to an .opendump command, the debugger can read the dump files directly out of the CAB. 但是,如果有多个转储文件存储在单个 CAB,调试器才能够读取其中之一。However, if there are multiple dump files stored in a single CAB, the debugger will only be able to read one of them. 调试器将从 CAB,读取的任何其他文件,即使它们是一样的符号文件或可执行文件与转储文件关联。The debugger will not read any additional files from the CAB, even if they were symbol files or executables associated with the dump file.

分析完整的用户转储文件Analyzing a Full User Dump File

完整的用户转储文件的分析是类似于一个实时调试会话的分析。Analysis of a full user dump file is similar to analysis of a live debugging session. 请参阅调试器命令引用部分了解详细信息的命令是可用于调试转储文件在用户模式下。See the Debugger Commands reference section for details on which commands are available for debugging dump files in user mode.

分析信息的小型转储文件Analyzing Minidump Files

用户模式的小型转储文件的分析是完全用户转储的方式相同。Analysis of a user-mode minidump file is done in the same way as a full user dump. 但是,由于大大降低内存已被预留,您是更受限的可执行的操作。However, since much less memory has been preserved, you are much more limited in the actions you can perform. 尝试访问超过小型转储文件中保留的内存的命令将无法正常工作。Commands that attempt to access memory beyond what is preserved in the minidump file will not function properly.

其他技术Additional Techniques

有关可用于从转储文件中读取特定类型的信息的方法,请参见转储文件中提取信息For techniques that can be used to read specific kinds of information from a dump file, see Extracting Information from a Dump File.

分析具有 CDB 的用户模式转储文件Analyzing a User-Mode Dump File with CDB

可以通过 CDB 分析用户模式内存转储文件。User-mode memory dump files can be analyzed by CDB. 处理器或创建转储文件的 Windows 版本不需要在其运行 CDB 平台相匹配。The processor or Windows version that the dump file was created on does not need to match the platform on which CDB is being run.

安装符号文件Installing Symbol Files

分析内存转储文件前, 你需要安装生成转储文件的 Windows 版本的符号文件。Before analyzing the memory dump file, you will need to install the symbol files for the version of Windows that generated the dump file. 选择要用于分析转储文件调试程序将使用这些文件。These files will be used by the debugger you choose to use to analyze the dump file. 有关符号文件的正确安装的详细信息,请参阅安装 Windows 符号文件For more information about the proper installation of symbol files, see Installing Windows Symbol Files.

此外需要安装的用户模式进程,所有符号文件的应用程序或系统服务,导致系统生成的转储文件。You will also need to install all the symbol files for the user-mode process, either an application or system service, that caused the system to generate the dump file. 如果您编写此代码时,符号文件应已生成代码时编译和链接时。If this code was written by you, the symbol files should have been generated when the code was compiled and linked. 如果这是商业代码,检查产品 CD-ROM 上或与软件制造商联系以这些特定的符号文件。If this is commercial code, check on the product CD-ROM or contact the software manufacturer for these particular symbol files.

起始 CDBStarting CDB

若要分析的转储文件,启动与 CDB z命令行选项:To analyze a dump file, start CDB with the -z command-line option:

cdb -y SymbolPath -i ImagePath -z DumpFileNamecdb -y SymbolPath -i ImagePath -z DumpFileName

-V选项 (详细模式) 也是很有用。The -v option (verbose mode) is also useful. 有关选项的完整列表,请参阅 CDB 命令行选项For a full list of options, see CDB Command-Line Options.

通过使用运行调试器后,还可以打开转储文件 .opendump (打开转储文件) 命令,然后使用 g (转向) .You can also open a dump file after the debugger is running by using the .opendump (Open Dump File) command, followed with g (Go). 这样,您可以同时调试多个转储文件。This allows you to debug multiple dump files at the same time.

就可以同时调试多个转储文件。It is possible to debug multiple dump files at the same time. 这可以通过包含多个z打开命令行中 (每个后跟一个不同的文件名称),或通过使用 .opendump 以添加更多的转储文件作为调试器的目标。This can be done by including multiple -z switches on the command line (each followed by a different file name), or by using .opendump to add additional dump files as debugger targets. 有关如何控制多个目标会话的信息,请参阅调试多个目标For information about how to control a multiple-target session, see Debugging Multiple Targets.

以扩展.dmp 或.mdmp 通常结尾转储文件。Dump files generally end with the extension .dmp or .mdmp. 可以使用网络共享或通用命名约定 (UNC) 文件名的内存转储文件。You can use network shares or Universal Naming Convention (UNC) file names for the memory dump file.

它也很常见的转储文件,将打包为 CAB 文件。It is also common for dump files to be packed into a CAB file. 如果之后指定文件的名称 (包括.cab 扩展名) z选项或作为参数 .opendump 命令,调试器可以读取的转储文件直接从 CAB。If you specify the file name (including the .cab extension) after the -z option or as the argument to an .opendump command, the debugger can read the dump files directly out of the CAB. 但是,如果有多个转储文件存储在单个 CAB,调试器才能够读取其中之一。However, if there are multiple dump files stored in a single CAB, the debugger will only be able to read one of them. 调试器将从 CAB,读取的任何其他文件,即使它们是符号文件或可执行文件与转储文件关联。The debugger will not read any additional files from the CAB, even if they are symbol files or executables associated with the dump file.

分析完整的用户转储文件Analyzing a Full User Dump File

完整的用户转储文件的分析是类似于一个实时调试会话的分析。Analysis of a full user dump file is similar to analysis of a live debugging session. 请参阅调试器命令引用部分了解详细信息的命令是可用于调试转储文件在用户模式下。See the Debugger Commands reference section for details on which commands are available for debugging dump files in user mode.

分析信息的小型转储文件Analyzing Minidump Files

用户模式的小型转储文件的分析是完全用户转储的方式相同。Analysis of a user-mode minidump file is done in the same way as a full user dump. 但是,由于大大降低内存已被预留,您是更受限的可执行的操作。However, since much less memory has been preserved, you are much more limited in the actions you can perform. 尝试访问超过小型转储文件中保留的内存的命令将无法正常工作。Commands that attempt to access memory beyond what is preserved in the minidump file will not function properly.

其他技术Additional Techniques

有关可用于从转储文件中读取特定类型的信息的方法,请参见转储文件中提取信息For techniques that can be used to read specific kinds of information from a dump file, see Extracting Information from a Dump File.