有关故障转储文件的简介和概述,请参阅 故障转储文件。
打开转储文件
To open a crash dump file for use as a debugger target, use OpenDumpFile or OpenDumpfileWide. These methods are similar to the .opendump debugger command.
Note The engine doesn't completely attach to the dump file until the WaitForEvent method has been called. 从进程或内核创建转储文件时,有关最后一个事件的信息将存储在转储文件中。 打开转储文件后,下次尝试执行时,引擎将为事件回调生成此事件。 只有这样,转储文件才会在调试会话中可用。 有关更多详细信息,请参阅 调试会话和执行模型 。
其他文件可用于帮助调试故障转储文件。 The methods AddDumpInformationFile and AddDumpInformationFileWide register files containing page-file information to be used when the next dump file is opened. 在打开转储文件之前,必须调用这些方法。 GetNumberDumpFiles will return the number of such files that were used when the current dump file was opened and GetDumpFile will return a description of these files.
用户模式小型转储文件包含多个信息流。 These streams can be read using the Request operation DEBUG_REQUEST_READ_USER_MINIDUMP_STREAM.
创建转储文件
To create a crash dump file of the current target -- user-mode or kernel-mode -- use WriteDumpFile2. This method is similar to the .dump debugger command.