解析 WinDbg 中的故障转储以获取私有字节(托管堆除外)?
我想解析完整的故障转储 (*.dmp) 文件并获取私有字节数据。我知道 SysInternals 的 VMMap 可以告诉我我的私有字节、堆等有多少,但我需要的是,如果我有转储,我应该能够解析它并获取堆(托管堆)结构和数据堆。我已经通过阅读 PEB 然后遍历堆来完成此操作。
我无法弄清楚如何读取私有字节(堆除外,它应该是本机代码的过程数据)。谁能指出我正确的方向,以便我能够解析崩溃转储中除堆之外的私有字节。
谢谢。
I want to parse the full crash dump (*.dmp) file and get the private bytes data. I know that VMMap of SysInternals can tell me how much my private bytes, heap etc are all but what I need is if I have the dump, I should be able to parse it and get the Heap (managed Heap) Structure and data in the heap. I am already done with this by reading the PEB and then walking through heaps.
What I am not able to figure out is how to read the private bytes (other than Heap, which is supposed to be the process data for native code). Could anyone please point me in the right direction so that I am able to parse the private bytes other than heap from the crash dump.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在第一部分中,您将获得使用情况的细分:
未知是虚拟分配。
要列出未知的内存区域,您可以运行:
VAR as returned in the debugger.chm - Busyregions。这些区域包括所有虚拟分配块、SBH 堆、来自自定义分配器的内存以及不属于其他分类的地址空间的所有其他区域。
In the first section you get a breakdown of the usage:
Unknown would be virtual allocs.
To list the unknown memory regions you can run:
VAR as defined in the debugger.chm - Busy regions. These regions include all virtual allocation blocks, the SBH heap, memory from custom allocators, and all other regions of the address space that fall into no other classification.