Using Windows Dump Files for Postmortem Analysis

RTX64 extends the Windows memory dump file to include information about RTX64. A Windows small memory dump file contains both Windows STOP Message information, as well as key information about the current state of the RTSS Subsystem (specifically, the currently running process and thread). The other Windows dump files (complete/automatic/kernel) provide more detailed information since they are not limited by size. You can load a Windows memory dump file in WinDbg and view RTSS Subsystem data.

Topics below:

• About Windows Memory Dump Files
• Opening a Memory Dump File
• Additional Information about WinDbg and Windows Memory Dump Files
• Debugging Small Memory Dump Files

About Windows Memory Dump Files

RTX64 WinDbg Extension can be used for postmortem debugging of all Windows memory dump files. On Windows 10, you can configure Windows to generate a Complete memory dump, Kernel memory dump, Small memory dump, or Automatic memory dump (default). We recommend using an Automatic memory dump.

For more information on the different types, see the MSDN article Varieties of Kernel-Mode Dump Files at http://msdn.microsoft.com/en-us/library/windows/hardware/ff560246(v=vs.85).aspx

NOTE: Small memory dumps include a limited amount of RTX64 information due to the size limitations of a small dump. Therefore, small memory dumps are not recommended.

Opening the Memory Dump File

After you open the Windows memory dump file that contains the RTX64 information, you must load the 64-bit version of WinDbg Extension to be able to use the RTX64 WinDbg Extension commands.

NOTE: RTX64 WinDbg Extension requires the correct symbols to load a memory dump file. If you generate a memory dump file with an older version of the RTX64 Runtime, you must specify the .pdb files from the associated RTX64 SDK version in order to open that memory dump file.

To open the dump file in WinDbg:

1. From the File menu, choose Open Crash Dump.
2. Locate and select your memory dump file, and then click OK.

Additional Information about WinDbg and Windows Dumps

The following links provide more information about memory dumps and WinDbg.

For information on crash dumps:

http://www.dumpanalysis.org

For information on Microsoft's Debugging Tools for Windows, including WinDbg:

http://msdn.microsoft.com/en-us/library/ff551063.aspx

Quick Start: Debugging Memory Dump Files

If you must use a Windows small memory dump due to space limitations, we recommend you try this order of operations:

• Load the RTX64 WinDbg Extension. To do this, type the following at the debugger command prompt:

.load RtDbgExt.dll

• Use !rtanalyze to analyze the information found in the provided memory dump file and display information about the state of the RTX64 subsystem at the time Windows generated the memory dump file. This includes exception information, current thread context and stack trace information.
• Use !rtcurrentprocess to display the summary information of the current RTSS process based on the current process PID retrieved from !rtanalyze.
• Use !rtcurrentthread to display the summary information of the current RTSS thread based on the current thread object retrieved from !rtanalyze.
• Use !rtsubsysinfo to display the current configuration of the RTX64 Subsystem.

For more information on using commands, see using Using WinDbg Extension Commands.

Related topics:

• Setting Up a System to Use the RTX64 WinDbg Extension
• WinDbg Debugging Tips

• Host-Target Break-In Analysis

• RTX64 WinDbg Extension Commands Reference