FS_Process_Minidump
The directory minidump exists as a sub-directory in each process directory.
The minidump directory contains a WinDbg compatible full process minidump.dmp file that may be used for debugging.
The minidump file contains:
- process memory including stacks, heaps and PE images.
- active process thread information including some CPU register information.
- active process modules (.dll/.exe).
Minidump files are reconstructed on a best-effort basis. Process memory may be valid, missing or zero-padded depending whether the backing memory is available or inaccessible due to paging.
Minidump files are only generated if certain prerequisites are met:
- The process must be an active user-mode process. Special "kernel" processes such as System, Registry and MemCompression won't have minidump files generated.
- If debug symbols from the Microsoft symbol server is missing certain functionality will be missing (Threads). The minidump will however still be generated.
The minidump.dmp file is read-only.
The example below shows the files minidump.dmp and readme.txt for the explorer.exe process. The file minidump.dmp is open directly in WinDbg for a debugging session showing some information about the callstack and CPU registers related to one of the threads.
The minidump sub-directory is implemented as a built-in native C-code plugin. The plugin source is located in the file modules/m_proc_minidump.c in the vmm project.