tags:

views:

89

answers:

1
+1  Q: 

Module versions in a crash dump

Hi,

Is there a way to figure out versions of modules that were loaded into the process' address space when the process crashed from a crash dump that was generated by the process calling the MiniDumpWriteDump function? In other words, is any version information stored inside a dmp file?

Thanks.

+2  A: 

load your minidump into WinDbg, then there's a Modules item off the Debug menu that shows checksum and timestamp information. That may be enough info for your purposes.

You can get the version from all loaded modules by typing "LM v" in the command window, in WinDBG. The list is long and you get lots, including the Product and File version strings. However, I think it fetches this information from locally-stored modules that it loads, making sure its got the right ones from checksum information it uses to match them to the symbol files.

gbjbaanb  2008-10-08 12:23:07
Man, you're awesome! Having timestamps is totally better than not having anything.PS. I'm wondering why didn't they add the version data to PDBs though - that would make life so much easier...
mikhailitsky  2008-10-08 13:23:12
Because version info is an added resource, not necessarily part of the compiled binary that's needed to make it work. I guess.
gbjbaanb  2008-10-08 16:42:33

related questions

How to read a value from the Windows registry
CreateProcessAsUser vs ShellExecute
How do you configure an OpenFileDIalog to select folders?
Is there anything similar to the OS X InputManager on Windows?
So what am I missing with this here WPF?
How to convert std::string to LPCWSTR in C++ (Unicode)
Notification of drop in drag-drop in Windows
Find out which process has an exclusive lock on a USB device handle
What's an alternative to GWL_USERDATA for storing an object pointer?
FlashWindowEx FLASHW_STOP still keeps taskbar colored
Getting UI text from external app in C#
Sending a mouse click to a button in the taskbar using C#
Suitable alternative to CryptEncrypt
Is FindFirstChangeNotification the best API to use for file system change notification on windows?
What is the easiest way to parse an INI File in C++?
_wfopen equivalent under Mac OS X
Validating a Win32 Window Handle
Get list of domains on the network
Does it still make sense to learn low level WinAPI programming?
How do you create your own moniker (URL Protocol) on Windows systems?
Where is a good place to start programming GUIs for windows?
Bringing Window to the Front in C# using Win32 API
How can you tell when a user last pressed a key (or moved the mouse)?
Can a windows dll retrieve its own filename?
Wiggling the mouse using C#