Extract information from a dump file
Some information, such as the name of the target computer, is easily available during live debugging. You can also debug a dump file to determine the information. This article explains how to extract information from a dump file.
Find the computer name in a kernel-mode dump file
Use the !peb extension if you need to determine the name of the computer on which the crash dump was made. Look for the value of COMPUTERNAME in its output.
Find the IP address in a kernel-mode dump file
To determine the IP address of the computer on which the crash dump was made, find a thread stack that shows some send or receive network activity. Open one of the send or receive packets. The IP address is visible in that packet.
Find the process ID in a user-mode dump file
To determine the process ID of the target application from a user-mode dump file, use the | (Process status) command. This command displays all the processes being debugged at the time the dump was written. The process marked with a period (.) is the current process. Its process ID is given in hexadecimal after the id: notation.