DumpChk
DumpChk (Microsoft 損毀傾印檔案檢查工具) 是執行損毀傾印檔案快速分析的程式。 此工具可讓您查看傾印檔案所包含的摘要資訊。 您可以使用 DumpChk 來尋找損毀且無法由偵錯工具開啟的傾印檔案。
要在哪裡取得 DumpChk
DumpChk.exe 包含在 Windows 的偵錯工具中。
DumpChk 命令列選項
DumpChk [-y SymbolPath] DumpFile
參數
-y SymbolPath
SymbolPath 會指定要搜尋符號的位置 DumpChk 。 某些傾印檔案可能需要符號資訊。 它也有助於藉由允許解析符號名稱,來改善傾印檔案中顯示的資訊。
DumpFile
DumpFile 會指定要分析的損毀傾印檔案。 它可能包含絕對或相對目錄路徑或通用命名慣例, (UNC) 路徑。 如果 DumpFile 包含空格,則必須以引號括住。
如何使用 DumpChk
下列範例顯示損毀的傾印檔案。 結尾 DebugClient cannot open DumpFile 顯示的錯誤指出必須發生某種損毀。
C:\Debuggers> dumpchk C:\mydir\dumpfile2.dmp
Loading dump file C:\mydir\dumpfile2.dmp
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (C) Microsoft. All rights reserved.
Loading Dump File [C:\mydir\dumpfile2.dmp]
Could not match Dump File signature - invalid file format
Could not open dump file [C:\mydir\dumpfile2.dmp], HRESULT 0x80004002
"No such interface supported"
**** DebugClient cannot open DumpFile - error 80004002
結尾 DebugClient cannot open DumpFile 的錯誤訊息顯示無法開啟傾印檔案。 如果傾印檔案未損毀,則此顯示會以 字 Finished dump check 結尾。
可能會列出其他錯誤,其中有些是良性的。 例如,下列錯誤訊息並不代表問題:
error 3 InitTypeRead( nt!_PEB at 7ffd5000)
下列範例顯示 DumpChk 在狀況良好的使用者模式迷你傾印上執行。 顯示從傾印檔案的整體摘要開始,然後提供有關傾印檔案中所含資料的詳細資訊:
C:\Debuggers> dumpchk C:\mydir\dumpfile1.dmp
Loading dump file C:\mydir\dumpfile1.dmp
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (C) Microsoft. All rights reserved.
Loading Dump File [C:\mydir\dumpfile1.dmp]
User Mini Dump File with Full Memory: Only application data is available
Symbol search path is: srv*C:\CODE\LocalStore*\\symbols\symbols
Executable search path is:
Windows Vista Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Tue Jun 17 02:28:23.000 2008 (GMT-7)
System Uptime: 0 days 15:43:52.861
Process Uptime: 0 days 0:00:26.000
...
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
----- User Mini Dump Analysis
MINIDUMP_HEADER:
Version A793 (6903)
NumberOfStreams 12
Flags 1826
0002 MiniDumpWithFullMemory
0004 MiniDumpWithHandleData
0020 MiniDumpWithUnloadedModules
0800 MiniDumpWithFullMemoryInfo
1000 MiniDumpWithThreadInfo
Streams:
Stream 0: type ThreadListStream (3), size 00000064, RVA 000001BC
2 threads
RVA 000001C0, ID 1738, Teb:000000007FFDF000
RVA 000001F0, ID 1340, Teb:000000007FFDE000
Stream 1: type ThreadInfoListStream (17), size 0000008C, RVA 00000220
RVA 0000022C, ID 1738
RVA 0000026C, ID 1340
Stream 2: type ModuleListStream (4), size 00000148, RVA 000002AC
3 modules
RVA 000002B0, 00400000 - 00438000: 'C:\CODE\TimeTest\Debug\TimeTest.exe'
RVA 0000031C, 779c0000 - 77ade000: 'C:\Windows\System32\ntdll.dll'
RVA 00000388, 76830000 - 76908000: 'C:\Windows\System32\kernel32.dll'
Stream 3: type Memory64ListStream (9), size 00000290, RVA 00001D89
40 memory ranges
RVA 0x2019 BaseRva
range# RVA Address Size
0 00002019 00010000 00010000
1 00012019 00020000 00005000
2 00017019 0012e000 00002000
(additional stream data deleted)
Stream 9: type UnusedStream (0), size 00000000, RVA 00000000
Stream 10: type UnusedStream (0), size 00000000, RVA 00000000
Stream 11: type UnusedStream (0), size 00000000, RVA 00000000
Windows Vista Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
kernel32.dll version: 6.0.6000.16386 (vista_rtm.061101-2205)
Debug session time: Tue Jun 17 02:28:23.000 2008 (GMT-7)
System Uptime: 0 days 15:43:52.861
Process Uptime: 0 days 0:00:26.000
Kernel time: 0 days 0:00:00.000
User time: 0 days 0:00:00.000
PEB at 7ffd9000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: Yes
ImageBaseAddress: 00400000
Ldr 77a85d00
Ldr.Initialized: Yes
Ldr.InInitializationOrderModuleList: 002c1e30 . 002c2148
Ldr.InLoadOrderModuleList: 002c1da0 . 002c2138
Ldr.InMemoryOrderModuleList: 002c1da8 . 002c2140
Base TimeStamp Module
400000 47959d85 Jan 21 23:38:45 2008 C:\CODE\TimeTest\Debug\TimeTest.exe
779c0000 4549bdc9 Nov 02 02:43:37 2006 C:\Windows\system32\ntdll.dll
76830000 4549bd80 Nov 02 02:42:24 2006 C:\Windows\system32\kernel32.dll
SubSystemData: 00000000
ProcessHeap: 002c0000
ProcessParameters: 002c14c0
WindowTitle: 'C:\CODE\TimeTest\Debug\TimeTest.exe'
ImageFile: 'C:\CODE\TimeTest\Debug\TimeTest.exe'
CommandLine: '\CODE\TimeTest\Debug\TimeTest.exe'
DllPath: 'C:\CODE\TimeTest\Debug;C:\Windows\system32;C:\Windows\system;
Environment: 002c0808
=C:=C:\CODE
=ExitCode=00000000
ALLUSERSPROFILE=C:\ProgramData
AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EMNET
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\DTFW\200804~2.113\winext\arcade;C:\Windows\system32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
USERDNSDOMAIN=NORTHSIDE.COMPANY.COM
USERDOMAIN=NORTHSIDE
USERNAME=myname
USERPROFILE=C:\Users\myname
WINDBG_DIR=C:\DTFW\200804~2.113
windir=C:\Windows
WINLAYTEST=200804~2.113
_NT_SOURCE_PATH=C:\mysources
_NT_SYMBOL_PATH=C:\mysymbols
Finished dump check
輸出會從識別傾印檔案的特性開始。 在此情況下,具有完整記憶體資訊 的使用者模式 迷你傾印,包括應用程式資料,但不包含作業系統資料。 DumpChk所使用的符號路徑如下,然後是傾印檔案內容的摘要。
因為此顯示結尾是字 Finished dump check 組,所以傾印檔案可能未損毀,而且可由偵錯工具開啟。 不過,檔案中可能仍有更細微的損毀形式。