Crash Dump

Guru Meditation

A crash dump is a snapshot of process memory and CPU registers when a application crash. A crash dump is useful for finding out what the application was doing when it crashed so it is possible to fix the problem. How the crash dump is created and how it works varies between each operating system.


On windows the crash dump for a process is called a minidump. It can be created with the MiniDumpWriteDump that is part of the DBGHELP library. To analyze the minidump it can be opened in visual studio. To get a good callstack one need to have access to the pdb's that was made for the exe.


Analyzing Linux kernel crash dumps with crash