从DMP文件获取进程虚拟内存映射 [英] Obtaining a Process Virtual Memory Map from a DMP File

问题描述

有人知道可以从DMP文件显示该进程的进程虚拟地址空间使用情况的实用程序吗?

例如，如果该进程当前正在执行，则可以使用VirtualQueryEx获取此信息-您可以遍历该进程的整个虚拟地址空间并确定其使用内存的方式.

我希望能够从DMP文件的内容中执行此操作.

Is anyone aware of a utility that can display a process'' virtual address space usage from a DMP file for that process?

For example, if the process were currently executing, you would obtain this information using VirtualQueryEx - you could walk the entire virtual address space of the process and detmerine how it was using memory.

I would like to be able to do that from the contents of the DMP file.

Any ideas or utilities known to do this?

推荐答案

好吧，您绝对可以在WinDbg(或可能的Visual Studio)中打开.dmp文件并检查进程内存. .

您可以在完整的转储中看到RVA和页面的内容，但是我不确定您能否获得有关内存页面本身的更多信息.根据我在Google上发现的几页信息，.dmp文件格式似乎没有存储这种类型的信息.

参见 http://computer.forensikblog.de/en/2006/03/dmp_file_structure.html [ ^ ]和http://computer.forensikblog.de/en/2008/02/64bit_crash_dumps.html [

Well, you can definitely open up the .dmp file in WinDbg (or possibly Visual Studio) and examine the process memory.

You can see the RVA and contents of the pages in a full dump, but I''m not sure you can get much information about the memory pages themselves. According to a couple of pages I found on Google, the .dmp file format doesn''t appear to store that type of information.

See http://computer.forensikblog.de/en/2006/03/dmp_file_structure.html[^] and http://computer.forensikblog.de/en/2008/02/64bit_crash_dumps.html[^]

感谢链接Kythen.

我想我将让自定义转储文件生成器收集信息并将其添加到DMP文件中的用户流中.

Thanks for the links Kythen.

I think I will have the custom dump file generator collect the information and add that to a user stream in the DMP file.

这篇关于从DMP文件获取进程虚拟内存映射的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！