从全内存转储中提取进程转储 [英] Extract process dump from full memory dump

问题描述

我遇到了一个错误，但是无法创建进程转储。我创建了一个全内存转储的系统。如何使用它提取进程转储？

Windows 。

I've reached a bug, but I was unable to create a process dump. I've created a full memory dump of system. How could I extract a process dump using it?
Windows.

推荐答案

您不能。通常，属于您进程的某些内存段可能会被调出页面，而不驻留在物理内存中。这意味着使用完整的内核内存转储并不能保证重建进程地址空间。

You cannot. In general, some of the memory segments that belong to your process could be paged out and not resident in physical memory. This means that with full kernel memory dump you are not guaranteed to reconstruct process address space.

在许多情况下，您可以从内核转储中提取有关进程的有用信息。但是，有两个限制：

In many cases you can extract useful information about process from kernel dump. However there are two limitations:

1. 可以调出内存，就像我已经提到的那样。


2. 许多WinDbg扩展不适用于内核转储。这包括SOS，因此从内核空间研究托管进程要困难得多。

这篇关于从全内存转储中提取进程转储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！