I need to create full memory and kernel memory dumps using a kernel mode driver in windows.
Just like what .dump command do using WinDBG, but I need to do it in my code.
Any Ideas how to do so?
Asked
Active
Viewed 547 times
0
-
1[MiniDumpWriteDump](https://msdn.microsoft.com/en-us/library/windows/desktop/ms680360.aspx). Absolutely must be called out of context, unless you are fine with deadlocking your process. – IInspectable Jun 19 '16 at 11:31
-
1@IInspectable: I believe that produces a user-mode (i.e., single process) dump rather than a kernel memory dump? – Harry Johnston Jun 19 '16 at 22:37
-
@HarryJohnston: True, I missed that the OP was asking for a kernel dump. `MiniDumpWriteDump` is indeed strictly a user-mode API, that will not dump kernel memory, threads, modules or kernel stack traces. – IInspectable Jun 19 '16 at 22:51
1 Answers
1
I think there is no good way to do that. You might just generate a BSOD through KeBugCheck() on a properly configured system. It relies on an undocumented IoWriteCrashDump() method that you might want to investigate as well.
Nicolas Dietrich
- 91
- 2