1

I have a C# application running on a Windows Server running as a service. I have recently introduced a memory leak in the application and it has crashed a few times with OutOfMemoryExceptions. These crashes have generated WER reports and dump files. There are two dump files, triage.dmp and memory.hdmp. I can open triage.dmp just fine and look at the thread states but it doesn't have any info about the memory of the application. I'd like to open memory.hdmp but I can't, using both Visual Studio and Windbg I get an error stating that the file is corrupt. This has happened for multiple memory.hdmp files.

Is there some trick to opening these files or are they actually corrupt? If they are, is there some configuration needed for Windows to produce valid hdmp files? Does memory.hdmp even have the info I would need to debug a memory leak?

Thanks in advance for all the help!

shortspider
  • 1,045
  • 15
  • 34
  • I found 3 HDMP files on my drive and it was possible to open them in WinDbg 10.0.10586.567. Which version are you using? – Thomas Weller Jan 16 '17 at 21:01

1 Answers1

1

Use Windbg, hdmp files are generally full memory dumps collected by WER when there is an un-handled exception. You may want to download the debugger using

Getting windbg without the whole WDK?

If this is a .NET based managed application, once you set the default symbol path

!pe -nested

should show you the exception chain. If you are really after the memory then use the

!EEHeap -gc

If you wish to dig through specific type consuming memory

!DumpHeap -stat

For Native user mode heaps you may run

!address -summary

For heap details

!heap -a

For specific heap

!heap -x

I guess i missed the windbg aspect. Debug diag or procdump can help in collecting a valid crash dump.

Procdump -e -w -ma (process name) / pid

Should do the trick.

You can use procdump as a replacement for wer as well

Procdump -ma -i

Read more @ https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx

Hope this helps

Community
  • 1
  • 1
Addy
  • 731
  • 5
  • 15
  • 2
    I think OP knows what WinDbg is. He said he gets "file is corrupt" error message – Thomas Weller Jan 16 '17 at 19:29
  • My bad didn't read the windbg part. If windbg says its corrupt the probably it is curropt. Use procdump or debug diag to collect the dumps. – Addy Jan 16 '17 at 20:54
  • @Addy ya looks like it's just bad. Will try procdump next time to get the dump. Thanks! – shortspider Jan 24 '17 at 03:55
  • @shortspider please ensure you add the -ma switch otherwise we get minidumps for the crashes. remember to clear out the AeDebug Key once done else this chap will keep collecting the crashes everywhere in the system :) all the best ! happy capture and dump analysis. – Addy Jan 24 '17 at 13:15