kdmp-parser icon indicating copy to clipboard operation
kdmp-parser copied to clipboard
verified publisher icon 0vercl0k

DumpType = 9

Open 0vercl0k opened this issue 3 years ago • 1 comments

In https://github.com/0vercl0k/wtf/issues/101, there is a dump file with a DumpType = 9 which isn't supported by kdmp-parser. Based on the investigation, this seems to be newish and only available in latest (?) WinDbgX.

0vercl0k avatar May 30 '22 18:05 0vercl0k

No symbols seem available for the dbgeng version yet...

0:000> lmvm dbgeng
Browse full module list
start             end                 module name
00000001`80000000 00000001`80889000   dbgeng     (no symbols)           
    Loaded symbol image file: dbgeng.dll
    Image name: dbgeng.dll
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        FEE5ACCF (This is a reproducible build file hash, not a timestamp)
    CheckSum:         0085D433
    ImageSize:        00889000
    File version:     10.0.25111.1000
    Product version:  10.0.25111.1000
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     DbgEng.Dll
        OriginalFilename: DbgEng.Dll
        ProductVersion:   10.0.25111.1000
        FileVersion:      10.0.25111.1000 (WinBuild.160101.0800)
        FileDescription:  Windows Symbolic Debugger Engine
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

0vercl0k avatar May 30 '22 18:05 0vercl0k

Yo,

If was pissing me off so I added support for types 0x8 (.dump /k) and 0x9 (.dump /ka) are done (see https://github.com/hugsy/kdmp-parser/tree/new_type_support ).

image

I'll do type 0xa tomorrow if time permits (from issue #18 ), and hopefully PR it all by this weekend. I'm sure you'll just love to review some more dirty code from me 😂

Cheers bud

hugsy avatar Nov 10 '23 02:11 hugsy

Oh my - this is awesome! I can't wait to try this out / merge it in.

I'm going to have to send you a crate of beer or something.. 😅

Chers

On Fri, Nov 10, 2023 at 3:44 AM crazy hugsy @.***> wrote:

Yo,

If was pissing me off so I added support for types 0x8 (.dump /k) and 0x9 (.dump /ka) are done (see https://github.com/hugsy/kdmp-parser/tree/new_type_support ). I'll do type 0xa tomorrow if time permits (from issue #18 https://github.com/0vercl0k/kdmp-parser/issues/18 ), and hopefully PR it all by this weekend.

— Reply to this email directly, view it on GitHub https://github.com/0vercl0k/kdmp-parser/issues/17#issuecomment-1804990805, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORMFP2YRBZ6MVRR5W6DYDWIJRAVCNFSM5XLI4NA2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBQGQ4TSMBYGA2Q . You are receiving this because you authored the thread.Message ID: @.***>

0vercl0k avatar Nov 10 '23 08:11 0vercl0k

Anytime, we'll drink those together 🍺🍻

hugsy avatar Nov 10 '23 15:11 hugsy

Done too, it's all the same format, just different offsets 😂

image

Will clean it up and PR that

hugsy avatar Nov 10 '23 20:11 hugsy

All good on my end, waiting for you now to come back 🙂

hugsy avatar Nov 12 '23 04:11 hugsy