Analyze process in a full system memory dump
I have received from customer a full memory dump. Not only of the process I am interested in. Because a full memory dump can be extracted at runtime without any side effects (virtual machine).
I tried to import this dump with dotMemory (2018.1.4) but it simply failed.
Do you have any hints or ideas how to get this working? Either import that dump directly or recommend any tool which can extract a process dump from a full system memory dump.
Please sign in to leave a comment.
Hello,
Could you please provide any information on this error? Please make a screenshot or copy the error message.
This is the error message I get. It is a full kernel mode dump file.
dotMemory retrieves information about object references and field values from the imported dump file. Thus, dotMemory can import only the dump which contains info about all address space of the process otherwise the data will be inconsistent.
dotMemory can analyze only process dumps with FullMemory flag. For example, you can obtain such dump via Windows Task Manager, Process Explorer, ProcDump (-ma parameter) or any other similar tools.