我正在分析一个完整的内存minidump(31GB)并且必须运行 .imgscan / l 来修复模块引用。
现在我想保存它(遵循这里给出的建议 - Is it possible to fix a full memory dump so that running .imgscan /l will no longer be required?),结果如下:
0:000> .dump /ma "d:\tmp\cantestr52 - 06-09-2017\1.dmp"
Creating d:\tmp\cantestr52 - 06-09-2017\1.dmp - mini user dump
WARNING: Thread 1d8 context retrieval failure during dump writing, Win32 error 0n31
WARNING: Teb 146 pointer is NULL - defaulting to 00000000`7ffde000
WARNING: 00000000`7ffde000 does not appear to be a TEB
GenAllocateThreadObject.GetTebInfo(0x1d8) failed, 0x80004002
GenInvokeEnumStackProviders(mscordacwks.dll) failed, 0x8007007e
GenInvokeEnumStackProviders(mscordacwks.dll) failed, 0x8007007e
QuerySystemMemoryInformation failed, 0x80004001
QueryProcessVmCounters failed, 0x80004001
WriteFullMemory.Memory.Read(0x9788090000, 0x2000) failed 0x80004002, ABORT.
Dump creation failed, HRESULT 0x80004002
"No such interface supported"
有什么问题?
编辑1
以下是版本命令的输出:
0:000> version
Windows 8.1 Version 9600 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
6.3.9600.18217 (winblue_ltsb.160124-0053)
Machine Name:
Debug session time: Fri Jun 9 03:03:19.000 2017 (UTC - 4:00)
System Uptime: 25 days 6:23:06.206
Process Uptime: 16 days 12:01:43.000
Kernel time: 4 days 7:59:50.000
User time: 2 days 17:49:40.000
Full memory user mini dump: D:\tmp\cantestr52 - 06-09-2017\Quartz.Server.DMP
Microsoft (R) Windows Debugger Version 10.0.15063.468 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
command line: '"E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" ' Debugger Process 0x2750
dbgeng: image 10.0.15063.468, built Wed Dec 31 19:00:00 1969
[path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbgeng.dll]
dbghelp: image 10.0.15063.468, built Wed Dec 31 19:00:00 1969
[path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll]
DIA version: 24610
Extension DLL search Path:
E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\arcade;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\pri;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\Users\mkharitonov\AppData\Local\Dbg\EngineExtensions;E:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\ProgramData\Oracle\Java\javapath;E:\Program Files (x86)\Windows Resource Kits\Tools\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Microsoft Team Foundation Server 2015 Power Tools\;%BPADir%;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;E:\utils\LINQPad4;C:\Program Files\TortoiseHg\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;D:\Anaconda;D:\Anaconda\Scripts;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;E:\Program Files\PostgreSQL\pg95\bin;E:\Program Files\Git\cmd;E:\Program Files\nodejs\;E:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\dotnet\;E:\Utils;c:\dayforce\DayforceDEV\Utils;C:\Program Files\nodejs;c:\Program Files\WinRAR;c:\Program Files\Saxonica\SaxonEE9.6N\bin;C:\Users\mkharitonov\AppData\Roaming\npm
Extension DLL chain:
dbghelp: image 10.0.15063.468, API 10.0.6, built Wed Dec 31 19:00:00 1969
[path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll]
ext: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
[path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\ext.dll]
exts: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
[path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP\exts.dll]
uext: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
[path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\uext.dll]
ntsdexts: image 10.0.15063.468, API 1.0.0, built Wed Dec 31 19:00:00 1969
[path: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\WINXP\ntsdexts.dll]