Chapter 6. ProcDump
Core dumps, also known as “memory dumps,” have provided troubleshooting data since the early days of computing, long predating the advent of Unix, let alone the PC and Microsoft Windows. (No, I do not remember back that far. I’m not that old!) When a program or the operating system crashed, the computer would capture its state at that instant, including the content of memory and of processor registers, and save it to persistent storage1.
1 In the early days, “persistent storage” could be a paper printout!
Developers or other specialists can often find evidence in dumps to identify the bugs that caused the failures. Today, as part of standard process-crash handling, Windows Error Reporting (WER) can capture a dump file containing ...
Get Troubleshooting with the Windows Sysinternals Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
