O'Reilly logo

Memory Dump Analysis Anthology, Volume 3 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10. The Origin of Crash Dumps

Hide, Seek and Dump

CtxHideEx32 tool[34] allows a substring search for a window title or class, for example:

CtxHideEx32.exe HIDE "*error" "" OK

We have discovered that it allows to automatically dump any process displaying a message box with an error message in its window title. Here is an example using TestDefaultDebugger64 (Volume 1, page 641) to simulate an application fault message where the following instance of CtxHideEx32 was setup to dump a process showing WER dialog on Vista:

CtxHideEx32 NONE "*Microsoft Windows"
"" "C:\kktools\userdump8.1\x64\userdump.exe %d"

We click on a big lightning button:

Hide, Seek and Dump

And then ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required