Search strings in a large MEMORY.DMP file RRS feed

  • Question

  • How can I search a string in a large MEMORY.DMP file generated by Windows BSOD (Windows 8.1 64 bit)?

    On 32-bit Windows, the command

        s -a 0 ffffffff "my pattern"
    seems to work.

    But for 64-bit windows,

        s -a 0 ffffffff`ffffffff "my pattern"
    takes almost infinite time, even though the total size of the MEMORY.DMP is about 400MB only, while a simple `grep` can find the pattern within seconds.

    My goal is to find the virtual address of the string to determine which stack/heap/text area is overwritten by it.

    I would finally resort to interpret the file format of MEMORY.DMP by hand if the reference or specification of the file format is available. Any hints?
    Thursday, September 3, 2015 2:18 AM

All replies

  • you might want to ask on the windbg forum

    d -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, September 3, 2015 3:08 AM