CODEWITHSUNDEEP
visual-studiominidump
m-smith
m-smith

Reputation: 3091

What's in a dump file?

I've been asked by a MS Connect moderator to provide a mini dump file for an issue I'm experiencing with Visual Studio.

My business is mildly concerned about what might be contained within the dump file (which is around half a gig in size).

By "mildly concerned", I merely mean they've asked me to find out whether any proprietary code will be included (and, if so, how much).

The dump file was created by Visual Studio by doing the following:

  1. Start Visual Studio.
  2. Start another instance of VS.
  3. In the second instance click Tools | Attach to Process...
  4. In the list of processes locate devenv.exe.
  5. Click Select... and explicitly choose 'Native' and 'Managed' code.
  6. Click OK and OK to close Select dialog and Attach to Process dialog.
  7. Go back to the first instance of VS and repro the crash.
  8. Upon the crash, control should go to the second instance of VS.
  9. In the second instance click Debug | Save Mini Dump.

I thought the lovely people here at StackOverflow would be able to help. So my questions to you are:

Upvotes: 6

Views: 2015

Answers (2)

Brian Rasmussen
Brian Rasmussen

Reputation: 116471

A user mode mini dump contains the memory of the process you're dumping, not the entire system. Other processes running on the system are not affected. In other words the dump contains data and executable code for the specific process.

For native code that means the compiled code. For a managed application that means both the IL and the compiled code. I.e. it is a no-brainer to extract high level managed IL code from a dump file. The IL can be interpreted by tools like Reflector.

In your case, you're creating a dump file of a Visual Studio process (devenv.exe), so unless you have a VS plugin that stores your personal data the dump will not contain your personal information. As for your source code the dump may contain some data related to this, but you're definitely not shipping all your source code as part of the dump file.

Upvotes: 4

Luchian Grigore
Luchian Grigore

Reputation: 258648

The dump file can contain many things.

It is usually generated with a call to

BOOL WINAPI MiniDumpWriteDump(
  __in  HANDLE hProcess,
  __in  DWORD ProcessId,
  __in  HANDLE hFile,
  __in  MINIDUMP_TYPE DumpType,
  __in  PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam,
  __in  PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam,
  __in  PMINIDUMP_CALLBACK_INFORMATION CallbackParam
);

Information included in the dump is set by the DumpType parameter:

typedef enum _MINIDUMP_TYPE {
  MiniDumpNormal                           = 0x00000000,
  MiniDumpWithDataSegs                     = 0x00000001,
  MiniDumpWithFullMemory                   = 0x00000002,
  MiniDumpWithHandleData                   = 0x00000004,
  MiniDumpFilterMemory                     = 0x00000008,
  MiniDumpScanMemory                       = 0x00000010,
  MiniDumpWithUnloadedModules              = 0x00000020,
  MiniDumpWithIndirectlyReferencedMemory   = 0x00000040,
  MiniDumpFilterModulePaths                = 0x00000080,
  MiniDumpWithProcessThreadData            = 0x00000100,
  MiniDumpWithPrivateReadWriteMemory       = 0x00000200,
  MiniDumpWithoutOptionalData              = 0x00000400,
  MiniDumpWithFullMemoryInfo               = 0x00000800,
  MiniDumpWithThreadInfo                   = 0x00001000,
  MiniDumpWithCodeSegs                     = 0x00002000,
  MiniDumpWithoutAuxiliaryState            = 0x00004000,
  MiniDumpWithFullAuxiliaryState           = 0x00008000,
  MiniDumpWithPrivateWriteCopyMemory       = 0x00010000,
  MiniDumpIgnoreInaccessibleMemory         = 0x00020000,
  MiniDumpWithTokenInformation             = 0x00040000 
} MINIDUMP_TYPE;

A small dump file will probably contain only a stack trace with function and modules names.

A big dump file, such as yours, can contain full process memory, call stacks for all threads and others. It's probably better to check the descriptions of each of those types for yourself.

Source code is never visible, since you only send dll information. Reverse engineering is however possible, but that's possible if you had the dll. You should read their terms of use or privacy policy.

So... function and module names will be visible from the dump file, actual code will not. Process memory can be visible(depending on the type parameter), so better not store any sensitive data in memory when generating the dump.

Upvotes: 1

Related Questions