All geek questions in one place

What is in the dump file?

I was asked by the MS Connect moderator to provide a mini-dump file for the problem that I encountered with Visual Studio.

My business is slightly worried about what might be contained in the dump file (which is about half a gigabyte).

“I'm a little worried,” I just mean that they asked me to find out if any proprietary code would be included (and, if so, how much).

The dump file was created by Visual Studio by following these steps:

  • Launch Visual Studio.
  • Launch another instance of VS.
  • In the second instance, click "Tools" | Join the process ...
  • In the process list, find devenv.exe.
  • Click "Select ..." and explicitly select the "Native" and "Managed" code.
  • Click OK and OK to close the Dialog Selection and Attach to Process dialog box.
  • Go back to the first VS instance and retry the failure.
  • After a failure, control should go to the second instance of VS.
  • In the second case, click "Debug" | Save Mini Dump.

I thought the great people here at StackOverflow could help. Therefore, my questions for you:

  • What is in the Visual Studio dump file?
  • Are there any considerations that I should take into account before creating the dump file so as not to send the contents of my letters, all my passwords and my bank account information along with the source code of all my colleagues?
+6
source share
2 answers

The custom mini-dump mode contains the memory of the process you are unloading, not the entire system. Other processes running on the system are not affected. In other words, the dump contains data and executable code for a specific process.

For native code, which means compiled code. For a managed application that means both IL and compiled code. That is, there is nothing complicated in extracting high-level managed IL code from a dump file. IL can be interpreted using tools such as Reflector.

In your case, you create a Visual Studio process dump file (devenv.exe), so if you do not have a VS plugin that stores your personal data, the dump will not contain your personal information. As for the source code, the dump may contain some data related to this, but you certainly do not send all of your source code as part of the dump file.

+4
source

A dump file can contain many things.

It is usually generated when called

BOOL WINAPI MiniDumpWriteDump( __in HANDLE hProcess, __in DWORD ProcessId, __in HANDLE hFile, __in MINIDUMP_TYPE DumpType, __in PMINIDUMP_EXCEPTION_INFORMATION ExceptionParam, __in PMINIDUMP_USER_STREAM_INFORMATION UserStreamParam, __in PMINIDUMP_CALLBACK_INFORMATION CallbackParam );

The information contained in the dump is specified by the DumpType parameter:

 typedef enum _MINIDUMP_TYPE { MiniDumpNormal = 0x00000000, MiniDumpWithDataSegs = 0x00000001, MiniDumpWithFullMemory = 0x00000002, MiniDumpWithHandleData = 0x00000004, MiniDumpFilterMemory = 0x00000008, MiniDumpScanMemory = 0x00000010, MiniDumpWithUnloadedModules = 0x00000020, MiniDumpWithIndirectlyReferencedMemory = 0x00000040, MiniDumpFilterModulePaths = 0x00000080, MiniDumpWithProcessThreadData = 0x00000100, MiniDumpWithPrivateReadWriteMemory = 0x00000200, MiniDumpWithoutOptionalData = 0x00000400, MiniDumpWithFullMemoryInfo = 0x00000800, MiniDumpWithThreadInfo = 0x00001000, MiniDumpWithCodeSegs = 0x00002000, MiniDumpWithoutAuxiliaryState = 0x00004000, MiniDumpWithFullAuxiliaryState = 0x00008000, MiniDumpWithPrivateWriteCopyMemory = 0x00010000, MiniDumpIgnoreInaccessibleMemory = 0x00020000, MiniDumpWithTokenInformation = 0x00040000 } MINIDUMP_TYPE;

A small dump file will probably only contain a stack trace with the names of functions and modules.

A large dump file, such as yours, may contain full process memory, call stacks for all threads, and others. It is probably best to check the descriptions of each of these types for yourself.

The source code is never displayed, since you send only information about the DLL. However, reverse engineering is possible, but it is possible if you have a dll. You should review their terms of use or privacy policy.

So ... the names of functions and modules will be visible from the dump file, the actual code will not. The process memory may be visible (depending on the type parameter), therefore it is better not to store any important data in memory when creating a dump.

+1
source

Source: https://habr.com/ru/post/901447/

More articles:


All Articles