|
|
The windows dump is easily accessed simply with the key D in the command prompt's debug option, but you need to privide 2 other peices of information, seperated by a ':'
First is the location of the dump which is useful, for this example we are looking up information about the video card. So we will need hardware related windows information. The same address is used for nearly ALL windows dump data that is understandable.
C000
next we need an offset value, the prompt does not show us the entire dump, and for good reason, there are thousands of lines of it, since these values are in hexidecimal format. Your full video card information should be available through the values:
0040 and 0090
Detail this entire process:
1) Open a DOS prompt
start > run > "cmd"
2) type "debug"
3) type in your dump value to check for
D C000:0000
(this is only an example)
Therefore the completed values to enter into the windows debugger are:
'D C000:0040' and 'D C000:0090'
There is a little trial and error involved in finding useful data, but it is still easier in most cases to use the built in windows dump viewer as opposed to using a 3rd part app which may not be allowed access.
If there are those still using Win98, the first dump value used here, is translated into 'D C000:0010' instead.
Try it out and try using other offset values to see what you can find.
|
|