stephenfewer
commented
9 years ago The .crash file is text file containing some debugger output like stack trace, registers, some disassembly around EIP and so on. If you have set up encryption you will need to decrypt the .crash file first [0].
If you want to get proper memory dumps that you can open in WinDbg you could try experimenting with the MiniDumpWriteDump API [1]. Modifying the grinder node debugger [2] to call MiniDumpWriteDump instead (or as well as) generating the text .crash file should work nicely.
[0] https://github.com/stephenfewer/grinder#setting-up-encryption-for-crash-information [1] https://msdn.microsoft.com/en-us/library/ms680360.aspx [2] https://github.com/stephenfewer/grinder/blob/master/node/core/debug/debugger.rb#L414
Hey When a crash happens, we get a .crash file and a .log file. but we are not able to analyze .crash file inside windbg as it has different file format than actual memory dump file. So is there a way, I can get the dump file from .crash file or I can analyze .crash itself by any other means?