How to retrieve data added to crash dump using KeAddTriageDumpDataBlock

  • Thread starter Thread starter Rexlin S
  • Start date Start date
R

Rexlin S

Guest
I have added some data to crash dump using KeAddTriageDumpDataBlock function from my BugcheckReasonCallback routine of type KbCallbackTriageDumpData.
How do I retrieve and view this data in the crash dump file .

NTSTATUS KeAddTriageDumpDataBlock(
PKTRIAGE_DUMP_DATA_ARRAY KtriageDumpDataArray,
PVOID Address,
SIZE_T Size
);

Is the data block defined by address and size in the KeAddTriageDumpDataBlock should be of any format ?
I have the data that is to be added to the DumpDataArray in a private data structure and
I have passed the address and size of that structure for
the address and size fields.
Is this correct ?

Continue reading...
 
You must log in or register to reply here.

Similar threads

X
crash dump help ive rma my cpu is this another failure
Replies
0
Views
1
XDeathwish75X
X
M
i want to retrieve the data from cross device folder
Replies
0
Views
5
Mahboob Khan2
M
M
i want to retrieve the data from cross device folder
Replies
0
Views
3
Mahboob Khan2
M
L
FORMATTED IN macOS Sequoia 15.0.1 as ExFAT and added data from macOS, it shows errors on the disk, well what to do???
Replies
0
Views
1
Lse123polis
L
L
FORMATTED IN macOS Sequoia 15.0.1 as ExFAT and added data from macOS, it shows errors on the disk, well what to do???
Replies
0
Views
2
Lse123polis
L
Back
Top