Search code examples
c++winapidump

Should I use the (undocumented?) MINIDUMP_EXCEPTION_INFORMATION64 structure for creating dumps of 64bit processes?

I'm currently looking at a problem with creating dump files (in-process, ahem) using MiniDumpWriteDump. The issue only shows up in 64bit builds. My code is just

static LONG WINAPI unhandledExceptionFilter( PEXCEPTION_POINTERS p )
{

    // ...
    MINIDUMP_EXCEPTION_INFORMATION mei;
    mei.ThreadId = ::GetCurrentThreadId();
    mei.ExceptionPointers = p;
    mei.ClientPointers = TRUE;
    if ( !MiniDumpWriteDump( ::GetCurrentProcess(),
                ::GetCurrentProcessId(),
                dumpFile,
                MiniDumpNormal,
                &mei,
                NULL,
                NULL ) ) {
        // ....
    }

By accident, I noticed that there is a (seemingly undocumented?) MINIDUMP_EXCEPTION_INFORMATION64 structure in the Windows SDK which differs significantely from the MINIDUMP_EXCEPTION_INFORMATION structure:

typedef struct _MINIDUMP_EXCEPTION_INFORMATION {
    DWORD ThreadId;
    PEXCEPTION_POINTERS ExceptionPointers;
    BOOL ClientPointers;
} MINIDUMP_EXCEPTION_INFORMATION, *PMINIDUMP_EXCEPTION_INFORMATION;

typedef struct _MINIDUMP_EXCEPTION_INFORMATION64 {
    DWORD ThreadId;
    ULONG64 ExceptionRecord;
    ULONG64 ContextRecord;
    BOOL ClientPointers;
} MINIDUMP_EXCEPTION_INFORMATION64, *PMINIDUMP_EXCEPTION_INFORMATION64;

Googling for that newly discovered structure, I found one place which inded uses it for 64bit builds. Is this really important or just a misguided attempt at writing 64bit-safe code?

Solution

  • MINIDUMP_EXCEPTION_INFORMATION64 plays no role when you call MiniDumpWriteDump(), that function always requires you to pass a MINIDUMP_EXCEPTION_INFORMATION*.

    It represents the same information, but the way it is recorded in the dump file itself. It needs to be transformed from the info that you pass, can't store pointers in a file. It needs to be flattened, the ULONG64 ExceptionRecord member specifies the offset in the file where the MINIDUMP_EXCEPTION record is stored. The ULONG64 ContextRecord member specifies the offset in the file where the CONTEXT record is stored.

    The dump file format is not formally documented, just informally from these kind of declarations. They are accurate the last time I played with this (~2 years ago).

    So, nothing to do with your problem.