6
2
I am investigating a BSOD and I'd like to know more about the process that caused the problem. I can open the minidump in WinDbg which gives a lot of information about the crash. However the one piece of information I haven't been able to get is the command line arguments of the process that caused the crash.
Does anyone know if it is something that can be extracted from a crash dump?
Thanks in advance.
Clem
Posted 2012-10-12T14:36:40.427
Reputation: 141
8
The information I was looking for is stored in the process environment block (PEB). In WinDbg the !peb command displays a formatted view of the PEB. This view contains an entry for the command line that was used to start the process.
Clem
Posted 2012-10-12T14:36:40.427
Reputation: 141
Note that this won't always work, because the PEB is not always one of the things that's captured in the minidump, except for the current process. – Jamie Hanrahan – 2018-08-28T05:33:27.393
Try BlueScreenView and see if it displays what you want.
– Karan – 2012-10-12T22:51:11.867BlueScreenView didn't help but I found the solution - see answer below. – Clem – 2012-10-30T14:43:54.370