I was trying to generate dump manually on my Dell D630 laptop which is running on 32-bit architecture with 2GB Ram , 1.5 times page file set. I understand the different ways to generate complete / kernel / mini dumps. But I was interested to run Mark’s Notmyfault tool to generate complete memory dump , you can find more information about the tool from the link.
One of the observation I made when trying to set specific process as implicit is that windbg throws the following error “Process <ID> has invalid page directories”. This behavior you observe for any process I try to make it implicit.
Why does Windbg thinks page directories are invalid ?, page directory is process specific and has the information about virtual memory to physical memory mapping, so I would think some of the pages might be missing when capturing dump ? , I might be wrong , but I was able to successfully see the thread stack.
Step 1 : Download notmyfault tool , and manual crash the system to generate complete memory dump
Step 2 : launch Windbg with symbols loaded appropriately and attach the dump
Step 3 : try running .process <ID> which will result in above message
Step 4 : try reloading the symbols for the application using .process /r /p <id >
Step 5 : Now run !process <ID / address> or !process 0 0 <process name >
Step 6 : Navigate to the thread you desire to debug and run .thread <id / address> which would say “implicit hread is <ID>”
Step 7 : Run KV to examine the thread stack.