Analyzing a dump file is not going as expected.
Posted: Mon Aug 02, 2021 1:00 am
Once again I have someone using one of my tables and an AOB isn't found. In the past I've had a user upload the EXE for analysis and that has worked. But with this game most of the relevant code is in DLLs. So I tested creating a dump file, with task manager, and analyzing that worked as I was able to open the file with CE and scan for AOBs and find the code I was expecting. Then I had the user create a dump file and upload that. But scanning for AOBs doesn't work. Even AOBs that work on the table for them aren't found. So at this point I'm thinking I have misunderstood what the dump file is or how to use. Now their DF was created on win 10 and mine on win 7, if that matters. And theirs is 6+ GB and mine is 2+ GB, and I'm not really understanding the reason for this. But I find all the same DLLs listed when opened with visual studio.
In my searching I did find that "Scylla" dumps differ from windbg dumps and I assume that task manager creates windbg dumps. But I'm not really sure where this fits in yet.
So my questions are as follows. Why is there so much of a size difference? And what should I do differently for analyzing processes like this in the future?
In my searching I did find that "Scylla" dumps differ from windbg dumps and I assume that task manager creates windbg dumps. But I'm not really sure where this fits in yet.
So my questions are as follows. Why is there so much of a size difference? And what should I do differently for analyzing processes like this in the future?