The Windmp loader module can load *.dmp files into IDA for static analysis.
Index
| Previous topic
| Next topic
For the Windmp loader to function properly, one need to specify the path to MS Debugger Engine Library (dbgeng.dll). This option can be set in CFG\IDA.CFG under the DBGTOOLS key. If this value is not set then Windmp will try to detect the path.
Windmp can be used to load big dump files, however that will result in a huge database, therefore is possible to manually load a given input file:
- Load modules segments only: If used, Windmp will only load segments related to the loaded modules and skips all other memory segments
- Do not load symbol names: If symbol path is configured properly, then Windmp will fetch and rename all known addresses; you can skip this step by not loading symbol names.
- Skip segments greater than: It skips segments with a given size, resulting in faster loading speed. If this value is zero then this option will not be used.In addition to static analysis it is possible to run the dump file under the windbg debugger module.