Debugging Tools for Windows |
Certain kinds of information, such as the name of the target computer, are easily available during live debugging. When debugging a dump file it takes a little more work to determine this information.
If you need to determine the name of the computer on which the crash dump was made, you can use the !peb extension and look for the value of COMPUTERNAME it its output.
Or you can use the following command:
be8ce2e8 srv!SrvComputerName = _UNICODE_STRING "AIGM-MYCOMP-PUB01"
To determine the IP address of the computer on which the crash dump was made, find a thread stack that shows some send/receive network activity. Open one of the send packets or receive packets. The IP address will be visible in that packet.
To determine the process ID of the target application from a user-mode dump file, use the | (Process Status) command. This will display all the processes being debugged at the time the dump was written. The process marked with a period (.) is the current process. Its process ID is given in hexadecimal after the id: notation.