I have opened a minidump file of my C++ application in Visual Studio 2017. The dump is of a program crashing with an access violation. I am suspecting heap/stack corruption, so I am spending a lot of time in the memory/disassembly window, trying to interpret the stack.
It would be very convenient if I could search the memory for some value (for example the return address of function calls). I know WinDbg can do it, but it currently doesn't have symbol paths set up correctly, and I'd much rather stay in one debugger.
I've found this link that says Visual Studio 2010 supported typing something like .S -D 0x20B4EC L100 0x12EC9275 in the immediate window, but when I try in VS2017, I just get expected an expression.
Am I missing something?
(Note, Although I am now analysing a crashdump, it doesn't seem to work while debugging a live program either)
Clarification
- I have a minidump with memory included
- Regular analysis works fine: I have pdb files, I can see threads, stacks, watches, you name it. It is just that I suspect stack corruption, so those do not make much sense. (Either that, or the optimizer is messing with me)
- Hence, I've opened the memory window (Click Debug->Windows->Memory->Memory 1). In there, I can see (raw) memory. Now, I want to search in that memory for specific values.
Here is a good tutorial: https://learn.microsoft.com/en-us/visualstudio/debugger/using-dump-files?view=vs-2019
Basically, there are some hard requirements to see the memory in your dump:
If these are not met, you get only the stack trace and maybe some stack variables.
Edit: The stack trace with watches and variables is the same memory you want to search. There is no live debugging. It’s a snapshot of the crash.