How to read and analyze an .mdmp file

CS:S, TF2, DOD:S, etc.
Post Reply
User avatar
Edge100x
Founder
Founder
Posts: 12945
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

How to read and analyze an .mdmp file

Post by Edge100x »

1. Download and install Visual C++ Express Edition (which is free): http://www.microsoft.com/express/Downlo ... Visual-CPP

2. This is, by far, the longest step. Connect to the server's FTP and download the .mdmp file, exec_xxx.exe file, and every .dll file -- including everything in "addons", "dlls", etc. You will need to recreate its folder structure locally as you are doing this.

3. Double-click on the .mdmp file to open it in VC++.

4. Go to Debug->Start debugging. It should "run" briefly, then immediately stop and give you an error.

5. In the lower-right-hand corner of the screen, you'll see a tab for "Call stack". Click that, if it's not already selected, and you will have the backtrace for the crash.

The backtrace shows which functions were called, in order, in the lead-up to the crash. The error is on top, and the functions are in reverse order beneath that (the last one called, then the prior one, etc). Generally, if you see a plugin .dll mentioned in one of these, the cause was that plugin (though if it's something like Sourcemod, further analysis would be necessary to find which of its .smx plugins was the culprit). If you don't see a plugin in the backtrace, it could have still been a plugin (some plugins muck with the game code, or feed it invalid input), or it might be a bug in the game itself -- possibly one that was exploited by a third party.

More in-depth debugging would involve symbols, which would tell us the function arguments. We don't have symbols for Valve's code, but if the bug was due to Sourcemod or another mod, these can often be obtained. Generally that level of debugging should be left to the plugin author.
Post Reply