Win11 bsod dump compatibility

[frendguo]

I tested the latest code on Windows 11 BSOD dump files and found that while the kernel dump could be identified correctly, issues arose with all other types of dumps.

Error info:

MapViewOfFile failed with GLE=8.
MapFile failed.
Parsing of the dump failed, exiting.

Windows version: Win11 26063 MP (4 procs) Free x64
Dump files: https://drive.google.com/file/d/1t5cGnG-XaDpIGw6upJ4ovA-Jm_JtFbHY/view?usp=drive_link

How to generate

1. System Properties -> Startup And Recovery -> System failure
   
2. In [Write debugging information], select [Small memory dump], [Kernel memory dump], [Complete memory dump], [Automatic memory dump], and [Active memory dump] one at a time.
3. After selecting a specific dump type, use notmyfault to trigger a crash and generate the dump file.

[0vercl0k]

Thank you for the detailed report 🙏🏽

Based on your screenshot, it looks like what is failing is the MapViewOfFile call - how big are those dump files? They might just be too big to map; that's what the GetLastError means:

ERROR_NOT_ENOUGH_MEMORY

8 (0x8)

Not enough memory resources are available to process this command.

If you want to still try to read those dump files, you can try the parser executable from kdmp-parser-rs - it is able to use file read and not only a memory mapping.

[frendguo]

Okay, got it.

Any plans to add a file-reading version of this repository?

[0vercl0k]

I did prototype it at one point - you can find it in https://github.com/0vercl0k/kdmp-parser/tree/fbl_fileread.

Let me know if you would be interested in testing it out, I could revive it and we can work to get it merged.

Cheers