The directory minidump exists as a sub-directory in each process directory.

The minidump directory contains a WinDbg compatible full process minidump.dmp file that may be used for debugging.

The minidump file contains:

• process memory including stacks, heaps and PE images.
• active process thread information including some CPU register information.
• active process modules (.dll/.exe).

Minidump files are reconstructed on a best-effort basis. Process memory may be valid, missing or zero-padded depending whether the backing memory is available or inaccessible due to paging.

Minidump files are only generated if certain prerequisites are met:

1. The process must be an active user-mode process. Special processes such as System, Registry, LSASS and MemCompression won't have minidump files generated.
2. If debug symbols from the Microsoft symbol server is missing certain functionality will be missing (Threads). The minidump will however still be generated.

The minidump.dmp file is read-only.

The example below shows the files minidump.dmp and readme.txt for the explorer.exe process. The file minidump.dmp is open directly in WinDbg for a debugging session showing some information about the callstack and CPU registers related to one of the threads.

The minidump sub-directory is implemented as a built-in native C-code plugin. The plugin source is located in the file modules/m_proc_minidump.c in the vmm project.