windows_crashes =============== Extracted information from Windows crash logs (Minidumps). Platform support ---------------- Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. **Running a query against an unsupported platform will result in the following error:** ``no such table: windows_crashes`` - Windows Table schema ------------ ================= ======= ============================================================= Name Type Description ================= ======= ============================================================= datetime TEXT Timestamp (log format) of the crash module TEXT Path of the crashed module within the process path TEXT Path of the executable file for the crashed process pid BIGINT Process ID of the crashed process tid BIGINT Thread ID of the crashed thread version TEXT File version info of the crashed process process_uptime BIGINT Uptime of the process in seconds stack_trace TEXT Multiple stack frames from the stack trace exception_code TEXT The Windows exception code exception_message TEXT The NTSTATUS error message associated with the exception code exception_address TEXT Address (in hex) where the exception occurred registers TEXT The values of the system registers command_line TEXT Command-line string passed to the crashed process current_directory TEXT Current working directory of the crashed process username TEXT Username of the user who ran the crashed process machine_name TEXT Name of the machine where the crash happened major_version INTEGER Windows major version of the machine minor_version INTEGER Windows minor version of the machine build_number INTEGER Windows build number of the crashing machine type TEXT Type of crash log crash_path TEXT Path of the log file ================= ======= ============================================================= Query examples -------------- .. code-block:: sql select * from windows_crashes .. code-block:: sql select * from windows_crashes where module like '%electron.exe%' .. code-block:: sql select * from windows_crashes where datetime < '2016-10-14' .. code-block:: sql select * from windows_crashes where registers like '%rax=0000000000000004%' .. code-block:: sql select * from windows_crashes where stack_trace like '%vlc%'