Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
windows_crashes¶
Extracted information from Windows crash logs (Minidumps).
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: windows_crashes
- Windows
Table schema¶
Name | Type | Description |
---|---|---|
datetime | TEXT | Timestamp (log format) of the crash |
module | TEXT | Path of the crashed module within the process |
path | TEXT | Path of the executable file for the crashed process |
pid | BIGINT | Process ID of the crashed process |
tid | BIGINT | Thread ID of the crashed thread |
version | TEXT | File version info of the crashed process |
process_uptime | BIGINT | Uptime of the process in seconds |
stack_trace | TEXT | Multiple stack frames from the stack trace |
exception_code | TEXT | The Windows exception code |
exception_message | TEXT | The NTSTATUS error message associated with the exception code |
exception_address | TEXT | Address (in hex) where the exception occurred |
registers | TEXT | The values of the system registers |
command_line | TEXT | Command-line string passed to the crashed process |
current_directory | TEXT | Current working directory of the crashed process |
username | TEXT | Username of the user who ran the crashed process |
machine_name | TEXT | Name of the machine where the crash happened |
major_version | INTEGER | Windows major version of the machine |
minor_version | INTEGER | Windows minor version of the machine |
build_number | INTEGER | Windows build number of the crashing machine |
type | TEXT | Type of crash log |
crash_path | TEXT | Path of the log file |
Query examples¶
select * from windows_crashes
select * from windows_crashes where module like '%electron.exe%'
select * from windows_crashes where datetime < '2016-10-14'
select * from windows_crashes where registers like '%rax=0000000000000004%'
select * from windows_crashes where stack_trace like '%vlc%'