MiniDumpAuxiliaryDlls and KnownManagedDebuggingDlls

 

I accidentally stumble on these two registry keys. And the expert in Windows Debugger team answers my question.

-----Original Message-----
From:
Subject: RE: managed minidump

Auxiliary DLLs are loaded inside of MiniDumpWriteDump when it finds a registered auxiliary DLL for a module in the target process. The lookup is to take the full path of the module and see if there's a registered auxiliary DLL. You can't have multiple aux DLLs for a single module path.

-----Original Message-----

From: Junfeng Zhang

Subject: RE: managed minidump

When are auxiliary dlls loaded?

What is the behavior when there are multiple entries under each key?

-----Original Message-----

From:

Subject: RE: managed minidump

Both are filled with string values of the form <full DLL path> = <full DLL path>. MiniDumpAuxiliaryDlls lists helper DLLs that the minidump code can use to get additional data during dump generation. For example, mscorwks.dll has a registered auxiliary of mscordacwks.dll, which provides extra CLR memory data for a minidump.

KnownManagedDebuggingDlls is a security measure so that a debugger, when attempting to load extra support DLLs for managed debugging, can know what DLLs are approved for use on the system. The CLR registers mscordacwks.dll here, for example.

Both are kept in HKLM so that they can only be written by an admin.

-----Original Message-----

From: Junfeng Zhang

Subject: managed minidump

How does OS use the following two registry keys?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls