Configuring Automatic Crash Dumps

October 19, 2009

tags:
3 comments

This post is meant to serve as a simple reference for configuring automatic crash dumps for managed and native applications. These configuration steps can be performed on any machine which has Debugging Tools for Windows installed, and they do not require Visual Studio.

Although the subsequent steps are configured to capture a crash dump and nothing more, cdb is a fairly sophisticated debugger and so you can perform much more than just capture a dump—you can pass any commands of your choice to the debugger and they will be executed when the application crashes. (E.g. run an external program that sends an email, capture some data into a log file, etc.—consult the Debugging Tools for Windows documentation for information about the debugger commands.)

Native Applications

Go to the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug registry key and insert the following values:

Debugger = "C:\Program Files\Debugging Tools for Windows\cdb.exe" -pv -p %ld -c ".dump /u /ma C:\Temp\CrashDumps\crash.dmp;qd"
Auto = "1"

As a result, whenever a native process crashes, cdb will automatically attach to it, grab a dump to the specified directory and detach the debugger, allowing the standard Windows Error Reporting mechanism to kick in.

[Prior to Vista, you could also retain the default crash dump collection settings for native applications by running drwtsn32 -i from the command line and configuring Dr. Watson to capture a full dump by running drwtsn32 without command line parameters.]

Managed Applications

Go to the HKLM\SOFTWARE\Microsoft\.NETFramework registry key and insert the following values:

DbgManagedDebugger = "C:\Program Files\Debugging Tools for Windows\cdb.exe" -pv -p %ld -c ".dump /u /ma C:\Temp\CrashDumps\crash.dmp;qd"
DbgJITDebugLaunchSetting = 2

As a result, whenever a managed process crashes, cdb will automatically attach to it, grab a dump to the specified directory and detach the debugger, allowing the standard Windows Error Reporting mechanism to kick in.

64-bit Systems

On 64-bit systems, replicate the same registry settings to the appropriate Wow6432Node key, i.e. modify the registry key prefix in the above instructions to HKLM\SOFTWARE\Wow6432Node\Microsoft instead of HKLM\SOFTWARE\Microsoft. If you don’t do this, the settings will be relevant only for 64-bit applications. Note that you should use the appropriate version of the debugger—for the 64-bit key, specify the path to the 64-bit cdb and for the 32-bit key, specify the path to the 32-bit cdb.

WER Local Dumps

On Vista SP1 / Server 2008 and newer OS releases, you can configure Windows Error Reporting to record a dump of your application to a folder of your choice as part of the standard error reporting sequence when a process crashes. To do so, go to the HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps registry key and insert the following values:

DumpFolder = "%LOCALAPPDATA%\CrashDumps"
DumpCount = 100
DumpType = 2

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

3 comments

  1. polyOctober 21, 2009 ב 9:00 AM

    Do I have to install debugging tools for windows in order to create the dumps?
    Can’t I create dumps on a clean environment?

    Reply
  2. Sasha GoldshteinOctober 24, 2009 ב 11:32 AM

    @poly:

    On Vista SP1 and above you can use the LocalDumps key. On Vista and above there’s also an option to capture a hang dump in Task Manager.

    On XP and below you have Dr. Watson, but it doesn’t work reliably for managed applications.

    Reply
  3. alexFebruary 9, 2011 ב 2:24 PM

    Trying all of the above on Windows 7 64bit. As said I put the relevant keys in Wow6432Node as my application in 32bit mixed. I didn’t get any dump even though application crashed. Might be helpful to say that my application mostly C++ legacy with some .Net code. So I tried both kinds of debuggers keys – none of them worked to me. Any idea appreciated. Thanks.

    Reply