Collecting User Mode Memory Dumps for Beginners
When supporting developers off-site, you usually do not receive source code projects or even debug binaries.
Anyway, crashes, leaks & and hangs need to be analyzed and driven to solution quickly.
What lots of developers don't know in detail (me not either until some weeks ago) is how to approach such issues.
The following table was copied from the Debugging Tools for Windows Documentation (CHM):
There are five different tools that can create user-mode dump files. In most cases, ADPlus is the best tool to use.
The following table shows the features of each tool.
Feature | ADPlus | Dr. Watson | CDB and WinDbg | UserDump |
Creating a dump file when an application crashes (postmortem debugging) |
Yes |
Yes |
Yes |
Yes |
Creating a dump file when an application "hangs" (stops responding but does not actually crash) |
Yes |
No |
Yes |
Yes |
Creating a dump file when an application encounters an exception |
Yes |
Yes |
Yes |
Yes |
Creating a dump file while an application is running normally |
No |
No |
Yes |
No |
Creating a dump file from an application that fails during startup |
No |
No |
Yes |
Yes |
Shrinking an existing dump file |
No |
No |
Yes |
No |
An example that works for lots of scenarios reads as follows:
ADPlus –crash –pmn calc.exe –o c:\dumps
Monitors the machine and waits for processes of calc.exe to start. When a new instance of calc.exe starts, attaches in crash mode.
When attached to a program with WinDbg use the following command for a full dump:
.dump /f
A very easy way (DAU-like :-) is to save a dump from within Task Manager as shown in the screen shot:
You may also tell Windows Error Reporting to automatically save dumps for you in the temp folder.
Be careful with that option. Dumps can get very large (especially for x64 processes) and eat up your hard disk quickly.
The option can be enabled in the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
The Value Name is "DumpType" and possible values are (0 = Create a custom dump / 1 = Mini dump / 2 = Full dump).
Comments
- Anonymous
October 27, 2011
The table copied has active links taht are broken. would be nice if they worked and pointed to the correct location