How to Create Minidump for My Process When It Crashes

How to create minidump for my process when it crashes?

You need to programatically create a minidump (with one exception, see next link). CodeProject has a nice article on MiniDumps. Basically, you want to use dbghelp.dll, and use the function MiniDumpWriteDump() (see MSDN on MiniDumpWriteDump).

How effective such dumps are depends very much on the application. Sometimes, for optimized binaries, they are practically useless. Also, without experience, heap/stack corruption bugs will lead you astray.

However, if the optimizer was not too hard on you, there is a large class of errors where the dumps do help, namely all the bugs where having a stack-trace + values of the locally used variables is useful, i.e. many pure-virtual-function call things (i.e. wrong destruction order), access violations (uninitialized accessed or missing NULL checks), etc.

BTW, if your maintenance policy somehow allows it, port your application from VC6 to something acceptable, like VC8 or 9. You'll do yourself a big favor.

How can I watch a process and produce a minidump when it crashes (like PROCDUMP)?

OK, I figured it out myself. I've written my own "debugger" that can trap the exceptions generated in a program to which my "debugger" attaches to. Now I just need to figure out how to write a minidump of that external process. The tricky part would seem to be that I have to provide an array of EXCEPTION_POINTERS.. thats the only bit I need to figure out now.

Here's an example code snippet. I hope it helps somebody else out in the future:

void WriteCrashDump( EXCEPTION_DEBUG_INFO *pExceptionInfo )
{
  CONTEXT c;

  memset( &c, 0, sizeof( c ) );

  GetThreadContext( hThread, &c );

  EXCEPTION_POINTERS ep;

  ep.ContextRecord   = &c;
  ep.ExceptionRecord = &pExceptionInfo->ExceptionRecord;

  MINIDUMP_EXCEPTION_INFORMATION minidump_exception;

  minidump_exception.ThreadId          = dwThreadId;
  minidump_exception.ExceptionPointers = &ep;
  minidump_exception.ClientPointers    = true;

  HANDLE hFile = CreateFile( "dump.dmp", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL );

  if( hFile ) 
  {
    BOOL  fSuccess;

    fSuccess = MiniDumpWriteDump( hProcess, dwProcessId, hFile, MiniDumpWithFullMemory, &minidump_exception, NULL, NULL );

    if( ! fSuccess )
      printf( "MiniDumpWriteDump -FAILED\n" );

    CloseHandle( hFile );
  } 
}

void DebugLoop( void )
{
  DEBUG_EVENT de;

  while( 1 )
  {
    WaitForDebugEvent( &de, INFINITE ); 

    switch( de.dwDebugEventCode )
    {
      case CREATE_PROCESS_DEBUG_EVENT:
        hProcess = de.u.CreateProcessInfo.hProcess;
        break;

      case EXCEPTION_DEBUG_EVENT: 
        printf( "EXCEPTION_DEBUG_EVENT\n" ); 

        // PDS: Not interested in the fact that I have attached to it and caused a breakpoint..
        if( de.u.Exception.ExceptionRecord.ExceptionCode == EXCEPTION_BREAKPOINT )
          break;

        dwProcessId = de.dwProcessId;
        dwThreadId  = de.dwThreadId;

        WriteCrashDump( &de.u.Exception );
        return;

      default:
        break;
    }

    ContinueDebugEvent( de.dwProcessId, de.dwThreadId, DBG_CONTINUE );
  }
}

Is there a way a customer can force a crash (which then will generate a minidump) during a long Windows API call?

You don't need to crash to generate a dump file. Simply open up Task Manager, go to Processes tab, rightclick the respective process and choose Create dump file:

Once the dump is written to disk Task Manager will pop up a dialog informing the user, where the dump file is located. By default it is %temp%\<image name>.DMP:

For 32 bit applications, to create a 32 bit dump file, run the 32 bit version of Task Manager from Window's SysWOW64 folder : e.g. c:\Windows\SysWOW64\Taskmgr.exe

When are memory dump files exactly created?

First of all, there are different places to configure a "create a minidump on crash" setting, which are totally different.

1. You can configure Windows to create a kernel dump file when Windows crashes, i.e. when a Bluescreen of death (BSOD) occurs. This is done in the following screen on Windows 7:

   

2. You can configure Windows to create a user mode dump file when an application crashes, i.e. instead of the "Windows Error Reporting" dialog which would normally appear. To do so, and you know that in advance, then configure a Registry key called LocalDumps (MSDN). By default, dumps will be created below %LOCALAPPDATA%\CrashDumps and they will have the naming scheme app.exe.<PID>.dmp.

   

3. For the sake of completeness, there might be other triggers. The only sure way to tell is: when the method MiniDumpWriteDump (MSDN) is called.

I'm quite sure that you want option 2 of the above. If you have trouble with it, see whether all the conditions for LocalDump are fulfilled.

The answer given by @antlersoft does not work, for the reasons I have posted in my blog: at the time the dialog is shown, Windows has triggered a breakpoint to stop the application and it has injected a callstack of Windows Error Reporting. All in all, not a good starting point for debugging.

What would work is:

1. attach a debugger of your choice
2. press "Go" in the debugger
3. press the "Debug" button of the WER dialog
4. confirm the warning about the debugger which is already attached
5. click "No" when asked to start debugging using the selected debugger

Using Task Manager to create a crash dump is not recommended, since it will not consider the bitness of the application, which may cause trouble later. See ways to create good and useful crash dumps.

Creating a MiniDump of a running process

Are you opening the process with the necessary access rights? MiniDumpWriteDump() needs the process handle to be opened using PROCESS_QUERY_INFORMATION and PROCESS_VM_READ access rights. When using GetCurrentProcess(), I think these are granted automatically, but when using OpenProcess() to open another process, you have to request these rights.

To do so, you might also have to enable SeDebugPrivilege, which would cause problems for users whose accounts don't have that privilege. But the documentation doesn't seem to be clear on whether SeDebugPrivilege is necessary for PROCESS_QUERY_INFORMATION and PROCESS_VM_READ rights specifically (as opposed to all process access rights), particularly when opening a process that is running as the same user account.

Can Windows (WER) generate minidumps and full dumps at the same time of a crashing process?

IMHO it is not possible to have both types created by WER.

A dump can be converted with WinDbg:

1. Open the full dump
2. .dump /mFhutip c:\small.dmp Check which options you want. Note: for a full .NET analysis, you typically need full memory.

You can automate this task by using cdb instead of windbg and pass commands via the -c "<command>" command line switch, e.g.:

cdb -c ".dump /mFhutip c:\debug\dumps\small.dmp ; q" -z c:\debug\dumps\big.dmp

Simplest method for creating dump file for troubled process

Keep in mind that on a 64-bit OS, the dump created by Task Manager for a WOW process will be a 64-bit dump. This can cause problems, especially if you're debugging managed code. For 32-bit WOW processes, it's generally best to use a 32-bit utility.

---

Related Topics