1
votes

I'm trying to create a dump using DebugDiag that will contain information for non-handled .NET exceptions.

The creation of the dump file seem to be dependant on the running code, which I don't understand why.

These are the steps I've taken:

  1. Prepare a simple console application named DebugDiagTest with the following code, which throws an InvalidOperationException exception:

    using System;
    
    namespace DebugDiagTest
    {
        class Program
        {
            static void Main(string[] args)
            {
                if (ShouldAwaitKeyPress(args)) Console.ReadLine();
                Throw();
            }
            static void Throw()
            {
                throw new InvalidOperationException();
            }
            static bool ShouldAwaitKeyPress(string[] args)
            {
                var shouldAwaitKeyPress = false;
                if (args.Length > 0)
                {
                   bool.TryParse(args[0], out shouldAwaitKeyPress);
                }
                return shouldAwaitKeyPress;
            }
        }
    }
    
  2. Compile and run with DebugDiagTest.exe true, and DO NOT press any key yet; let it wait for a key press (step 4).

  3. Prepare a DebugDiag exception rule (you can follow this article).

  4. Go back to the running DebugDiagTest.exe, then press some key to make it crash.

  5. Go to C:\Program Files\DebugDiag\Logs\Crash rule for all instances of DebugDiagTest.exe, and you'll see a .dmp file.

  6. Now run with DebugDiagTest.exe false, go again to C:\Program Files\DebugDiag\Logs\Crash rule for all instances of DebugDiagTest.exe, and you'll see that no .dmp file was created.

You can now re-run DebugDiagTest.exe true whatever times you'd like, and see that a dump file is created each time. However, re-running DebugDiagTest.exe false never creates a dump file.

My question:
Why running DebugDiagTest.exe true creates a dump, while DebugDiagTest.exe false doesn't?

1
The crash rule only worked once because in step 4 that process terminated. By design.Lex Li
@LexLi, that's not true. A dump file is created each time when running DebugDiagTest.exe true, while running DebugDiagTest.exe false never creates a dump file.OfirD
DebugDiag needs to attach to your newly started process which takes time. Hence no dump when your process crashes too fast. Why do you not configure WER to create a dump of any process? docs.microsoft.com/en-us/windows/win32/wer/…Alois Kraus
@AloisKraus, I just tried out WER and it did work, thanks. In general, I'm not that familiar with dump creation methods, and just went with DebugDiag because it seemed very configurable, allowing to specify specific exceptions.OfirD
The best tool is still procdump which allows you to attach to an existing process or to start your process from procdump or it waits until it attaches to a specific process. docs.microsoft.com/en-us/sysinternals/downloads/procdumpAlois Kraus

1 Answers

2
votes

DebugDiag will need to attach to your application. When you crash too fast during startup DebugDiag will not yet have attached to your process and you will not get any dump out of it.

In that case it is easier to set some registry keys of Windows Error Reporting to enable of all or just your exe to take a full dump once your process exits with an unhandled exception. For more details see https://docs.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
Reg_Expand_SZ DumpFolder e.g. %temp%\WERDumps
DWORD         DumpType   2 is full dump
DWORD         DumpCount  e.g. 10 to keep the last 10 crashed full dumps

You can also create a subkey

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\MyApplication.exe 

to configure dump reporting only for you executable.

If you want to filter dumps based on specific exceptions you can use procdump from SysInternals which allows you to take e.g. a full memory dump on e.g. every InvalidOperationException by

procdump -ma -e 1 -f InvalidOperationException myApp.exe

Be sure to check out the extended help via

procdump -? -e

which will give you a overview how powerful that one is.