Location method for Windows process crash problem _c language

Process crashes on Linux typically generate core files, which can be viewed on the stack with GDB opened and executed with the BT command. On the Windows platform, we usually use minidumpwritedump to stack dumps, which requires a certain understanding of the system API and writing some code. In this paper, a method of recording process crash stack without coding is summed up with practical project experience.

Introduction: Memory and stack dumps when a process crashes with the NSTD tool.

Turn on debug options when compiling release versions, and publish EXE and PDB files together.

2. Use batch command to set the debugger that the Windows system calls when the process crashes is NTSD

Copy Code code as follows:

@reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"/V "Auto"/t reg_sz/d "1"/F

This batch instruction, set the AeDebug call before the need to bomb message box confirmation? The default is 0, and setting 1 means the automatic processing does not play the confirmation box. If you have installed visual Studio, you may have encountered the following bullet boxes:

This is the VS. when the AeDebug debugger is set up, a process crashes, and then the balloon confirms whether you want to attach to the process for debugging.

Then set the debug dump directive for NTSD:

Copy Code code as follows:

@reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"/V "Debugger"/t reg_sz/d "D:\Dump\ Ntsd.exe-p%%ld-e%%ld-g-C \ ". dump/ma/u D:\Dump\dump.dmp;. logopen/t D:\Dump\dump.txt;.. echo Process Status: ; ^|; . Echo Thread Status:; ^~. Echo Stack Status:; KPN; logclose; Q\ ""/F

I copy the NTSD program to the D:\dump directory.

-P%%ld Incoming process id,-c Execute dump instruction: Echo prints thread information, thread stack, and then exits.

Batch installation scripts and NTSD programs I have already packed, can download here.

3. Below is an example to illustrate the effect:

Copy Code code as follows:

#include <stdio.h>

void Test2 ()
{
int a = 1;
int b = 0;
int c = A/b;
}

void Test1 ()
{
Test2 ();
}

int main (int argc, char** argv)
{
Test1 ();

return 0;
}

We construct a crash with the exception of 0 errors, test1 and test2 to demonstrate the call stack.

The stack text crawled by this method is as follows:

Copy Code code as follows:

Opened log file ' D:\Dump\dump_22d4_2014-09-30_15-15-33-062.txt '
Debug Session Time:tue Sep 15:15:33.063 2014 (gmt+8)
System uptime:2 days 3:35:54.545
Process uptime:0 days 0:00:00.923
Kernel time:0 days 0:00:00.015
User time:0 days 0:00:00.000
Process Status:
. 0 id:3854 Attach Name:d:\xcb\20140808\test\coredump\dumpexamplenormalstack.exe
Thread Status:
. 0 id:3854.3138 suspend:1 teb:7ffdf000 unfrozen
Stack Status:
Error:symbol file could not is found. defaulted to export symbols for C:\Windows\SYSTEM32\ntdll.dll-
# CHILDEBP RetAddr
002DFB2C 01321038 dumpexamplenormalstack!test2 (void) +0x18
002dfb34 01321048 dumpexamplenormalstack!test1 (void) +0x8
002DFB3C 01321159 dumpexamplenormalstack!main (int argc = 1, char * * argv = 0x003ea488) +0x8
Error:symbol file could not is found. defaulted to export symbols for C:\Windows\system32\kernel32.dll-
002dfb84 76e2ee1c dumpexamplenormalstack!__tmaincrtstartup (void) +0xfe
Warning:stack unwind information not available. Following frames May is wrong.
002dfb90 77ba37eb kernel32! basethreadinitthunk+0x12
002dfbd0 77ba37be ntdll! Rtlinitializeexceptionchain+0xef
002dfbe8 00000000 ntdll! Rtlinitializeexceptionchain+0xc2
Closing Open log File D:\Dump\dump_22d4_2014-09-30_15-15-33-062.txt

Remember: The debug option needs to be turned on in release version, and the resulting PDB files and EXE are placed in the same directory.

End ~