Three steps to locate the Windows crash process

Source: Internet
Author: User

On the Windows platform, we typically use minidumpwritedump for stack dumps, which requires some understanding of the system APIs and some code writing. This paper summarizes a method that can record the process crash stack without coding, based on the actual project experience.

Introduction: Memory and stack dumps using the NSTD tool for process crashes.

Open the Debug option when compiling the release version and publish the EXE and PDB files together.

2. Use the batch command to set the debugger that the Windows system calls when the process crashes NTSD

@reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"/V "Auto"/t reg_sz/d "1"/F


This batch instruction, set AeDebug call before the need to bounce message box confirmation? The default is 0, and setting 1 means the auto process does not bounce confirmation box. If you have installed visual Studio, you may have encountered the following bullet boxes:

This is the process by which vs sets the AeDebug debugger, encounters a process crash, and then the box confirms whether to attach to the process for debugging. Then set the debug dump directive for NTSD:

@reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"/V "Debugger"/t reg_sz/d "D:\Dump\ Ntsd.exe-p%%ld-e%%ld-g-C \ ". dump/ma/u D:\Dump\dump.dmp;. logopen/t D:\Dump\dump.txt;. time;. Echo Process Status: ; ^|; . Echo Thread Status:; ^~;. Echo Stack Status:; KPN; logclose; Q\ ""/F


I copied the NTSD program to the D:\dump directory.

-P%%ld Incoming process id,-c executes the dump command: Echo prints thread information, thread stack, and finally exits.

Batch installation script and NTSD program I have already made the package, can download here.


3. Here's an example to illustrate the effect:

#include <stdio.h>


void Test2 ()

{

int a = 1;

int b = 0;

int c = A/b;

}


void Test1 ()

{

Test2 ();

}


int main (int argc, char** argv)

{

Test1 ();


return 0;

}

We constructed a crash with the exception of 0 errors, Test1 and test2, to demonstrate the call stack.


The stack text crawled by the method on Codego.net is as follows:


Opened log file ' D:\Dump\dump_22d4_2014-09-30_15-15-33-062.txt '

Debug session Time:tue Sep 15:15:33.063 (gmt+8)

System uptime:2 days 3:35:54.545

Process uptime:0 days 0:00:00.923

Kernel time:0 days 0:00:00.015

User time:0 days 0:00:00.000

Process Status:

. 0 id:3854 Attach Name:d:\xcb\20140808\test\coredump\dumpexamplenormalstack.exe

Thread Status:

. 0 id:3854.3138 suspend:1 teb:7ffdf000 unfrozen

Stack Status:

Error:symbol file could not being found. defaulted to export symbols for C:\Windows\SYSTEM32\ntdll.dll-

# CHILDEBP RetAddr

002DFB2C 01321038 dumpexamplenormalstack!test2 (void) +0x18

002dfb34 01321048 dumpexamplenormalstack!test1 (void) +0x8

002DFB3C 01321159 dumpexamplenormalstack!main (int argc = 1, char * * argv = 0x003ea488) +0x8

Error:symbol file could not being found. defaulted to export symbols for C:\Windows\system32\kernel32.dll-

002dfb84 76e2ee1c dumpexamplenormalstack!__tmaincrtstartup (void) +0xfe

Warning:stack unwind information not available. Following frames may wrong.

002dfb90 77ba37eb kernel32! basethreadinitthunk+0x12

002dfbd0 77ba37be ntdll! Rtlinitializeexceptionchain+0xef

002dfbe8 00000000 ntdll! Rtlinitializeexceptionchain+0xc2

Closing Open log File D:\Dump\dump_22d4_2014-09-30_15-15-33-062.txt


The debug option needs to be opened in release release, and the resulting PDB file and EXE are placed in the same directory.


This article is from the "qianc8015" blog, make sure to keep this source http://10078001.blog.51cto.com/10068001/1627723

Three steps to locate the Windows crash process

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.