WinDbg Crawl Program error dump file method

Two main phenomena of program crash:

A. When the program is running, the error window pops up, and then the error window is determined, the program shuts down directly

For example: "Application Error" "C + + Error window" "Program no Response" "Suspended animation" and so on

This type of crash features: The program has been abnormal, in you do not point out the error window of the determination or other press, all error messages are still in the memory of the PC, you can directly crawl the dump file. Of course, if you know

How to operate can let the program crash, you can also use a wait-and-catch method to grab the dump file.

B. When the program is running, the window and process suddenly disappear without any error form

Typical phenomenon: The program automatically shuts down or plays games, the game interface automatically messages and so on.

The characteristics of this crash: The program is automatically crashed, when the program crashes, all the error messages are message, if you want to crawl this crash dump, you must first set up a crawl environment, otherwise there is no

method to fetch the dump file.

These are the two most common program crashes, and the following is a way to grab a dump file using the Windbug tool.

A. Capture method one

This method features:

1. You must specify the process or PID to crawl, and the program must already be running, or you cannot catch the dump.

2. The gripping environment must be arranged before the problem occurs.

3. The dump file also appears in the normal shutdown process, so it is necessary to determine that the caught dump was generated when the program crashed.

Step1: Download the tools you need to use

WinDbg: This tool is the protagonist of the crawl dump.

Step2: Setting the WinDbg crawl environment

Run a potentially problematic program first, for example, IE, if you don't run the program first, you can't catch dump.

Then extract the downloaded WinDbg to any drive letter, such as the C drive, using the following parameters to grab the dump.

C:\WINDBG\ADPLUS.VBS-CRASH-PN Ieexplore.exe-o D:

After running this command, WinDbg will jump out of the black window to monitor the health of the process, and be careful not to close the window, otherwise the dump will not be caught.

WinDbg parameter Description:

-crash: When the program hangs out of the flash crawl dump, this parameter can only catch the program error information, if the program does not error, you can not catch dump.

-hang: When WinDbg is turned on, it is used to crawl the dump, mainly for the crawler exception, but the program does not crash, such as the CPU utilization of the process 100%.

-PN: The PID or process name of the process, if it is a process name, is case sensitive.

-o:dump the output path.

Step3: Collect dump Files

When the program crashes, the dump file will be saved in the specified output path, the dump save path in the example is D, and then package the dump file and submit it to the software official.

B. Capture Method II

This method features:

1. There is no need to specify the process or PID to crawl, nor does it require a process to set up the environment, so long as any program crashes, you can catch dump.

2. The gripping environment must be arranged before the problem occurs.

3. When the program shuts down normally, such as point X, no dump is generated, only the program crashes.

Step1: Download the tools you need to use

Step2: Setting the WinDbg crawl environment

Extract the downloaded tool to any drive letter, such as the C drive, using the following parameters to grab the dump:

C:\WinDbg\Windbg.exe-I

When running this parameter, WinDbg will pop up a hint, click OK after the WinDbg interface disappears, at this point the environment has been set up, now you need to find ways to let the program crash, such as IE crashes.

WinDbg parameter Description:

-I: Use WinDbg as the default debugging tool, note I must be uppercase, lowercase is invalid.

STEP3: Collect dump Files

When the program crashes, the wibdbg window bounces out again, using the following command to save the dump file.

. Dump-ma D:\test.dmp

When you start to save the dump file, the status information in the lower left corner becomes *busy*, indicating that WinDbg is working, and that the dump successfully written will appear after it is saved, and then

Just wait for the dump to be saved, and then package the dump file to the official software.

C. Fetch method Three

This method features:

Can be in the program after the error, directly crawl dump file, no additional settings, applicable to suddenly found an error, and not sure if you can reproduce the problem when crawling dump, this is a very important way to crawl,

It is strongly recommended that you remember.

Step1: Download the tools you need to use

Processexplorer: This tool is used to locate the process ID of the error window

Step2: Using Processexplorer to locate the process PID of the error window

Step3: Run WinDbg, crawl dump file

After running WinDbg, click "File"--"Attack to a Process", in the Popup interface, find the PID just captured, then click OK.

After the click OK, you will see the dump interface that can be crawled, and then save the dump with the dump save parameter.

. Dump-ma D:\test.dmp

WinDbg parameter Description:

-M: Save option, generate standard minidump, dump file is usually small, easy to transfer on the network by mail or other means. This kind of file is less informative, contains only system information, loaded module DLL information,

Process information and thread information.

-ma: MiniDump with as many options as possible (including full memory contents, handles, non-loaded modules, etc.), the file is large, but if conditions allow (native debugging, LAN environment), this is recommended.

-MFHUTWD: A minidump with data segments, non-shared read, write memory pages, and other useful information that contains the most information available through minidump. is a compromise solution.

WinDbg Crawl Program error dump file method