Windows Process crash Problem location method

Source: Internet
Author: User

A process crash on Linux typically generates a core file that can be viewed with GDB open and then executed with the BT command. On the Windows platform, we typically use minidumpwritedump for stack dumps, which requires some understanding of the system APIs and some code writing. This paper summarizes a method that can record the process crash stack without coding, based on the actual project experience.

Introduction: Memory and stack dumps using the NSTD tool for process crashes.

    1. Open the Debug option when compiling the release version and publish the EXE and PDB files together.

2. Use the batch command to set the debugger that the Windows system calls when the process crashes NTSD

@reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"/V "Auto"/t reg_sz/d "1"/F

This batch instruction, set AeDebug call before the need to bounce message box confirmation? The default is 0, and setting 1 means the auto process does not bounce confirmation box. If you have installed visual Studio, you may have encountered the following bullet boxes:

This is the process by which vs sets the AeDebug debugger, encounters a process crash, and then the box confirms whether to attach to the process for debugging.

Then set the debug dump directive for NTSD:

@reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"/V "Debugger"/t reg_sz/d "D:\Dump\ Ntsd.exe-p%%ld-e%%ld-g-C \ ". dump/ma/u D:\Dump\dump.dmp;. logopen/t D:\Dump\dump.txt;. time;. Echo Process Status: ; ^|; . Echo Thread Status:; ^~;. Echo Stack Status:; KPN; logclose; Q\ ""/F

I copied the NTSD program to the D:\dump directory.

-P%%ld Incoming process id,-c executes the dump command: Echo prints thread information, thread stack, and finally exits.

Batch installation script and NTSD program I have already made the package, can download here.

3. Here's an example to illustrate the effect:

#include <stdio.h>void  test2 () {     int1;      int 0 ;      int c = A/b;    } void test1 () {    test2 ();} int Main (intChar* * argv) {    test1 ()    ; return 0 ;}

We constructed a crash with the exception of 0 errors, Test1 and test2, to demonstrate the call stack.

The stack text crawled by this method is as follows:

Opened log file ' D:\Dump\dump_22d4_2014-09-30_15-15-33-062.txt ' Debug session time:tue Sep 15:15:33.063 (gmt+8) Sy Stem uptime:2 days 3:35:54.545process uptime:0 days 0:00:00.923 Kernel time:0 days 0:00:00.015 User time:0 days 0:00  : 00.000Process Status:.  0id:3854attachname:d:\xcb\20140808\test\coredump\dumpexamplenormalstack.exethread Status:.  0 id:3854.3138 suspend:1 teb:7ffdf000 unfrozenstack status:*** error:symbol file could not being found. defaulted to export symbols for C:\Windows\SYSTEM32\ntdll.dll-# ChildEBP retaddr xx 002dfb2c 01321038 Dumpexamplenorma Lstack!test2 (void) +0x1801 002dfb34 01321048 dumpexamplenormalstack!test1 (void) +0x802 002dfb3c 01321159  Dumpexamplenormalstack!main (int argc = 1, char * * argv = 0x003ea488) +0x8*** Error:symbol file could not being found. defaulted to export symbols for C:\Windows\system32\kernel32.dll-03 002dfb84 76e2ee1c dumpexamplenormalstack!__ Tmaincrtstartup (void) +0xfewarning:stack unwind information not available. FoLlowing frames may be wrong.04 002dfb90 77ba37eb kernel32! basethreadinitthunk+0x1205 002dfbd0 77ba37be ntdll! rtlinitializeexceptionchain+0xef06 002dfbe8 00000000 ntdll! Rtlinitializeexceptionchain+0xc2closing Open log File D:\Dump\dump_22d4_2014-09-30_15-15-33-062.txt

Remember: The debug option needs to be opened in release version, and the resulting PDB file and EXE will be placed in the same directory.

If you are looking for a memory leak, refer to my other blog post. If you need to use Google to query technical questions, you can use here.

Windows Process crash Problem location method

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.