Crash Dumps

From ISoft Wiki
Jump to: navigation, search

Crash dumps are large generated files when Windows is running a program that has an error that the program cannot survive. This large file contains the entire set of memory the program was using as it crashed, including both stack (the program's running state) and heap (the generic RAM that's being used for whatever purpose the program wanted), so depending on the program it can be MASSIVE.

If these files are handed to a developer who knows the version of the program that was running, the dev can then see exactly what the program was doing at the time of the crash, which makes duplication of a crash substantially easier.

Crash dumps are only generated if the machine is asked to generate them.

Generating Crash Dump Files

These are enabled by creating a registry key for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps. There is no other way to turn on crash dumps, the user's registry must be changed. After making this change, up to 10 full crash dumps will be left in the folder "%TEMP%\crash_dump".

A crash dump will be made any time any program on the system crashes, and the dump will be named after the executable that crashed.

Crashes that come from debug binaries (which are not normally given to customers) are much easier to debug than release binaries, but both can be used.

A registry script file can be found at Enable Error Dumps.reg.

Disabling Crash Dumping

Since dump files can be quite large, they should be turned off for normal clients once you have obtained what you need. This is done by removing the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps, and then deleting the crash dump folder (in our case, "%TEMP%\crash_dump").

A registry script file can be found at Disable Error Dumps.reg.

Developer Usage

When you receive a crash dump, Visual Studio makes it somewhat easy to dig through it. Just open the dump as a solution, and it will run as one. If Visual Studio can find the files on your machine to link up to what's being seen in the crash dump, it will work just like a normal Debug run that has been paused at the time of crash.

Crashes that come from debug binaries (which are not normally given to customers) are much easier to debug than release binaries, but both can be used.