How do I obtain a crash dump

Question

I need to get a crash dump from a program. How do i get it? The Program is written in C#. What exactly is a crash dump? When is it created? Where is it saved? How do i read it?

Answer 1

Since you are saying C# I assume you are using the Windows platform.

A crashdump, or just dump, is the complete memory snapshot and other related system info of a process at a particular point in time. Dumps can be used to debug program crashes, hangs, memory and resource leaks and probably more problems I have not listed here.

In the case of crashes and hangs the first piece of data you want to obtain from a crash dump will be the callstack. This indicates the point of a crash or the point at which an operation blocked and never returned so the program sits and does nothing.

For resource leaks multiple memory dumps of a process can be collected over a period of time and examined to see which objects in memory are growing the most. This can help narrow down which parts of the code are causing the leak. To learn more about debugging specific issues I highly recommend this blog.

There are a few ways to capture a dump file.

1. Procdump (http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx)
2. Visual Studio 2010 (http://msdn.microsoft.com/en-us/library/vstudio/fk551230(v=vs.100).aspx)
3. WinDbg - Not to bad but more intimidating than other tools

With procdump you can simply do:

c:\>procdump.exe -ma YourProcessName.exe

The result of this command will be a full memory snapshot of YourProcessName.dmp written to c:\ . The -ma switch specifies dumping a complete memory image. If you are debugging a crash or hang you can likely get away without the -ma switch. Keep in mind without the full memory dump when you go to examine data structures you probably won't have valid data. Without the full memory dump you will still have callstack data which is often good enough for crashes and hangs. I typically error on the side of harddrive space is cheap so collect the full dump.

Procdump will also automatically take dumps at time intervals or when a specific condition is met. Read the documentation at the link above for more info. One switch I would recommend is -e.

c:\>procdump.exe -ma -e YourProcessName.exe

Instead of writing the dump immediately it will only write it when your program crashes.

With Visual Studio 2010 you can attach to the process with the debugger and save a dump file. (Keep in mind when you F5 debug your program Visual Studio automatically attaches). When your program is in a "break state" (breakpoint, unhandled exception, crash) the Debug menu will have the option to Save Dump As.... Then you can save that dump any where you would like.

Since you mentioned C# you are very likely collecting managed dump files. The easiest way is to use Visual Studio 2010. Simply, open up the dump file you created as you would any other file and begin debugging.

However, if that is not an option you can always use VS2008 or WinDbg with the SOS extensions. I do highly recommend Visual Studio 2010 though as SOS extensions and WinDbg in general have a pretty steep learning curve. To learn more about SOS check out these MSDN articles here and here.

Another reason I recommend using Visual Studio or procdump is that they will collect the dump file you expect. I recommend steering clear of Task Manager's "Create Dump File Tool". The reason being it will collect 64bit dumps of 32bit processes which are overly difficult to debug.

Answer 2

You can also try using WinDbg

http://www.windbg.org/

A crash dump is when the contents of RAM memory and certain parts of the processor are copied to a file. This file is created at the critical point of an error and can be used to debug the problem.

This has worked for me in the past. It's a keyboard shortcut to crash dump in windows.

* Start Registry Editor.
* Locate the following registry subkey:
      o HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\i8042prt\Parameters
* On the Edit menu, click Add Value, and then add the following registry entry:
      o Name: CrashOnCtrlScroll
        Data Type: REG_DWORD
        Value: 1
* Exit Registry Editor and then restart the computer.

http://vinaytechs.blogspot.com/2010/01/how-to-get-crash-or-hang-dump.html

Answer 3

Use ADPlus. It comes with the Debugging Tools for Windows. It'll create folders of crash dumps beneath it's home directory. You can analyse them using WinDbg afterwards.

Answer 4

On Windows XP you can create a dump file with this utility:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e089ca41-6a87-40c8-bf69-28ac08570b7e&displaylang=en

Once installed browse to the installation directory and run

userdump PID

from the command line where PID is the PID of the process you want to get a crash dump of (you can find this in task manager, but you might need to add the column to the standard view).

This file can then be opened in Visual Studio - you just need to make sure you have the symbols built.

In Windows 7 just right click on the process in Task Manager and select "Create Dump File"

Answer 5

Luke, a crash dump is a whole bag of data related to the status of your application at the moment the crash has happened, to dump it means to record all those information somewhere, typically in a text file.

a basic approach is to log the whole stacktrace when an exception happens so you could investigate later and see what method has failed and thrown which exception, what the parameter values were and so on. This is not really a crush dump but helps a lot in many cases.

There was something developed recently by MS about crash dumps and application crashes, I think it was related to Windows 7 actually...

see here: Application Recovery and Restart

http://msdn.microsoft.com/en-us/library/cc948909(v=vs.85).aspx