Local crash dumps on Vista

It appears that Microsoft decided to help customers to save full user dumps locally for later postmortem analysis. According to MSDN this is done via LocalDumps registry key starting from Vista SP1 and Windows Server 2008:

http://msdn2.microsoft.com/en-us/library/bb787181.aspx

This is a quote from the article above:

[…] Prior to application termination, the system will check the registry settings to determine whether a local dump is to be collected. The registry settings control whether a full dump is collected versus a minidump. The custom flags specified also determine which information is collected in the dump. […] You can make use of the local dump collection even if WER is disabled. The local dumps are collected even if the user cancels WER reporting at any point. […]

From my understanding it is independent from the default postmortem debugger mechanism via AeDebug registry key and might help to solve the problem with native services. I haven’t tried it yet but will do as soon as I install Vista SP1 or install Windows Server 2008 RC0. If it works then dump collection might be easier in production environments because of no need to install Debugging Tools for Windows to set up a postmortem debugger.

- Dmitry Vostokov @ DumpAnalysis.org -

5 Responses to “Local crash dumps on Vista”

  1. Gene Allen Says:

    This worked for me.

    I was able to get a crash dump by using a DebugBreak. I didn’t test it in the main service thread, but in another one.

    Just wanted to let you know.

  2. Dmitry Vostokov Says:

    There is also a Citrix article about LocalDumps: http://support.citrix.com/article/ctx118614

  3. Crash Dump Analysis » Blog Archive » Models for Memory and Trace Analysis Patterns (Part 1) Says:

    […] Visual C++ compiler does that during code optimization. On Windows 7 and W2K8 R2 I created LocalDumps registry key to save full crash dumps. On Windows XP I set Dr. Watson as a postmortem debugger […]

  4. Crash Dump Analysis » Blog Archive » Crash Dumps and Password Exposure Says:

    […] I chose Close the program and a full process memory dump was saved because I have already set up LocalDumps on my old Vista system (the problem was also […]

  5. Crash Dump Analysis » Blog Archive » Crash Dump Analysis Patterns (Part 107) Says:

    […] page heap in gflags.exe GUI. Actually 2 crash dumps are saved at the same time (we’d set up LocalDumps registry key on x64 W2K8 R2) with slightly different stack […]

Leave a Reply

You must be logged in to post a comment.