views:

522

answers:

1

I have to perform some post mortem debugging on a C++ project. Known way to perform is to set the cdb debugger as a minidump generator and to process the dumps collects afterwards. I read nearly the whole web and I didn't find a solution to produce a minidump with the name of the process that has crashed

Is there a way to set AeDebug\Debugger registry variable in such a manner that cdb generates a dump file with the name of the process ? When I encapsulate the call to cdb.exe in a batch file, it starts well but stays blocked on the symbol searching. I must perform a Ctrl+C in order to stop the batch, then the minidump, with the correct process name, is created... but of course I can't set up such a thing in an unattended production environment...

Has anybody done that before ?

+1  A: 

it starts well but stays blocked on the symbol searching.

What is it looking for? You can do "!sym noisy" to turn on noisy output about symbol loading. It shouldn't block forever, though--it should eventually timeout. If you fix your symbol path, that would help, too. You could set your symbol path to nothing, then it couldn't possibly be blocked loading symbols from anywhere.

About generating the dump with the process name, a colleague of mine (Jeremy) suggested this on the cdb/ntsd command line:

-c ".foreach( obj { lm 1m a @$exentry; } ) { .dump /m /u ${obj}.dmp;.dump /ma /u ${obj}.dmp; }; q"

And he also says "Make sure you use @$exentry and not just $exentry, else it'll attempt symbol resolution and bust your for loop."

But an easier way might be to use the Windows Error Reporting (WER) LocalDumps feature:

http://msdn.microsoft.com/en-us/library/bb787181(VS.85).aspx

Instead of a dump file with the process name, there will be a directory with the process name in it that contains the dump file, which may satisfy your needs. For maximum info in the dump, set the DumpType to 0, and CustomDumpFlags to 0x1B65.

Note that this feature is purely for configuring local dumps: "These dumps are configured and controlled independently of the rest of the WER infrastructure. You can make use of the local dump collection even if WER is disabled or if the user cancels WER reporting. The local dump can be different than the dump sent to Microsoft."

Also note that LocalDumps doesn't support managed processes.

Dan T