views:

419

answers:

3

From http://support.microsoft.com/kb/317277: If Windows XP restarts because of a serious error, the Windows Error Reporting tool prompts you...

How can my app know that "Windows XP has restarted because of a serious error"?

+2  A: 

You can look for a memory or kernel dump file with a recent creation time, if dump file generation has been enabled (or, rather, not disabled since it's on by default.)

Mihai Limbășan
+6  A: 

Note: this is a good question for a code-challenge

Here are some executable codes, but feel free to add other solutions, in other languages:


The uptime might be a good indication:

net stats workstation | find /i "since"

Now link that information with a way to read the windows event logs, like, say in PowerShell:

Get-EventLog -list | Where-Object {$_.logdisplayname -eq "Application"}

And look for the last "Save Dump" messages

As Michael Petrotta said, WMI is a good way to retrieve that information.

Based on the update time, you can make a query like:

Set colEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where LogFile = 'Application' AND
    TimeWritten >= '" _
    & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")

to easily spot an event log with a "Save Dump" message in it, confirming the crash.

More in the Win32_NTLogEvent Class WMI class.


Actually, this Microsoft article Querying the Event Log for Stop Events does give it to you (the complete request):

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
     ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'System'" _
     & " AND SourceName = 'SaveDump'")
For Each objEvent in colLoggedEvents
    Wscript.Echo "Event date: " & objEvent.TimeGenerated
    Wscript.Echo "Description: " & objEvent.Message
Next
VonC
+8  A: 

Restarts resulting from a BSOD are reported in the event log. Use the libraries in your favorite language to search the log for errors. In .NET, for instance, you'll want to look to the System.Diagnostics.EventLog class. WMI may offer a more flexible way to search the log.

Michael Petrotta