tags:

views:

133

answers:

4
Q: 

How would I go about taking a snapshot of a process to preserve its state for future investigation? Is this possible?

Whether this is possible I don't know, but it would mighty useful!

I have a process that fails periodically (running in Windows 2000). I then have just one chance to react to it before having to restart it and painfully wait for it to fail again. I didn't write the process so don't have the source to debug. The failure is seemingly random.

With a snapshot of the process I could repeatedly and quickly test reactions to the failure.

I had thought of running inside a VM but this isn't possible in this instance.

EDIT: @Jon Cage asked:

When you say a snapshot, you mean capturing a process when it's about to fail (including memory, program state etc. etc.) ...and then replaying it's final few seconds repeatedly to see what effect it has on some other component?

This is exactly what I mean!

A: 

My best bet is to start the process in a debugger (OllyDbg being my preferred tool). The process will pause on an exception, and you can try to figure out what happened shortly before that.

This needs some understanding of assembler and does not allow to create a snapshot of the process for later analysis. You would need to write your own debugger for that - it should be theoretically possible.

Treb  2008-09-26 08:31:14
A: 

Does this process write any data to event logs of OS in case it fails or succeeds ?

 2008-09-26 08:36:09
+1  A: 

I think minidump is what you are looking for.

You can also used Userdump:

The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.

This article shows you how to use it.

jop  2008-09-26 08:49:21
A: 

What are you trying to capture? UDP/TCP messages? Some inter-process communication?

The reason I ask is that it is probably easier to capture what the software is outputting (rather than the process itself) and then writing a new process to simulate those same interactions? I've being doing just that with a small python script in some of my current projects...

Jon Cage  2008-09-26 09:11:47

related questions

Html.Checkbox does not preserve its state in ASP.net MVC
Best way to save data in a Java application?
Create history of states in Java
.NET - Unit Testing Your Code and State in Your Database
GridView is scrolling back to top after row selection
How to tell if system state is idle asleep etc in vb6
Save entire desktop state?
Why does mx:states have trouble being resolved to a component implementation?
ASP.net session state service information
ASP.net session state service information
Best way to load an application like it was in its previous state when it was terminated
Good way to maintain ASP.NET Panel states?
Saving And Loading CollapsiblePanelExtender Control State Over Postback
Better way to extend restful_authentication AASM states
What are good ways to design or diagram state?
ASP.NET Session State Server - Saving Unserialized Data
Storing the state of a complex object with Memento pattern (and Command)
State and time transending logic and program flow?
Do I have to use Viewstate in ASP.NET
Web Dev - Where to store state of a shopping-cart-like object?
comparison of ways to maintain state
How can I avoid global state?
What kind of problems are state machines good for?
Accessing OpenGL state variables in Cg