Creating a crash dump of a crashing service

Once in a while it happens that processes and services crashes and when they do you will need a dump. There are some ways to do this using for instance Sysinternals ProcDump, but at some of our customers they have policy do log inactive users of the servers and since ProcDump is running interactively that will not work.

Instead you can use Windows Error Reporting to do this and the good thing… it is builtin to Windows. Here is how you do it:

  1. Start Regedit
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps (if the LocalDumps key does not exist, just create it)
  3. Create a new key with name of the process you are trying to debug, in my case Ax32Serv.exe
  4. Under the key you just created you create the settings… in my case
    DumpCount = 1
    DumpType = 2
    Which means I want one full dump. The dump will end up in the default directory %LOCALAPPDATA%\CrashDumps (all of these settings are documented in the first link below)

And now we wait…

Links
https://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx
http://blogs.technet.com/b/kristinw/archive/2012/10/03/procdump-how-to-properly-gather-dump-dmp-files-for-crashes-and-hangs.aspx