We have configured WER (Windows Error Reporting) to create dumps every time some applications crash.
It normally works but we have found several scenarios where it does not work. We will take as an example Winword.exe:
On some cases the process simply disappears. No window, no event log, no crash dump. Nothing.
On other cases a window telling you that the application has stopped working appears but automatically the application gets restarted and no crash dump is generated too.
Other times the application ends as expected with the "Application stopped working" and it works normally.
Any idea about why this happens and how to trap these crashes and generate a dump?
Related
I have a simple batch script running constantly on a Windows 10 PC at work that performs relatively simple tasks over and over again throughout the day, basically testing certain server diagnostics while I'm working on it.
Every once in a while, the program will crash, so I have another program I downloaded that will auto-start up the program if it does crash and close.
However, there is one scenario where instead of the program just crashing and closing completely, a message box will pop up saying the program has stopped responding, with a 'Close Program' button. In this case, the auto-start program I have thinks the program is still running, so it won't attempt to re-run the batch script.
Is there a way to auto close the program when it crashes this way, or something that will automatically click the 'Close Program' button for me when it appears?
I suspect the messages comes out when the main thread hangs for too long. It may be cleaner to spawn another thread to take care of expensive / slow computation, Windows should not bother to kill the main thread (and your program) in first place like that.
I want to capture a stacktrace of an application which sometimes stops responding for few minutes.
When the application stops responding, the windows desktop also stops responding to mouse clicks, although some other already running applications are working fine at that time (for example windbg works fine, ProcessExplorer refreshes its screen, but does not respond to mouse events).
While the application is non responsive, it is actually taking about 80% of one CPU core. That is why I would like to get a stacktrace.
The misbehaving application usually takes about 2-3 minutes to do its strange job or if Ctrl+Esc is pressed it becomes responsive immediately (and the start menu opens of course...)
I have WinDbg attached to the misbehaving application and when I issue the Break command, the break-in does not happen until the application starts to respond again.
From what I understand the break-in actually creates a remote thread which pretty soon calls DbgBreakPoint.
What could be preventing debugger's thread from executing?
EDIT:
First of all thanks for your help!
I was also thinking that this might be caused by a bad device driver or something that installs a system wide hook somewhere.
I was thinking to enable kernel debugging and get a stack trace from the kernel for the offending thread or enable manual bluescreen trigger to produce a dump and look at that afterwards.
Process Explorer and Process Monitor does not reveal anything interesting. They also become unusable when the bug is triggered (updating their windows but not responsive to mouse or keyboard).
EDIT2:
Background info:
App uses QT, OpenGL and also DirectSound and runs on Windows 7 SP1 x64
I am currently suspecting something with the graphics part.
The strange thing is that if a system-wide lock is taken (like GDI Lock), this would prevent drawing of other Windows, but that does not happen. WinDbg on same machine works fine. ProcessExplorer updates but does not receive mouse clicks, Desktop updates but no mouse clicks.
I currently have a kernel debugger attached...
EDIT3
ETW was most useful for debugging. It turns out that Qt's main event processing loop goes crazy. PeekMessage and MsgWaitForMultipleObjectsEx (with 0 timeout) gets called in a tight loop. That is where the high CPU usage comes from.
It looks like the App is generating/getting loads of messages at that time. But it is not easy to see what the messages are (or I don't know how to access function parameters in ETW). Using a debugger also does not help much but, with a breakpoint in the QT's event loop leads me to believe that WM_TIMER messages are the culprit.
Given that the desktop also misbehaves during this time, it sounds like your app isn't necessarily misbehaving but merely aggravating a bug elsewhere (e.g., in a device driver or some crummy anti-malware code that has injected itself into other processes). Stack traces from your app may or may not be very revealing.
If the problem is easily reproducible, I'd set a breakpoint somewhere in the "middle" of the app and see if the problem happens before or after that. Then move the breakpoint until you find the last instruction your app executes before things go bonkers. Figuring out what your app does that triggers this behavior may give a clue as what's going on.
Another option is to try using some system-wide debugging tools. First, I'd peak in the Event Viewer to see if there are suspicious error or warning events posting in proximity to the moment the machine goes haywire. Then I'd try a tool like Sysinternal's Process Monitor or Process Explorer to get a better view of what's happening. You might also try ETW to capture a system-wide trace of what's happening on the system that you can study after the fact. (ETW can be hard to use, so check out Bruce Dawson's UIforETW.)
Use ETW to find the cause. Install the Windows Performance Toolkit (part of the Win10 v1511 SDK: https://go.microsoft.com/fwlink/p/?LinkID=698771 which is the last version that works in Win7), run WPRUI.exe, select CPU Usage and click on Start.
After you captured the hang, click on Save. Wait until WPRUI is finished, open the ETL in WPA, setup and load debug symbols in WPA.
Drag & Drop the CPU Usage (Precise) graph to analyse pane and look for WAIT (µs) max for your process to see that long hang and expand the stack to see where it happens.
Win7 Directx 11 with VS 2012 -- When I let my app run in full screen on my development computer, eventually, the program exits full screen back to windowed, all by itself, and pops up a dialog telling me windows resources are running low. The dialog tells me something about turning off interactive themes or something to that end. When I run the program in release mode on one of our client machines, the app runs fine, does everything it should, but after a while, instead of popping up the dialog about windows resources, I get an exception window with exception 0x40000015 as the error. This only happens if I am in full screen, windowed, it never crashes. Event Viewer shows nothing at all about the crash. Any thoughts?
Thanks in advance. Basically what my app is, is a wrapper graphics library. When it says I am using all the resources, my resource monitor shows that I never went above 20% of memory and the cpu never went above 14%. The 0x40000015 error number is rather general and doesn't exactly point me in any real direction.
This is not related to trying to exit an app in full screen, as that I have the code required to prevent the exception related to that problem.
R
It turned out to be a component issue on the target platform. The ReportLiveDeviceObjects info was helpful and will continue to help down the line.
I have a hub application that is responsible for handling the launching of three other programs. I am having considerable difficulty with this - When I launch one of the three alone, everything is fine; when I try to run them from the main hub application, they crash.
I need to figure out how I can keep the hub open, and open the process I start with the debugger after it launches right off, so I can catch the issues and debug it properly.
To give an example for how I am starting the processes from the main program -
this.Hide( );
Process.Start( FilePath).WaitForExit( );
Process.GetCurrentProcess( ).Kill( );
Visual Studio has a setup that allows it to debug any application that crashes before calling ExitProcess() and in case the process threw an exception, if the exception is not caught (i.e. try + catch(...) + exit(1)).
I always let the installer turn on that feature, but if you have it turned off, you should be able to turn it back on by going in the settings. Once one, on a crash, you get a message box asking you whether you want to debug the crashing process.
I have a small Win32 console application and when executing from the debugger the console takes about five seconds to appear. If I place a breakpoint on the last line of main, the break point is hit immediately, so the application is already finished but the console does not appear for about five seconds. I have removed all my breakpoints using 'Remove All Breakpoints', restarted Visual Studio. No dice. The console appears very quickly launching outside of the debugger, using CTRL-F5. Any ideas?
Thanks
Debugging an application causes all sorts of notifications to be sent to the debugger - all DLL loads, thread creates, etc. The debugger may be loading symbols during this time as well. All of this will slow down the launch of the process and it'll take longer to get to the point where it creates the console.