Each time I run a new instance of the Process Monitor, a dialog box pops up stating that "An error occurred opening snapshot", this error prevents the capturing of any events.
Pressing the capture button or Ctrl+E reproduces the error message as well
In order to resolve this error you need to clear the Logfile registry key entry.
Close all instances of Process Monitor.
Open Regedit.
Find the Logfile registry entry located under
For 64 bit version:
HKEY_CURRENT_USER/Software/SysInternals/ProcessMonitor/
For 32 bit version:
KEY_CURRENT_USER/Software/SysInternals/ProcessMonitor32/
Locate the key named 'Logfile'.
Right click on the key and
select 'Modify'.
Set the Value data to an empty string and click 'OK'.
Launch Process Monitor - the issue should be resolved.
Related
I'm trying to get log of activity of my application with WinDbg. At the moment I'm on Win10 Pro x64. The entry point of my application is 0x10004D7EC. After start of WinDbg I press Ctrl+E to select my app. I input the next command
bp 10004D7EC
then hit F5 but WinDbg says that ERROR_PARTIAL_COPY has been occured (0x12B) so it seems that loading logexts is a bad idea because there is no garanty that information will be correct. So, how to fix this or maybe I do something wrong?
I believe that you're getting the error because you are putting your breakpoint on an invalid memory location. Check in the memory/disassembly window in windbg what is at this memory location - you'll probably find nothing there.
I guess that 10004D7EC is the address of your entry point on the disk - which might be different from the entry point address at runtime. You can search for the entry point with: x <your module name>!*<your entry point name>* (i.e. x myApp!*main*)
I'd like to use Ollydbg2 to debug FLTLDR.EXE, which is spawned when my document is opened in Microsoft Word. I can't run FLTLDR.EXE manually I don't think, it seems to need to be run or hosted by Word.
I have ticked the "Debug child processes" in Olly and tried to debug Word, but an exception is raised before I can even open the document.
Any ideas?
Many thanks
For this you have to create a registry key to tell the OS that you want your app, FLTLDR.EXE, to be started with a debugger attached to it.
Follow the steps in the link:
https://msdn.microsoft.com/en-us/library/a329t4ed(v=vs.100).aspx
After setting the registry key just launch Word application. The execution of FLTLDR.EXE causes the ollydbg to start automatically. From this point you can continue debugging.
side note: receiving exceptions while attaching to some application with the debugger is normal. Most of the time Shift+F9 solves the problem and you can continue but if it's happening several times on a same address you can save the exception address and then Shift+F9...
I am running some automation script. During some point in measurement one of the process (iMPACT in my case) gives fails. This in turn invokes window7 to generate error dialogue box.
How can I automatically close or kill this process if it appears in the middle of experiment.
I have attached the screenshot of the error that appears during test execution.
Windows has a registry setting called ErrorMode that controls what happens when these types of errors occur. The default is to show the dialog boxes but you can have the system write the errors to the event log instead. Just be aware that it's a system wide setting so it affects all programs. The valid values are:
0 Errors are serialized and wait for a response.
1 If the error does not come from the system, then the system
continues in normal operating mode. If the error comes from the
system, then it is written to the system log; no user
intervention is required and dialog boxes are not displayed.
2 The error is written to the system log; the dialog box is not
displayed.
See https://support.microsoft.com/en-us/kb/124873
Is there an easy way of generating the memory dump for the crashed application?
I have a situation in which the customer received the code which is generating the crash, as the code itself has no signal handlers for the backtrace generation on abort I was wondering if there is an easy way of telling windows to generate the memory dump of the crashing application.
Ideal solution wouldn't involve the installation of the debug tools (or the code modification) but if this is not possible, it would be really helpful to know.
One simple way to dump memory when application crashes is by using windows taskmanager.
When ever an exception or an application error occurs windows pops up an memory dialog and shows the address location which was causing a crash.Before you click ok on the message box open Task Manger and right click on the crashed application and select Create Dump file.Take a look at the screen shot below.
Select the file
2)Another way of generating user mode dumps is by adding the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting >\LocalDumps\application.exe
application.exe should be replaced by the application name which is under scanner.
under this key following values can be added
DumpFolder
The path where the dump files are to be stored. If you do not use the default path, then make sure that the folder contains ACLs that allow the crashing process to write data to the folder.
For service crashes, the dump is written to service specific profile folders depending on the service account used. For example, the profile folder for System services is %WINDIR%\System32\Config\SystemProfile. For Network and Local Services, the folder is %WINDIR%\ServiceProfiles.
DumpCount
The maximum number of dump files in the folder. When the maximum value is exceeded, the oldest dump file in the folder will be replaced with the new dump file.
DumpType
Specify one of the following dump types:
0: Custom dump
1: Mini dump
2: Full dump
CustomDumpFlags
The custom dump options to be used. This value is used only when DumpType is set to 0.
The options are a bitwise combination of the MINIDUMP_TYPE enumeration values.
I have found the answer myself, the msdn specifies the debug registery in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error\LocalDumps
The following values need to be set:
DumpFolder
DumpCount
DumpType
CustomDumpFlags
The extensive documentation is available here.
If the registers do not exist it is possible to create them manually and windows will pick it up.
Also this is possible without directly modifying the registry with following steps:
Click Start, and then click Control Panel.
Double-click System, and then click Advanced system settings.
Click the Advanced tab, and then click Settings under Startup and Recovery.
In the Write debugging information list, click Small memory dump (64k).
Trying to debug a Silverlight 5 app in Internet Explorer 9 from VisualStudio 2010 (as soon as I start debugging SL5 from vs2010), I'm getting this error :
Unable to get value of the property 'h': object is null or undefined.
My question is: the App.xaml.cs constructor has the debugging stop red dot, the error pops first then reaches this debugging point, what is being executed before?
In VS2010 I click Debug > Start Debugging then I get the error window "Webpage Error" as tittle, the red x Do you want to debug this webpage? bla,bla, on the white area is the
Line: 13 Error: Unable to get value of the property 'h': object is null or undefined.
thanks
to fix the error by the way...you can try to logout from the running page on IE. (just go to upper right corner click on the name signed in as and (from the drop menu) click logout.
What happened is that I log to gmail and click on the "stay signed in". if I sign back in on the running page the error pops again.
Still would like to know the answer to my question,tho.