How to generate windows memory dump when application crashes.? - windows

Is there an easy way of generating the memory dump for the crashed application?
I have a situation in which the customer received the code which is generating the crash, as the code itself has no signal handlers for the backtrace generation on abort I was wondering if there is an easy way of telling windows to generate the memory dump of the crashing application.
Ideal solution wouldn't involve the installation of the debug tools (or the code modification) but if this is not possible, it would be really helpful to know.

One simple way to dump memory when application crashes is by using windows taskmanager.
When ever an exception or an application error occurs windows pops up an memory dialog and shows the address location which was causing a crash.Before you click ok on the message box open Task Manger and right click on the crashed application and select Create Dump file.Take a look at the screen shot below.
Select the file
2)Another way of generating user mode dumps is by adding the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting >\LocalDumps\application.exe
application.exe should be replaced by the application name which is under scanner.
under this key following values can be added
DumpFolder
The path where the dump files are to be stored. If you do not use the default path, then make sure that the folder contains ACLs that allow the crashing process to write data to the folder.
For service crashes, the dump is written to service specific profile folders depending on the service account used. For example, the profile folder for System services is %WINDIR%\System32\Config\SystemProfile. For Network and Local Services, the folder is %WINDIR%\ServiceProfiles.
DumpCount
The maximum number of dump files in the folder. When the maximum value is exceeded, the oldest dump file in the folder will be replaced with the new dump file.
DumpType
Specify one of the following dump types:
0: Custom dump
1: Mini dump
2: Full dump
CustomDumpFlags
The custom dump options to be used. This value is used only when DumpType is set to 0.
The options are a bitwise combination of the MINIDUMP_TYPE enumeration values.

I have found the answer myself, the msdn specifies the debug registery in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error\LocalDumps
The following values need to be set:
DumpFolder
DumpCount
DumpType
CustomDumpFlags
The extensive documentation is available here.
If the registers do not exist it is possible to create them manually and windows will pick it up.
Also this is possible without directly modifying the registry with following steps:
Click Start, and then click Control Panel.
Double-click System, and then click Advanced system settings.
Click the Advanced tab, and then click Settings under Startup and Recovery.
In the Write debugging information list, click Small memory dump (64k).

Related

Rstudio tries to access parent directories where I don't have access rights and crashes

My Project is in a shared drive //company/me/project/
I have full read/write access to //company/me/
I have 0 access rights in //company/
Once in a while my Rstudio crashes with the following message
Unexpected exception: rstudio_boost:filesystem::status: Access is denied: "//company
After this i can no longer open my project via Rstudio.
The only workaround i have found is to delete .Rproj.user and create a new project in the same folder
Why is Rstudio trying to access //company/? Is there a configuration I can set to prevent this from happening?
Edit: I have noticed that this usually happens when theres a bug in my code or when I try to stop code that is running.
A possible reason can be that Rstudio (along with R), saves your session to a .Rdata (either by default or possibly because you clicked "Yes" when it asked to save the workspace to .Rdata). R does this to track reproducibility of a session i.e. to determine the last state when Rstudio was closed (or crashed in your case).
And now its trying to restore an exception , which cannot be reproduced as it requires opening up the file and running it (and opening it, is what you want in the first place).
Note that as per RStudio Documentation: .Rproj.user also stores project-specific temporary files (e.g. auto-saved source documents, window-state, etc.).
A recommended solution to this is to set option for never saving the session data i.e. every time Rstudio starts , it is starting with a clean slate for your project. If you are concerned about loosing the commands you ran in your last session , set the option of Always Save History (Even when not saving .RData). See the image below to set things as a default (sourced from Hadley's Comment):
The same settings are also present for a Project too:

settingcontent-ms file tag meaning

Windows 8 has a feature: it can launch an application from the search panel (on the right side of the screen). It works like following:
Developer registers his or her application following this instruction. It is a bit legacy instruction, but the project I participate in uses this way to register its settings.
At user logon Windows creates (if none exists) a special .xml file in C:\User\<UserName>\AppData\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US with content shown below. This file has extension settingscontent-ms
As soon as user clicked on this file, the system launches the specified application (actually explorer calls for it, as I discovered by ProcMon).
Xml file content:
<?xml version="1.0" encoding="UTF-8"?>
<PCSettings>
<SearchableContent xmlns="http://schemas.microsoft.com/Search/2013/SettingContent">
<ApplicationInformation>
<AppID>windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel</AppID>
<DeepLink>%Canonical name or application path%</DeepLink>
<Icon>%App path%,-%Resource number%</Icon>
</ApplicationInformation>
<SettingIdentity>
<PageID>%GUID as in instruction above%</PageID>
<HostID>{7E0522FC-1AC4-41CA-AFD0-3610417A9C41}</HostID>
<Condition>shcond://v1#RegkeyExists;0;Regkey;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\%GUID as in instruction above%</Condition>
</SettingIdentity>
<SettingInformation>
<Name>#%App path%,-%Resource number%</Name>
<Description>#%App path%,-%Resource number%</Description>
<HighKeywords>%App decription%</HighKeywords>
</SettingInformation>
</SearchableContent>
</PCSettings>
We can see node with the name HostID. Windows writes specified in code GUID to this node, but it breaks the ability of my application to work. If I try to execute my app through this "shortcut" by clicking on xml file or chosing my app in search panel, the system shows me a message: "Unspecified error".
When I manually change the HostID value to {12B1697E-D3A0-4DBC-B568-CCF64A3F934D}, it starts to wrk fine.
I looked through registry in order to find something about these two GUIDs, but I didn't find anything. Also I looked for the difference between registry values corresponding to my app and to another, but working, app and didn't find any significand differences too.
Also I tried to delete this file and login into the system under ProcMon, I caught some moments: explorer tries to open the file and fails with ERROR_FILE_NOT_FOUND, explorer creates missing file, reads registry and writes something to created file, then it closes the file. But I didn't find anything interesting in between of these messages, that can help me to solve my problem.
I found out that registry key HKEY_CLASSES_ROOT\CLSID\%App GUID%\System.ApplicationName contains exactly the same with DeepLink tag (it was the first error in my app - specified key was empty), but the proble with "wrong" HostID remains.
Does anyone know, what it is and how to make Windows to write the rigth GUID to this tag, or at least some useful info about this tag? I just can't imagine anything else to change, but I think, that I need to change something in corresponding to my app registry keys.
I found the solution: just put app's GUID (the same as in PageID) into DeepLink.
To do this, you need to write this GUID as string value to HKEY_CLASSES_ROOT\CLSID\%App GUID%\System.ApplicationName.
That's the solution. However, I haven't found the meaning of HostID tag :(

Why does building in Xcode overwrite my SQLite database?

First of all, I'm not using Core Data, I'm using SQLite only.
I save the data in the table and then query them by opening the app and looking at the data using SQLiteStudio. I even create a LOG to check that the data is saved, and yes, it is saved.
But when I STOP and run the simulator again to consult, there is no more data!
Is Xcode overwriting the database every time? Or is something else happening that is outside my limited knowledge?
Without knowing more about how your application is setup, how you've got your app configured to build, or how it operates on the SQLite DB file in question I'll only be able to offer some pointers in things you can go check out about your code and build configuration that may be the source of your phantom deletions. Of course, if you have other info to provide, I'd be happy to edit my answer!
Case 1: 'Create DB' always running?
One thing that may be tripping your app up is what happens leading up to the decision to create a new SQLite DB file or look/open an existing file. If the code creating an empty DB is always running, then each time your app starts, your old DB file is getting overwritten with a blank DB.
Case 2: Using a 'starter' or 'template' empty database?
Sometimes developers may provide a blank database that contains the initial database schema (the general tables and structure) as well as some default or sample data. If your app does this, perhaps the logic leading up to the decision to apply that default database is accidentally always being triggered? If so, use of NSUserDefaults to record a boolean indicating the DB was successfully created may be an avenue to use to skip past the 'Load my starter DB' code. Alternatively, you could check for the existence of your DB file, or see if the contents of a specific table are different from the template data, etc.
Case 3: Different Behavior between 'Build & Run' vs. 'Run Without Building'
There's a not-so-well-known option in the Product > Perform Action menu labelled 'Run without Building' that will essentially kickoff another Debug session using the version of the application you just finished running in the Simulator or on Device. When you use this option do you see any different behavior with your database or is it still blank?
Case 4: Different Behavior when run directly in Simulator outside of an Xcode debugging session?
Part of the 'Run' operation is a build phase which may trigger the 'Copy Resources' phase even if your app hasn't changed since the last execution (as you suggest is the case in your question). If you are providing a stock 'default' or 'template' DB file and your app is simply opening and editing that 'template' during the first execution of your app, then Xcode may be replacing it with a clean copy on the subsequent 'Run' operations where 'Copy Resources' is happening. A way to test this avenue:
Build and Run your app to the simulator using Xcode like normal.
Perform some operations that would result in the creation or editing of data in your app's database.
Click the stop button in Xcode to return to the Simulator home screen.
Double-click the home button on the simulator (or if there is no home button, press CMD+SHIFT+H twice to bring up the multitasking bar and force-quit out of your application.
Check and see if your DB file has data in it.
If no data, then there is an issue persisting your changes into the database and we need to get that problem solved first. Otherwise:
Relaunch your app directly from iOS Simulator and perform different operations that would result in more or different changes to the database.
Click on the home button to return to the iOS Home Screen.
Force-quit your appellation as was done in Step 4.
Check and see if your DB file data has changed (but still has data) or has blanked out.
Finally, make sure you are following Apple's guidance about where to store user-data, if you are inadvertently storing something in an incorrect file path doesn't typically result in blanking of data, it may be prohibiting writing of data which could be interpreted as your data getting overwritten especially if you are interrogating it while it still is residing in an in-memory process. There's some really useful guidance about file paths in the Table 1-1: (http://developer.apple.com/library/ios/#documentation/FileManagement/Conceptual/FileSystemProgrammingGUide/FileSystemOverview/FileSystemOverview.html)
Locating your Simulator App on your Mac's Hard Drive
To be thorough (and you may already know about this!), iOS Simulator applications are stored on your Mac's hard drive just like other files on your machine. Their organization mimics that of a physical iOS device. To get to your App and its data:
Open a new Finder window.
Press CMD+SHIFT+G or choose 'Go to Folder' from the 'Go' menu.
Paste the following into the 'Go to Folder' box then click 'Go': ~/Library/Application Support/iPhone Simulator/
Select the folder that matches the iOS version of the simulator you built to.
Click on Appications.
You'll then be presented with zero or more folders, each folder that appears will have a string of digits separated by hyphens. Navigate through this list until you find the one containing your app. You can then browse, and copy data out of this folder to somewhere to be examined by other tools on your Mac.

How can I export windows event logs with verbose messages

I have been searching the web and cannot seem to find a good answer on this.
I sort of understand the cause but need some help on the solution.
I use the following command to export windows system logs. I want/need them to be in evtx format for later use.
wevtutil epl system c:\SystemEvents.evtx
The goal is to send them to other people which will not be viewing them on the same server.
This of course cause the full event text to not be part of the exported log and the user will see something like this:
The description for Event ID XXX from source Server Administrator
cannot be found. Either the component that raises this event is not
installed on your local computer or the installation is corrupted. You
can install or repair the component on the local computer.
If the event originated on another computer, the display information
had to be saved with the event.
The following information was included with the event:
I was reading this page:
http://technet.microsoft.com/en-us/library/cc749339%28WS.10%29.aspx
and found this snip of info in it:
To troubleshoot events that were logged on a remote computer, you must
export and archive the log with the display information. The display
information for the saved events is stored in the LocaleMetaData
folder and should be moved with the log information when the
information is viewed on another computer.
I do not understand what location (or process) this statement is referring to.
There is no LocaleMetaData folder anywhere on the server so I am assuming that I need to somehow create and export some additional data along with the evtx file for it to then re-merge back on the viewing system.
Am I on the right track here and could someone tell me how to fully export the event log this with will full verbose messages?
I found the answer:
When you use this:
wevtutil al <FileName.evtx> [/l:<LocaleString>]
to export... the location of where the .evtx folder ends up, there will be a LocaleMetaData folder created with the .MTA file inside.
try this one out:
This explains the step to use Event Viewer to export windows log event .
https://www.ibm.com/support/pages/exporting-windows-event-logs-event-viewer

How to get ONLY w3wp instances when specifying performance counters for Perfmon/LogMan on Windows?

Hopefully this question has a simple answer i'm overlooking! I have an IIS webserver with multiple sites on it. In Perfmon, they show up as w3wp#1, w3wp#2, etc... I'm writing a Logman script that will collect performance counter data using the counters/instances that I specify and I want to ONLY collect any w3wp worker processes.
I've tried a couple ways, but no luck:
\.NET CLR Memory(*w3wp*)\
\.NET CLR Memory(w3wp#*)\
\.NET CLR Memory(w3wp*)\
I've looked at the documentation here, and it seems like it claims to support wildcards, but not partial matches. I'm not sure what to make of that. Is there any way accomplish what I want? Hope I explained this well enough. Let me know if more details are needed.
Thanks!
There is a way to display the instance by appending Process Id to it. Since ProcessId do not change it helps determining the correct instance. This post describes the method - Perfmon: Identifying processes by PID instead of instance.
Relevant part from the link:
Making below registry change will display processes in the format of **ProcessName_PID** instead of **ProcessName#1**.
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance
On the Edit menu, click New, and then click DWORD Value.
Right-click New Value #1, click Rename, and then type ProcessNameFormat to name the new value.
Right-click ProcessNameFormat, and then click Modify.
In the Data value box, type one of the following values, and then click OK:
1: Disables PID data. This value is the default value.
2: Enables PID data.
Exit Registry Editor.
Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Important: If you enable this feature, you may be unable to monitor process-specific information by using third-party utilities or custom-made programs, and this functionality may change at any time in the future without notice.
Hope it helps someone.
I came up with a custom batch script that find the application pool ID, PID, and associates it with the IIS worker process in question. From there, I can manually FIND and REPLACE a generic placeholder in my perfmon configuration file to start collecting for the specific site(s). I can supply some details if there is interest.

Resources