Do not collect 32bit process’ dumps with 64bit task manager


What is a dump file?

A dump file is a snapshot of a process' memory written on the disk. You can use a dump file to troubleshoot several issues including crashes, hangs and performance problems. Basically, you collect "crash dumps" if a process quits unexpectadly or "manual dumps" if there is a hang or performance issues with the process.

How to collect dumps

For crash dumps, you can configure a debugger, such as Debug Diagnostic Tool or ADPlus which ships with Debugging Tools For Windows, to capture dumps when a process crashes. For performance or hang issues, you need to collect hang dumps. A hang dump is also known as manual dump because you don't create a crash rule to capture for a spefic event (crash or first chance exceptions, etc...), instead you tell debugger to collect the dump at that time and the process is written to the disk.

A rule of thumb when collecting dump files is to use the correct version of the debugger which matches the architecture of the target process. For example, if your OS is 64bit and your target process which you would like to debug is 32bit then you need to use 32bit debugger, or, if you need to collect a dump of 64bit debugger, then you need to use 64bit debugger. If you collect a dump using wrong debugger version then you will probably see unreasonable callstacks when you try to debug your process in WinDBG and probably you will waste your time.

Task Manager as a way for collecting dumps

Starting with Vista (of course Win 7 and Win Server 2008 also supports) operating system, you can collect a process' dump using task manager. Most of the time collecting dumps using task manager is the easiest way to capture dumps because you just right click on a process name and choose "Create Dump File". Please see the sample screenshot below:

Collect correct dumps using the correct version of the Task Manager

The rule I mentioned above also applies to the task manager. So, you need to use 32bit debugger, if you would like to collect a dump of a 32bit process. So, if your process is 32bit, then you need to run 32bit version of the task manager on a 64bit OS. 32bit task manager is located in C:\Windows\SysWOW64 folder and the name of the file is taskmgr.exe.

How to understand if a process is 32bit or 64bit

If you do not know how to figure out if a process is 32bit on a 64bit OS, then open a task manager (either 32bit or 64bit) and then check the process name. If you see *32 near your process name, then it is a 32bit process.

Happy debugging...

--
AMB

Comments (6)

  1. Nachiket says:

    Nice blog Ahmet. Is there a way to find if a crashdump was created using a 32bit or 64bit task manager?

  2. jy says:

    it's very nice info. for me!!

  3. Jon Ross says:

    Why isn't the choosing of 32 or 64 bit automatic yet? It seems like bad UX design to require users to figure out if they are in 64bit or 32bit mode before they make a dump file. At the very least it should ask you when you are in the 64bit taskmanager if you want to make a 32 or 64 bit dump, or it could just make both to be on the safe and easy side.

  4. @Jon Ross – Good point and I agree with you – Although it is not a handy tool (when compared with task manager, of course) like task manager but Debug Diagnostic 1.2 makes it automatic and collect 32bit or 64bit dump of the process based on the architecture.

  5. Sivaraman says:

    What dump does it create? Hang Dump or Crash Dump…

  6. @Sivaraman – it creates a hang dump. A crash dumps is not created manually, you need to use a tool (Debug Diagnostic, adplus, WER, etc…) to create a "rule" and capture a crash dump.

Skip to main content