Data Collected By Windows Error Reporting (For Hangs, Part 1)


Hang Reporting is a special mode of Windows Error Reporting (WER) for collecting data to help diagnose why an application has stopped responding.  For most people, it looks like this:


Hang Reporting 


When the user clicks “Close the program” on this particular dialog, data is collected about the application and sent to Microsoft before it is terminated.  However, it is not apparent from the dialog exactly what is being collected.  The reason it is not readily available is that the user has already given permission to send this information (usually via the license agreement with the OEM install or similar).  As a result, WER is trying to not overwhelm the user with information.


Data Sent By WER


To see what was sent, users can go to the WER archives (unless group policy or the OEM install settings prevent keeping these archives).  In Windows 7, the WER archives are available through the control panel: Type in “Reliability” in the control panel search function, and click on “View reliability history”.  At the bottom of this screen is a link for “View all problem reports”, where you will find the WER archive.  Since some reports contain data from privileged processes, you may need to have administrator permission in order to view some reports.


Each report contains a lot of cryptic information whose meaning may not be readily apparent.  The following blog post explains many of the fields: Let There Be Hangs: Part 4 – Hashes and Type Codes and XProc, Oh My!.


There are two sections of interest to users:



  • Problem signature


    • Data here attempts to uniquely identify the hang, but is not useful for diagnosing why the hang occurred

    • The ability to uniquely identify hangs allows the backend to be more intelligent about which data to gather

  • Files that help describe the problem


    • This section is not always present, as sometimes it is not needed by the backend

    • Contains dumps of hung process(es), to be used by developers to diagnose why the hang occurred


      • Dumps require symbols to be of any use; typically, only the developer of an application has access to their own symbols

    • Contains metadata about other factors in the system that may have contributed to the hang

    • Sending more detailed data used for diagnosis (such as dumps) can be obstructive to the user.  Since the developer typically only needs a small handful of this detailed data, not every user in the world who experiences the hang needs to send the detailed data.

Changing WER Consent Settings


To see this data directly on the WER dialog when the hang happens, users can change WER settings to require explicit consent be given before the data can be sent.  To change this setting, go to control panel: System and Security -> Action Center -> Maintenance (dropdown) -> “Settings” (under “Check for solutions to problem reports”).  Select the setting “Each time a problem occurs, ask me before checking for solutions” to enable this mode.


With this setting, Hang Reporting will look like this:


Hang Reporting for WER with DefaultConsent=1


Clicking on “View problem details” will show how the hang has been uniquely identified.


If the user clicks on “Check for a solution and close the program”, the hang will be reported to Microsoft.  If Microsoft has flagged that particular hang as one where more data is necessary to diagnose the hang, the user will be presented with another confirmation dialog to given consent for uploading the additional data.


WER DefaultConsent 1 Send Additional Data 


Clicking on the “View Details” link on this dialog allows the user to see exactly which data is being uploaded.  The user is free to investigate each file listed before giving final consent to upload.


Comments (0)

Skip to main content