Getting full user mode dumps automatically when your process crashes

I recently got a question about if it is possible to generate full user mode dumps automatically every time the process crashes (without having debug diag or adplus installed and monitoring your system).   This would be useful for example if you are setting up a site, and you want to make sure you get dumps if it ever crashes so that you don’t have to repro the issue at that point, just to get data.

It turns out that starting with Windows Server 2008 and Vista + SP1, Windows Error Reporting (WER) will let you do just that.  It even worked on my Win 7 machine.

https://msdn.microsoft.com/en-us/library/bb787181(VS.85).aspx

The documentation here says that “Applications that do their own custom crash reporting, including .NET applications, are not supported by this feature”. 

It’s a bit hard to tell what this actually means but I think this is added here due to ambiguity about what constitutes a crash.  For example if you have an exception in an ASP.NET application that is handled by the ASP.NET error handler (i.e. showing you the yellow ASP.NET error page) that is not a “crash” since ASP.NET handles the error, and the process just continues.  However for example a StackOverflow, or any unhandled .net exceptions on finalizers or non-request threads, that cause the process to “terminate unexpectedly” will be caught by WER and produce a dump if you configure it to do so.

Setting this up

I set this up on my machine (per the article) by adding a registry key specific to w3wp.exe to monitor crashes for my ASP.NET applications

HKLMSoftwareMicrosoftWindowsWindows Error ReportingLocalDumpsw3wp.exe

Under this key I added 3 values (types and descriptions can be found in the MSDN article)

  Value Comment
DumpFolder c:mycrashdumps This is the location where the dumps will be generated, so the user that the W3WP.exe process is running under needs access to write to this location.
DumpCount 10 Maximum # of dumps in the folder, depending on the size of the process 10 dumps can take up a lot of disk space, so monitor carefully.
DumpType 2 To debug .net crashes a full user mode dump is often necessary.

I also had to disable the JIT debugger for this to work, under

         HKLMSoftwareWow6432NodeMicrosoftWindows NTCurrentVersionAeDebug

By renaming the Debugger value to Debugger-unused, and now it is producing crash dumps for stackoverflows and other unhandled exceptions.

A word of caution

As always, any modifications to the registry should only be done by trained professionals:) and only after carefully backing up the registry first etc. etc.  I take no responsibility for any issues caused by such modifications.

Also, keep in mind that as mentioned before, the dumps can get pretty big if you have processes that produce a lot of memory so be wary about the amount of disk space that this can consume.

Have a good one,
Tess