There are times when tools such as DebugDiag, ADPlus or UserDump fail to capture a dump when a process terminates unexpectedly. When that happens, we can launch the process inside the debugger to ensure that we capture a dump. Here’s how we do it:
- Install the Debugging Tools for Windows
- Copy and paste the information below into a new text file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe] "Debugger"="C:\\Program Files\\Debugging Tools for Windows\\cdb.exe -g"
- Change the CALC.EXE value to the desired process
- Change the path to CDB.EXE as needed
- Import the Registry File – no reboot is required
Once you have the information imported to the registry, you can restart the process that you are monitoring. When the process terminates, it will break back into the debugger. At this point, you can run the following command to dump out the process: .dump /ma c:\user.dmp
You can change the path and filename of the dump as needed. Remember that this method should be used in the event that other methods of capturing the dump file are not working. That’s all for today – thanks for stopping by!
– Aaron Maxwell
|Share this post :|