A: background
1. Tell a story
In recent days, I have received several help from Crash, maybe these friends have not played with how to generate dump, they can only teach by hand, it is not a way to do it, so it is necessary to summarize, if I have friends to consult later, I can throw this article in 😏. OK, I have summarized the following three ways:
- procdump -e
- procdump -> AEDebug
- Windows Error Reporting
Regular readers should know that I’ve always been a fan of procdump for doing this, because it’s a powerful, clever tool for cross-platform fetching.
Two: implement testable cases
NET MVC 5 as an example. In the RouteConfig class, I use a Timer to constantly throw exceptions to kill the w3wp process. The code is as follows:
public class RouteConfig { public static Timer timer; public static void RegisterRoutes(RouteCollection routes) { timer = new Timer(new TimerCallback(m => { var r = 10 / Convert.ToInt32("0"); }), null, 60000, 5000); routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); routes.MapRoute( name: "Default", url: "{controller}/{action}/{id}", defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional } ); }}The HTTP pipe will wrap the exception as HTTP 500, so the effect of crash is not as good as that of crash.
Next, deploy the program to IIS and run it. You can clearly see that the Windows Event Viewer has successfully recorded the crash information, as shown in the figure below:
Three: 3 kinds of grab way analysis
1. 使用 procdump -e
This is a simple but unstable method, because several of my friends have told me that procdump is reporting an error during the fetch process because the process is exiting. https://docs.microsoft.com/zh…
-e Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions.
The complete reference command is as follows:
C:\Windows\ System32 > Procdump -e-MA-W W3WP E:\ Test Procdump v10.0-Sysinternals Process Dump Utility Copyright (C) 2009-2020 Mark Russinovich and Andrew Richards Sysinternals - www.sysinternals.com Waiting for process named w3wp... . Press Ctrl-C to end monitoring without terminating the process. [21:12:08] Exception: 04242420 [21:12:08] Exception: E0434352.CLR [21:12:09] Exception: E0434352.CLR [21:12:09] Exception: E0434352.CLR [21:12:09] Exception: E0434352.CLR [21:12:09] Exception: E0434352.CLR [21:12:09] Exception: E0434352.CLR [21:12:14] Exception: C0000094.INT_DIVIDE_BY_ZERO [21:12:14] Unhandled: C0000094.INT_DIVIDE_BY_ZERO [21:12:14] Dump 1 initiated: E:\test\w3wp.exe_210525_211214.dmp [21:12:14] Dump 1 writing: Estimated dump file size is 326 MB. [21:12:15] Dump 1 complete: 326 MB written in 1.2 seconds [21:12:15] Dump count reached.If you have more than one w3wp on your machine, you can replace it with a pid. The following command is used:
C:\Windows\system32>procdump -e -ma 9320 E:\test
2. Make Procdump the default debugger for AEDebug
Here’s how it works: When an unhandled exception occurs, the Win32 Unhandled Exception filter on the operating system is activated, This filter will invoke the debugger configured by the HKLM Software Microsoft Windows NT CurrentVersion AEDEBUG node in the registry, namely my ProcDump, To send Procdump to the AEDEBUG node of the registry, you can register with -i.
-i Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp, -d and -r are supported as additional options.
The complete reference command is as follows:
C:\Windows\ System32 > Procdump -MA-i E:\ Test Procdump V10.0-Sysinternals Process Dump Utility Copyright (C) 2009-2020 Mark Russinovich and Andrew Richards Sysinternals - www.sysinternals.com Set to: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug (REG_SZ) Auto = 1 (REG_SZ) Debugger = "C:\xcode\soft\Procdump\procdump.exe" -accepteula -ma -j "E:\test" %ld %ld %p Set to: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug (REG_SZ) Auto = 1 (REG_SZ) Debugger = "C:\xcode\soft\Procdump\procdump.exe" -accepteula -ma -j "E:\test" %ld %ld %p ProcDump is now set as the Just-in-time (AeDebug) debugger.The output shows that it has been successfully fed into the registry, so you can open the registry editor to verify it.
E:\test dump file (s) :\test dump file (s)
It looks like there are 2 dumps, but I don’t care why it is. 😏 😏 😏
3. Generate with Windows Error Reporting
To implement this, you must enable this service and configure the exe program you want to fetch in the registry. This is a bit tedious to configure. Here is a BAT script, just run it, simple and crude.
SET DMPPATH=E:\test SC CONFIG WerSvc START= AUTO NET START WerSvc ECHO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger /f REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger /f REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger /f REG DELETE HKEY_LOCAL_MACHINE\ \ WOW6432NODE\ Microsoft\.NETFramework\ DBGManagedDebugger /f ECHO "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /t REG_SZ /v DumpFolder /d %DMPPATH% /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /t REG_DWORD /v DumpCount /d 2 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /t REG_DWORD /v DumpType /d 2 /f ECHO Enables complete PAUSEThere are three parameters that need a brief explanation.
- DumpFolder: The store path to dump
- DumpCount: Keep at most a few dump files
- DumpType: 0: Custom dump. 1:Mini dump. 2:Full dump
After BAT is executed, it can be verified in the registry.
After 1min you should see the generated dump file. The screenshot is as follows:
Three:
For crawl procedure crash dump, these three ways basically can be foolproof, after the conclusion, for you to me is to save valuable time 😘.
For more high-quality dry goods: see my GitHub:dotnetfly