Rectangle 27 3

Debug Diagnostics Tool (DebugDiag) can be a lifesaver. It creates and analyze IIS crash dumps. I figured out my crash in minutes once I saw the call stack.

For further information, here's a TechNet blog article showing how to configure the DebugDiag tool to catch a crash dump: - IIS7: A process serving application pool 'YYYYY' suffered a ... iis-7 windows-server-2008 http-status-code-503
Rectangle 27 5

There is a 'dumpable' flag in the kernel for every process. When the process performs setuid or setgid (at least, in my case, when the process drops privileges) this flag gets cleared and normal users can't attach to this process with a debugger, and the process crashes also do not produce a crash dump. This is done for security reasons to protect any sensitive data obtained with elevated privileges that may be in the process memory.

To solve the problem the process can explicitly allow debugging by setting the 'dumpable' flag to 1.

prctl(PR_SET_DUMPABLE, 1);

Why ptrace doesn't attach to process after setuid? - Stack Overflow

ptrace setuid
Rectangle 27 0

MinidumpWriteDump. It doesn't even have to be called from the same process, although there are some restrictions on that.

You should also make sure you archive your application symbols appropriately if you are getting minidumps from deployed applications. See Symbol Server and Symbol Stores on MSDN.

windows - Creating process dump on the fly when it crashes - Stack Ove...

windows process dump
Rectangle 27 0

You can use procdump. It can be setup as a debugger to automatically create dumps for crashing processes.

Procdump is part of Sysinternal tools and can be found at:

Create a dump for a hung application:

Write a mini dump for a process named 'hang.exe' when one of it's Windows is unresponsive for more than 5 seconds:

C:\>procdump -h hang.exe hungwindow.dmp

Register as the Just-in-Time (AeDebug) debugger. Makes full dumps in c:\dumps.

C:\>procdump -ma -i c:\dumps

I tried on one computer and it works, but in a virtual machine, where no dev tools are installed it seems not working. Basically when executed it displays some terminal window with some text going through and then the window disappears, so I don't even have an idea what was there...

Get stack trace of a crash on Windows without installing Visual Studio...

c++ visual-studio debugging stack-trace crash-reports
Rectangle 27 0

In the first section you get a breakdown of the usage:

--- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal
Free                                    170          6f958000 (   1.743 Gb)           87.18%
<unknown>                               477           6998000 ( 105.594 Mb)  40.21%    5.16%
Stack                                   417           5d00000 (  93.000 Mb)  35.42%    4.54%
Image                                   253           3970000 (  57.438 Mb)  21.87%    2.80%
Heap                                     20            600000 (   6.000 Mb)   2.28%    0.29%
TEB                                      93             5d000 ( 372.000 kb)   0.14%    0.02%
Other                                     9             32000 ( 200.000 kb)   0.07%    0.01%
PEB                                       1              1000 (   4.000 kb)   0.00%    0.00%

Unknown would be virtual allocs.

To list the unknown memory regions you can run:

VAR as defined in the debugger.chm - Busy regions. These regions include all virtual allocation blocks, the SBH heap, memory from custom allocators, and all other regions of the address space that fall into no other classification.

Once i do !address -f:VAR what next? I just get a bunch of memory addresses. What's the best way to understand them?

Parse the crash dump in WinDbg for private bytes (other than managed h...

windbg crash-dumps memory-dump
Rectangle 27 0

You should not use vardump to dump an exception. Many Doctrine classes are interlinked, so, when you try to vardump an exception, it creates a recursion, and that is why your browser exhausts available memory and crashes.

Doctrine has a utility that allows you to dump interlinked objects and specify the level of recursion. For example, to dump an object and all linked object up to 5 levels deep use this:

\Doctrine\Common\Util\Debug::dump($object, 5);

php - How to nicely display Doctrine2 Exceptions? - Stack Overflow

php codeigniter symfony2 doctrine2 dql
Rectangle 27 0

You can use SetUnhandledExceptionFilter to catch the crash. I normally use it to create a crash dump file so that the crash can be debugged, but there's no reason you can't so some simple cleanup like removing tray icons.

c++ - A way to ensure that a system tray icon is removed... guaranteed...

c++ windows winapi system-tray
Rectangle 27 0

First, try to start MySQL with innodb_force_recovery=4 (or 5, or 6). InnoDB crashes during crash recovery process, so it's better to skip it. If it starts take a dump of all databases and re-create InnoDB table spaces.

By the way, I continue development of the recovery toolkit in . I fixed some bugs related to recent MySQL versions and made it easier to use (no need to recompile, no dependencies on unneeded libraries)

Thanks for the response. Unfortunately, MySQL does fail to start, even with the repair options: ; although it did fail in a slightly odd way for modes 4 and 5. Do you know of a resource I can use to advise as to how to recover data from the ibd files?

There are few examples in this post . What you need is: a) parse each ibd file with stream_parser b) fetch records with c_parser (you need to have CREATE TABLE statements) c) load dumps generated by c_parser into a new MySQL instance

Akonadi (KDE) crash: repair InnoDB data when MySQL can't start - Stack...

mysql crash innodb
Rectangle 27 0

It seems you have no idea where the debugger is stuck. The best approach is to get a crash/memory dump of the system when this problem happens. Then the created memory dump can be analyzed.

A memory dump can be obtained from the windows debugger windbg with the command .dump or with the tool. See the attached link for the tool.

Then load the created dump file in windbg with the -z command switch and have a look at the corresponding call stacks.

Thanks steve! I was sort of hoping to avoid going this route, since I'm no expert using WinDbg, but it seems that this might be the only approach after all!

If you provide the dump file I can have a look at it

Visual Studio 2008 hangs when debugging classic ASP - Stack Overflow

visual-studio debugging asp-classic
Rectangle 27 0

On Windows XP you can create a dump file with this utility:

Once installed browse to the installation directory and run

userdump PID

from the command line where PID is the PID of the process you want to get a crash dump of (you can find this in task manager, but you might need to add the column to the standard view).

This file can then be opened in Visual Studio - you just need to make sure you have the symbols built.

In Windows 7 just right click on the process in Task Manager and select "Create Dump File"

I highly recommend NOT using the Task Manager's "Create Dump File." On 64 bit system it creates 64 bit dumps of 32 bit processes. These dump files are pretty much useless unless you only want to use WinDbg and the WOW64 extensions:

c# - How do I obtain a crash dump - Stack Overflow

c# debugging
Rectangle 27 0

If this is an OS crash dump then use ulimit to set the maximum core size to 0.

how to disable creating java heap dump after VM crashes? - Stack Overf...

java heap freebsd dump
Rectangle 27 0

Best way to handle this is to also make a crash dump file, then a debugger (Visual Studio or WinDbg) can translate the addresses back to the correct functions for you. In my own application I create a crash dump file from code whenever I have a crash (look for the function MiniDumpWriteDump in DBGHELP.DLL), but you can also create manually a crash dump of a running application with an external utility (Task Manager from Windows, Process Explorer or ProcDump from SysInternals).

You can then easily load the dump file in the debugger, and use it to translate addresses to function names. E.g. in Visual Studio, open the disassembly window and type the address of a function.

Some other utilities use the same trick. E.g. Very Sleepy CS ( can make a crash dump file while profiling an application in an environment where you don't have the symbols ready. The resolving of addresses to function names is then done afterwards. The addresses are mapped to offsets within DLL's/EXE (by using the crash dump file), and to function names (by using the PDB file).

does creating a core dump still work if the executable given to the friend was not compiled with symbols? e.g. gcc -O2 -o foo foo.c?

No, you need symbols. Also my answer gives the solution for Windows/VisualStudio. I don't know for other platforms (but you didn't mention the platform).

c++ - How can I recover symbols from a backtrace of a release build? -...

c++ c backtrace
Rectangle 27 0

You can not debug a userspace process from a kernel crash dump. If your kernel crashed it was most certainly the fault of the kernel and not some userspace process. The kernel should always behave properly no matter what userspace process runs on it. If you want to debug a userspace process I recommend looking at ltrace, strace and gdb.

How to check the backtrace of a "USER process" in the Linux Kernel Cra...

linux crash dump coredump
Rectangle 27 0

  • The first step is to load the dump file into a WinDbg instance.
  • Next, you need to make sure you have a symbols setup.
  • Finally, you can run the command !analyze -v to get a basic analysis performed on it. You need to have symbol information available for your code to make dump files worthwhile.

The website Memory Dump, Software Trace, Debugging, Malware, Victimware and Intelligence Analysis Portal has been very informative for me. I also really enjoyed the book, Advanced Windows Debugging by Mario Hewardt and Daniel Pravat.

c++ - How to use WinDbg to analyze the crash dump for VC++ application...

c++ visual-c++ windbg crash-dumps
Rectangle 27 0

Tess Ferrandez has a great set of basic tutorials and labs to get started with Windbg. I highly recommend them.

c++ - How to use WinDbg to analyze the crash dump for VC++ application...

c++ visual-c++ windbg crash-dumps
Rectangle 27 0

If you see few objects using !dumpheap -stat, then it is likely that this dump was generated too late, or at a wrong time.

You may try to use Debug Diag or ADPlus to recapture the dump (of course you need to reset the changes in GFlags before doing that).

Sign up for our newsletter and get our top new questions delivered to your inbox (see an example).

windbg - analysis crash dump created by gflags.exe of .net 4.0 but the...

crash windbg dump sos
Rectangle 27 0

Does ~*e !pe output an exception of your interest? The long way is:

~#s, where # is the number of the thread which has an exception

windbg - analysis crash dump created by gflags.exe of .net 4.0 but the...

crash windbg dump sos
Rectangle 27 0

Solution found in parallelle with the Microsoft VS Escalation team. After analysing the crash dump and process monitor it seems that VS 2012 debugger process checks the store certificate for the Microsoft Root Authority certificate.

Since both computers where in a protected no internet environment, both of them never had been connected online. Thus, they never downloaded the Microsoft CA. Since the CA was absent from the store, it caused the debugger to hang and crash for 3.5 target framework specificly.

Here's the fix from Microsoft VS Team to bypass this check when debugging: (Add in the application app.config)

            <generatePublisherEvidence enabled="false"/>

c# - VS 2012 Debugger hangs when I try to quick watch variables - Stac...

c# .net visual-studio-2012 .net-3.5
Rectangle 27 0

Yes, if application was compiled with debug info. Open core dump in gdb and find frame containing main function. Then go to this frame and print values of argv and argc. Here is sample gdb session.

[root@localhost ~]# gdb ./a.out core.2020
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
For bug reporting instructions, please see:
Reading symbols from /root/a.out...done.
[New Thread 2020]

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/ debugging symbols found)...done.
Loaded symbols for /usr/lib/
Reading symbols from /lib/ debugging symbols found)...done.
Loaded symbols for /lib/
Reading symbols from /lib/ debugging symbols found)...done.
Loaded symbols for /lib/
Reading symbols from /lib/ debugging symbols found)...done.
Loaded symbols for /lib/
Reading symbols from /lib/ debugging symbols found)...done.
Loaded symbols for /lib/
Core was generated by `./a.out'.
Program terminated with signal 6, Aborted.
#0  0x0027b424 in __kernel_vsyscall ()
(gdb) bt
#0  0x0027b424 in __kernel_vsyscall ()
#1  0x00b28b91 in raise () from /lib/
#2  0x00b2a46a in abort () from /lib/
#3  0x007d3397 in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/
#4  0x007d1226 in ?? () from /usr/lib/
#5  0x007d1263 in std::terminate() () from /usr/lib/
#6  0x007d13a2 in __cxa_throw () from /usr/lib/
#7  0x08048940 in main (argv=1, argc=0xbfcf1754) at test.cpp:14
(gdb) f 7
#7  0x08048940 in main (argv=1, argc=0xbfcf1754) at test.cpp:14
14              throw std::runtime_error("123");
(gdb) p argv
$1 = 1
(gdb) p argc
$2 = (char **) 0xbfcf1754

It is possible to recover argc and argv for non-debug build as well. If that's what OP really wants, I can write it up.

@Employed Russian: I wold be interested to know! I have a non-debug core dump and I would like to see argv.

@misterbee Ask that question, and I'll answer it ;-) Note that the answer is architecture-specific, so be sure to say x86_64, or i686, or whatever.

Sign up for our newsletter and get our top new questions delivered to your inbox (see an example).

c++ - GDB Core dump: Recover argc argv values after crash - Stack Over...

c++ linux gdb coredump
Rectangle 27 0

Microsoft's DebugDiag tool is quite useful for monitoring processes and spitting out dump files on exceptions and crashes.

I've used this in multiple customer environments to track down problems that I could not reproduce in my own environment.

Thanks for the link. So how exactly does one use it? Does it mean that I have to install something on a customer's machine to be able to debug it remotely?

Yes, you have to install and configure this on a customer's machine. You don't get to debug, but you do get a directory full of crash dumps.

winapi - Collect crash .dmp and .hdmp files after a crash of C++ servi...

c++ winapi crash crash-reports crash-dumps