Problem

How to capture a DUMP to troubleshot a CFT crash on Windows

Activation of WER Debugger

Resolution

On 64 bits systems there are 32 and 64 bits processes that need to be configured separately for debugging.

You need to have Administrator rights to configure debugging.

For reference, you can see the following link: http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx

• 32 bits processes
• 64 bits processes

Activate WER local dump in the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps]

"DumpFolder"="C:\\Temp\\WER"

"DumCount"=dword:00000010

"DumpType"=dword:00000001

"CustomDumpFlags"=dword:00000000

Each time a 32 bits process crashes a .dmp file is created in the C:\Temp\WER folder (configured in the registry).

• Crash32.exe.14800.dmp
• Crash64.exe.2172.dmp

Be sure to give full access to that folder to everybody.

Activate WER local dump in the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]

"DumpFolder"="C:\\Temp\\WER"

"DumpCount"=dword:00000010

"DumpType"=dword:00000001

"CustomDumpFlags"=dword:00000000

Each time a 64 bits process crashes a .dmp file is created in the C:\Temp\WER folder (configured in the registry).

Be sure to give full access to that folder to everybody.

As indicated by Microsoft Local Dumps are for internal debugging purpose. No information is sent to Microsoft.

The generated dump file contains mainly information on the debugged process. Since there is a small dump of memory stack, there is a very small risk to have some applicative information. Most of the time they are partial and so useless.