KB Article #177738
How to capture a DUMP to troubleshot a CFT crash on Windows
Problem
How to capture a DUMP to troubleshot a CFT crash on Windows
Activation of WER Debugger
Resolution
On 64 bits systems there are 32 and 64 bits processes that need to be configured separately for debugging.
You need to have Administrator rights to configure debugging.
For reference, you can see the following link: http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx
- 32 bits processes
- 64 bits processes
Activate WER local dump in the registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpFolder"="C:\\Temp\\WER"
"DumCount"=dword:00000010
"DumpType"=dword:00000001
"CustomDumpFlags"=dword:00000000
Each time a 32 bits process crashes a .dmp file is created in the C:\Temp\WER folder (configured in the registry).
- Crash32.exe.14800.dmp
- Crash64.exe.2172.dmp
Be sure to give full access to that folder to everybody.
Activate WER local dump in the registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpFolder"="C:\\Temp\\WER"
"DumpCount"=dword:00000010
"DumpType"=dword:00000001
"CustomDumpFlags"=dword:00000000
Each time a 64 bits process crashes a .dmp file is created in the C:\Temp\WER folder (configured in the registry).
Be sure to give full access to that folder to everybody.
As indicated by Microsoft Local Dumps are for internal debugging purpose. No information is sent to Microsoft.
The generated dump file contains mainly information on the debugged process. Since there is a small dump of memory stack, there is a very small risk to have some applicative information. Most of the time they are partial and so useless.