How to catch Dump when the .NET program crashes? I have summarized three solutions

One: background

1. Tell a story

I have received a few crash requests in recent days. Maybe these friends have not played how to generate dumps. They can only teach by hand. It feels that it is not a way. So it is necessary to summarize. If I have a friend’s consultation in the future, I will You can throw this article away 😏😏😏, well, I probably summarized the following three ways:

• procdump -e
• procdump -> AEDebug
• Windows Error Reporting

Old readers should know that I have always admired procdump to get these things done. After all, it is a powerful and smart tool that can be crawled across platforms.

Two: Implement testable cases

From the dump samples, web programs are the most, so here I take Asp.NET MVC 5 as a case. In the RouteConfig class, I use a Timer to throw exceptions constantly, the purpose is to hang up the w3wp process. The reference code is as follows :

    public class RouteConfig
    {
        public static Timer timer;
        public static void RegisterRoutes(RouteCollection routes)
        {
            timer = new Timer(new TimerCallback(m =>
            {
                var r = 10 / Convert.ToInt32("0");
            }), null, 60000, 5000);

            routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

            routes.MapRoute(
                name: "Default",
                url: "{controller}/{action}/{id}",
                defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
            );
        }
    }

By the way, some friends must ask: Why not throw an exception in the Action? This is because the Http pipeline will package this exception into http 500, so the crash effect will not be achieved.

Next, deploy the program to IIS and run it, you can clearly see that the Windows event viewer successfully recorded the crash information, as shown in the following figure:

Three: Analysis of 3 crawling methods

1. Use procdump -e

This method is simple but not stable, because a few friends told me that procdump reported an error during the crawling process because the process has exited. Anyway, it depends on your luck. The -e here is exception . The abbreviation, please refer to the official document: https://docs.microsoft.com/zh-cn/sysinternals/downloads/procdump .

-e    Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions.

The complete reference command is as follows:

C:\Windows\system32>procdump -e -ma -w w3wp E:\test

ProcDump v10.0 - Sysinternals process dump utility
Copyright (C) 2009-2020 Mark Russinovich and Andrew Richards
Sysinternals - www.sysinternals.com

Waiting for process named w3wp...

...

Press Ctrl-C to end monitoring without terminating the process.

[21:12:08] Exception: 04242420
[21:12:08] Exception: E0434352.CLR
[21:12:09] Exception: E0434352.CLR
[21:12:09] Exception: E0434352.CLR
[21:12:09] Exception: E0434352.CLR
[21:12:09] Exception: E0434352.CLR
[21:12:09] Exception: E0434352.CLR
[21:12:14] Exception: C0000094.INT_DIVIDE_BY_ZERO
[21:12:14] Unhandled: C0000094.INT_DIVIDE_BY_ZERO
[21:12:14] Dump 1 initiated: E:\test\w3wp.exe_210525_211214.dmp
[21:12:14] Dump 1 writing: Estimated dump file size is 326 MB.
[21:12:15] Dump 1 complete: 326 MB written in 1.2 seconds
[21:12:15] Dump count reached.

From the output information, the dump file has been successfully captured. If your machine has multiple w3wp, you can replace it with pid. The reference command is as follows:

C:\Windows\system32>procdump -e -ma 9320 E:\test

2. Use procdump as the default debugger for AeDebug

Its general operating principle is: when the program has an unhandled exception, the Win32 unhandled exception filter operating system will be activated at this time. This filter will call HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug node in the registry, which is my Procdump, to send the procdump to The AeDebug node of the registry can be registered -i

-i    Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp, -d and -r are supported as additional options.

The complete reference command is as follows:

C:\Windows\system32>procdump -ma -i E:\test

ProcDump v10.0 - Sysinternals process dump utility
Copyright (C) 2009-2020 Mark Russinovich and Andrew Richards
Sysinternals - www.sysinternals.com

Set to:
  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
    (REG_SZ) Auto     = 1
    (REG_SZ) Debugger = "C:\xcode\soft\Procdump\procdump.exe" -accepteula -ma -j "E:\test" %ld %ld %p

Set to:
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug
    (REG_SZ) Auto     = 1
    (REG_SZ) Debugger = "C:\xcode\soft\Procdump\procdump.exe" -accepteula -ma -j "E:\test" %ld %ld %p

ProcDump is now set as the Just-in-time (AeDebug) debugger.

From the output information, it has been successfully sent to the registry, and then you can open the registry editor to verify.

The last step is to run the web. After 1 minute, you will successfully see E:\test . The screenshot is as follows:

From the figure, there are 2 dumps. I don't care why they are 2 dumps. I'm afraid they won't be generated. 😏😏😏

3. Generate with Windows Error Reporting

Its general operating principle is to use the Windows Error Reporting service that comes with windows to help us generate a crash dump of the program. To achieve this, you must turn on this service and configure the exe program you want to grab in the registry. The configuration is a bit cumbersome. Here is a bat script, just run it directly, simple and rude.

SET DMPPATH=E:\test
SC CONFIG WerSvc START= AUTO
NET START WerSvc
ECHO 启用完成
 
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger /f
 
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger /f
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger /f
 
ECHO 删除完成
 
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe"  /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe"  /t REG_SZ  /v DumpFolder /d   %DMPPATH% /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe"  /t REG_DWORD   /v DumpCount /d  2 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe"  /t REG_DWORD   /v DumpType /d  2 /f
 
ECHO 启用完成
 
PAUSE 

There are 3 parameters that need a brief explanation.

• DumpFolder: The storage path of dump
• DumpCount: Keep a few dump files at most
• DumpType： 0：Custom dump. 1:Mini dump. 2:Full dump

After the bat is executed, you can go to the registry to verify it.

Next, run the web. After 1 minute, you will see the generated dump file. The screenshot is as follows:

Three: Summary

For the dump of the crawler crash, these three methods can basically be foolproof. After summing up, it will save precious time for you and me😘😘😘.

More high-quality dry goods: see my GitHub: dotnetfly