Image

(image: pixabay.com)

Application Crash Dumps on Windows

Crash dumps (aka 'memory dumps' or 'core dumps') are extremely helpful to investigate application crashes or hangups. To retrieve and to analyze those crash dumps follow the instructions below. This works on all versions of Windows beginning with Vista and Server 2008.

June 06, 2019 · Markus Fleschutz

Step 1: Enable Application Crash Dumps

Per default, no crash dump is written when a Windows application stops abnormally. To enable this perform the following:

  1. Open the Registry Editor (e.g. by executing regedit).
  2. Search for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
  3. Create the key (if not present already) by a right click.

Step 2: Make the Application crash

Reproduce the problem and make the application crash. In case the application hangs start the Task Manager (e.g. by pressing Ctrl-Alt-Delete), right click on the process and select Create dump file.

Start the Windows Explorer and locate the crash dump file in the folder %LOCALAPPDATA%\CrashDumps with the file suffix .dmp, e.g. in C:\Users\<USERNAME>\AppData\Local\CrashDumps\App.exe.3652.dmp.

NOTE: this folder contains up to 10 crash dump files only. Crash dump file #11 will replace the oldest file #1. Therefore, move crash dump files into another folder to avoid removal.

Step 3: Crash Dump Analysis

Please note that this step is for software developers only. Normally, you just send the crash dump file with a bug report to the software vendor.

  1. Double-click the .dmp file - this should start the development environment (e.g. Visual Studio) and should show basic information. Then click on Debug with Native Only (in the upper right corner)
  2. To resolve the symbols (the name of functions, methods, variables, etc.) use the appropriate .pdb files written when the software was build.
  3. Click on Call Stack (lower right corner) to view the call stack of the main thread. Select other threads to show their call stack.