1. #1
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    14,528

    Collecting User Mode Dumps/ Windows Error Reporting (WER)

    Starting with Windows Server 2008 and Windows Vista with Service Pack 1 (SP1), Windows Error Reporting (WER) can be configured so that full user-mode dumps are collected and stored locally after a user-mode application crashes. Applications that do their own custom crash reporting, including .NET applications, are not supported by this feature.

    This feature is not enabled by default. Enabling the feature requires administrator privileges. To enable and configure the feature, use the following registry values under the

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps key.
    http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx


    WER Settings - http://msdn.microsoft.com/en-us/libr...8(v=vs.85).asp

    https://www.google.com/search?num=10...crnk_fspiked.1.




    Courtesy of John Carrona -

    Russinovich uses the dps command to find 3rd party drivers that arent evident in the stack. It's in the last section (the one on BSOD's) here:

    The Case of the Unexplained 2010...Troubleshooting with Mark Russinovich -

    http://channel9.msdn.com/Events/Tech...pe/2010/WCL301

    Great stuff, John!
    Vir Gnarus, niemiro and Capt.Jack Sparrow say thanks for this.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Join Date
    Mar 2012
    Posts
    469

    Re: Collecting User Mode Dumps/ WER

    Nice, I forgot Mark using the dps thing to reveal the raw stack. His approach was more awkward, however, in which you have to keep typing dps until you reach the end. Using the Base and Limit values for the range is nice and quick. :)

    Also, yes, thank you for extrapolating on the user dump stuff. It's very convenient to set up the system to automatically create such dumps on user app crashes.

  3. #3

    Join Date
    Feb 2012
    Posts
    2,065
    Blog Entries
    7

    Re: Collecting User Mode Dumps/ WER

    Oh, I see now! I didn't see the full picture for the Base and Limit values - so I didn't associate it with the Russinovich use of dps.
    And you're right - typing dps again and again is a real PITA.

    WER link in John's post doesn't work for me. This one seems to be the same: http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx
    jcgriff2 says thanks for this.

  4. #4
    jcgriff2's Avatar
    Join Date
    Feb 2012
    Location
    New Jersey Shore
    Posts
    14,528

    Re: Collecting User Mode Dumps/ WER

    Sorry about that link; don't know how I screwed that up.

    It is a 404 in my post.

    BSOD Posting Instructions - Windows 10, 8.1, 8, 7 & Vista ` ` `Carrona Driver Reference Table (DRT)
    https://www.sysnative.com/
    Sysnative Hex-Decimal-UNIX Date Conversion

    Has Sysnative Forums helped you?
    Please consider donating to help support the forum.
    Thank You!

    Microsoft MVP 2009-2015

Similar Threads

  1. Replies: 24
    Last Post: 12-07-2013, 12:49 PM
  2. SFC Reporting Corruptions/Errors in Windows 8/8.1? Read this first!
    By Tekno Venus in forum Windows 8 | Windows RT
    Replies: 0
    Last Post: 11-17-2013, 02:01 PM
  3. Replies: 1
    Last Post: 08-09-2013, 04:45 PM
  4. Replies: 0
    Last Post: 09-23-2012, 11:15 PM

Log in

Log in