0

I want procdump to listen to all exceptions (without having to specify a process name or id).

From an example given here, I thought using the following should work:

procdump -ma -i

...but although I get the message following message:

ProcDump is now set as the Just-in-time (AeDebug) debugger.

...when an exception occurs in some process, nothing gets dumped.

The exception is intentionally thrown from the following .NET code:

using System;

namespace ProcdumpTest
{
    class Program
    {
        static void Main(string[] args)
        {
            if (ShouldAwaitKeyPress(args)) Console.ReadLine();
            Throw();
        }
        static void Throw()
        {
            throw new InvalidOperationException();
        }
        static bool ShouldAwaitKeyPress(string[] args)
        {
            var shouldAwaitKeyPress = false;
            if (args.Length > 0)
            {
               bool.TryParse(args[0], out shouldAwaitKeyPress);
            }
            return shouldAwaitKeyPress;
        }
    }
}

Compile it and run with either ProcdumpTest or ProcdumpTest false so that an exception is thrown immediately, or with ProcdumpTest true so that it waits for a keypress to throw.

OfirD
  • 9,442
  • 5
  • 47
  • 90
  • @HansPassant, by that link you mean I should set the appropriate registry settings? executing `procdump -ma -i` already does that. – OfirD Apr 25 '21 at 09:22
  • @OfirD Everything seems correct so there could be another setting in your system that's interferring here. Have you tried running procmon? Does it show WerFault.exe starting as a child process of your app? WerFault.exe should then start procdump. – Sebastian Apr 26 '21 at 11:13
  • @Sebastian, thank you! I wasn't familiar with working with procmon, so following your comment I played with it and finally the problem was visible: I installed procdump under `C:\Program Files`, which requires admin permissions. Although I registered procdump under cmd as admin, procmon indicated that the dump file write access was denied. I then changed the destination dump folder to a non-admin folder, and the dump was then created. Want to post that as an answer to get the bounty? – OfirD Apr 26 '21 at 12:19
  • 1
    @OfirD It's not necessary :) I am happy I helped and, in fact, you figured the problem on your own. I thought it could be caused by some registry setting or a file system problem. Sometimes you need to analyze all the accessed registry keys to find which one is problematic. Fortunately here, it was easier :) Procmon is almost always the first tool I run when diagnosing problems on Windows :) – Sebastian Apr 26 '21 at 13:27
  • @Sebastian, I appreciate your help, thank you! – OfirD Apr 26 '21 at 14:27

1 Answers1

2

Solved thanks to @Sebastian's help:

I initially installed procdump under C:\Program Files, which requires admin permissions, and although I executed procdump -i -ma under a run-as-administrator cmd, procmon indicated that the dump file write-access was denied.

After changing the destination dump folder to a non-admin folder, the dump was successfuly created:

procdump -ma -i c:\path\to\some\non\admin\folder
OfirD
  • 9,442
  • 5
  • 47
  • 90