0

We have a small Java program which runs on our test machines as a daemon which we use to start servers for testing.

On windows we have it run the servers 'under' procdump so as to capture a core dump if the server crashes.

Recently, we've been seeing the servers start successfully, but then exit with the code STATUS_DEBUGGER_INACTIVE (0xC0000354). This is definitely not an exit code returned from the server via returning from main, given our logging of stderr/stdout, and since we just never return that value.

We get this exit code by scraping the procdump output for the PID of the monitored process, and then using JNA to open a win32 handle to the server process & using getexitcodeprocess

I believe that procdump may be dying/being killed at the same time, since there's no usual 'process exited without creating dump' message.

To try & debug this I added logic to our java program which enables silent process exit monitoring for the server process (See https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/registry-entries-for-silent-process-exit), and I tested it by starting a server & killing it with the task manager, and a dump was created.

But when running 'in production', I'm not seeing any dumps created, even though the unexpected exits are still occurring. What does it mean if this 'silent process exit monitoring' doesn't catch my process exit?

I haven't been able to find much about STATUS_DEBUGGER_INACTIVE online, but I did find this https://github.com/adobe/chromium/blob/cfe5bf0b51b1f6b9fe239c2a3c2f2364da9967d7/base/process_util_win.cc#L41

What is this 'special meaning' and where is it documented?

Bwmat
  • 4,314
  • 3
  • 27
  • 42
  • 1
    if process **A** debugging process **B** with [`DEBUG_OBJECT_KILL_ON_CLOSE`](https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-debugsetprocesskillonexit) option and **A** close debug object or terminated (on process terminate all handles closed) - system terminate process `B` too with `STATUS_DEBUGGER_INACTIVE` status. so here all is clear - procdump debug your process. that procdump terminated/crashed/closed. without detach debugger first. as result your process force terminated with this status. this is not your process error – RbMm Jun 14 '22 at 23:58
  • @RbMm Interesting. Would that explain why the 'silent process exit monitoring' didn't work? Also, where did you get this knowledge, is it documented somewhere, or just experience? – Bwmat Jun 15 '22 at 00:10
  • 1
    i am debugger developer and have big knowledge in topic. this not documented, but about STATUS_DEBUGGER_INACTIVE all is clear how this happens – RbMm Jun 15 '22 at 00:17
  • 1
    *I believe that procdump may be dying/being killed at the same time, since there's no usual 'process exited without creating dump' message.* - the procdump is dying/being killed **first** (without detach debug object from your process) and as result system terminate your process with `STATUS_DEBUGGER_INACTIVE` - this is usual behaviour – RbMm Jun 15 '22 at 00:20
  • I just enabled the silent process exit monitoring for procdump itself, hopefully that will tell me something, thanks! – Bwmat Jun 15 '22 at 00:21
  • I was able to reproduce the behaviour by killing procdump from the task manager, and confirmed that a process killed this way doesn't get detected by silent process exit monitoring. – Bwmat Jun 15 '22 at 01:05

0 Answers0