Is it possible to write a c++ program that will do the following for a given windows process:
1) pause an application
2) copy the memory of that application to the HDD
3) kill the application
4) at a later point start the application in the exact same state it was before by loading the saved memory
One would want to do this for many reasons, and I believe it will be especial helpful in debugging.
No, is not possible. Some of the values in the process image are kernel handles. These will not have a corresponding kernel structure when you restore the image. If you don't believe me, you should believe Raymond Chen: Why can't the system hibernate just one process?
What it is possible is to create a dump, see How to create a user-mode process dump file in Windows Vista and in Windows 7, .dump or MiniDumpWriteDump. Developers had been successfully used dumps for debugging for many years now...
Related
I have an application written in VC++ Windows form applications that interacts with various hardware such as A/D cards, GPIB, D/A etc. My customer ran the application on-site, and found that the application is crashing after few seconds. I asked him to monitor memory growth through task manager, and I found that indeed , the memory was growing. So it looks like some problem of memory leakage. Now I want to find where exactly in my code , I am not correctly freeing/allocating memory., but I do not have the access to the onsite PC. I have to do this on my PC which is not having those hardware A/D etc. Is there any software that can accept my exe, and point out the name of functions/code line which is causing the problem, without actually ecxuting my exe?
My exe would not run since I do not have those hardware.
I used Smartbear QATime for this tasks. It is a profiler which can also profile heap allocations. In the report, you can get a list of objects which are still alive and also the line where they have been created.
Is there any way to detect process crash in windows 7 ?
Just to clarify, upon every process crash windows creates the WERfault.exe ( windows error reporting) . I have driver which monitors the system by using the existing kernel callback mechanism of the kernel. The callback notifies my
driver when a certain process event happens (using PsSetCreateProcessNotifyRoutine).
The problem is I see that WERfault.exe created by svchost.exe but I can't find a way resolving which process has crashed.
Setup your application as the automatic debugger. This can then pass the event on the the real WER if you want to provide the usual UI.
->Is there any way to detect process crash in windows 7 ?
Yes, you can use AdPlus script can be used with command line.
it can be use with windbg go for the documentation i think it may solve your problem.
Adplus dump all your process memory into a file .
I'm coding in C++/MFC using WinAPIs. My software consists of a local service and a user-mode app that provides user interface for a logged in Windows user. I'm looking for a way to collect .dmp and .hdmp files in case of crash in either of those modules. I know that WER supposedly collects them and submits them to Microsoft. Is there a way to collect those files and keep them somewhere on the hard drive?
PS. I need this to work under Windows XP SP3, Vista, 7, 8.
Windows 2000 and XP already save crash dumps using DrWatson. Running drwtsn32.exe allows you to get/configure the path to the log and the dump files.
Windows Vista+ only uses WER, which doesn't save a dump by default, but you can enable creation of user mode dumps.
I set the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\DumpType value to 2 to save full dumps which, by default are stored in %LOCALAPPDATA%\CrashDumps (C:\Users\dee.earley\AppData\Local\CrashDumps).
Installing a debugger like WinDebug will also allow you to catch exceptions from user mode apps and the service as they occur.
Microsoft's DebugDiag tool is quite useful for monitoring processes and spitting out dump files on exceptions and crashes.
http://www.microsoft.com/en-us/download/details.aspx?id=26798
I've used this in multiple customer environments to track down problems that I could not reproduce in my own environment.
If you are looking a way for handling crash on customers side the best solution is using google-breakpad library. In your case exception handler will write dump files on the disk.
Lets say I open some application or process. Did some work with that. Now I closed it.
Need to know whether this application caused any memory leak.
i.e used up some heap memory and not cleared it properly.
Can I get this statistics some how? I'm using Visual Studio (for development) under Windows OS.
Even I would be interested in knowing this information for any 3rd party application.
When an application closes all resources are automatically released by Windows.
A quick & dirty tool to get an indication for memory/resource-leaks inside an application is Perfmon.
The actions executed by an application, can cause other processes to use more memory. SQL Server can make its cache size bigger, maybe you have opened Word or Explorer, the Windows Search engine might kick in because you saved some file. The virus scanner can be more active, etc.....
Have a look at CrtSetDbgFlag:
http://msdn.microsoft.com/en-us/library/5at7yxcs(v=VS.100).aspx
The project my team has been working on has reached a point where we need to deploy it to computers without the development environment (Visual Studio 2005) installed on them. We fixed the dependency issues we had at first, but we're still having issues.
Now, once the installer is finished, our project gets stuck somewhere before entering WinMain. It only takes up 13MB of RAM, but takes up 50% of the cpu cycles.
Are there any suggestions as to how debug this problem?
Edit: Clarification - this is a C++ project.
Is it possible the hang occurs while some global variable is initialized? That happens before WinMain, and from a global variable's constructor any code could be run. Also, take a look at the busy thread's stack using Process Explorer (make sure you deploy the PBD in order to get a meaningful stack trace). The stack trace should make it obvious where is that thread hanging.
You might have to resort to old-time debugging - outputting print statements to a console that refer to what part of the application has been run successfully. Without the IDE installed on the target machine, there really aren't many options for debugging.
If your running vista or windows 7 you can create a memory dump from task manager (right click and select create dump file) and then transfer that to your dev computer, load the symbols and it will show you where the program was at that time.