How to generate application memory and crash dumps

How to generate application memory and crash dumps?


Memory Dump Files (.dmp files) are a snapshot of a program’s memory at a given time. With a dump file, it is possible to see the current executing lines of code, the values of local values and values of all the heap objects. In other words, a dump file represents the entire state of the program at the point it was captured.

Dumps are usually used to debug crashes (Crash Dumps), but there are other uses as well. From most common to least they are:

  • Debug crashed programs
  • Debug hung programs
  • Find memory leaks
  • Debugging on a different machine or at a different time
  • Debug programs that can’t be attached with a debugger

Collecting User-Mode Crash Dumps:

With ProcDump:

ProcDump is part of the SysInternal toolkit, which is a set of extremely useful tools for Windows development. ProcDump itself is a command line tool for creating dumps. It can generate dumps on demand or by monitoring a program and create a dump on a crash or a hang. Monitor things like memory usage, hung programs, CPU usage, first-chance exceptions and create a dump on demand.

  1. Download it from here: ProcDump
  2. Unzip Procdump.zip
  3. From a command prompt, navigate to the folder where unzipped procdump is
  4. Launch procdump.exe with the appropriate arguments for your scenario
  5. Below is a list with the most common arguments, however a full list is available on the ProcDump page above):

-e Write a dump when the process encounters an unhandled exception.
-h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds).
-ma Write a dump file with all process memory. The default dump format includes thread and handle information.
-x Launch the specified application
-g Run as a native debugger in a managed process (required for collecting dumps from processes running .NET code)

For creating Dump for .NET Application (UiPath Studio, UiPath Robot Executor) -ma option needs to be enabled since a full dump is necessary.
Regards to capturing a crash dump, -e option needs to be enabled to capture the moment of crash.
A default procdump command would be "procdump -e -ma "

It is important to use the same bitness collector as the target application. UiPath Executor is currently 32 bit, thus 32 bit ProcDump should be used to collect memory dump.

As an example:

Collecting User-Mode Dumps that is not Crash:

Please use Procdump to collect crash dump as it attaches to the process and capture the moment of crash. If your a dump that is not crash, other methods are also useful, but in terms of debugging, using memory dump for hang issue is extremely complicated.

With Process Explorer:

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it's in handle mode, the handles can be seen that the process selected in the top window have opened; if Process Explorer is in DLL mode, the DLLs and memory-mapped files because the process has loaded. Process Explorer also has a powerful search capability that will quickly show which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Download it from here: Process Explorer

  1. Run procexp.exe
  2. Right-click on any process and choose Create Dump | Create Full Dump :

With Task Manager:

Open the Task Manager, go to Details, right-click the desired process and choose Create dump file.

image.png

This will create a full memory dump.