A dump is a snapshot of an application at the point in time the dump is taken. It shows what was executing, what modules are loaded, and if saved with heap contains a snapshot of what was in the application’s memory at that point in time making a dump with heap potentially more useful for diagnosing an issue (dumps with heap do however have the disadvantage of being much larger files making them harder to upload/email). Dumps are primarily used for debugging issues that occur only machines the developer does not have access to (e.g. a crash occurs when running on a customer’s computer, but does not occur on the developer’s computer). Dumps are not only useful for crashes, another common example is capturing a dump of an application that is hung.
There are many tools for creating dumps, the easiest method is using the Task Manager on Windows Vista and up (this has significant drawbacks in many cases however as I will explain below), followed by Windows Systinternals ProcDump (free from Microsoft) but since this is a Visual Studio Debugger blog, I will also show how to use Visual Studio to collect a dump.
A dump is ultimately created by Windows regardless of the tool used to create it, so “a dump is a dump” regardless of what tool is used (there is one exception to this when using Task Manger on a 64bit operating system to create a dump of a 32bit process--explained in the “Creating a dump using Task Manager” section).
Since ProcDump is the most configurable tool for collecting dumps, and is relatively easy to obtain and use, I will explain how to collect dumps with ProcDump first.
ProcDump is a command line tool for collecting dumps that is freely available from Microsoft. Applications can either be launched with ProcDump (very useful if the application is crashing on startup), or attached to with ProcDump. Additionally ProcDump can immediately collect a dump in the case of attaching to a process, or be configured to collect a dump when a variety of conditions are met (the application crashes, hangs, uses too much CPU/memory, etc). The full description and functionality are documented on the Systinternals ProcDump page
Launch an application with ProcDump and collect a dump with heap when the process crashes:
C:\>procdump –e –ma –x “C:\My Applications\CrashingApp.exe” crash.dmp
Attach to an application that is hung and collect a dump with heap immediately:
C:\>procdump –ma HangingApplication.exe hang.dmp
Launch an application with ProcDump and collect a dump with heap when process either crashes or hangs
C:\procdump –e –h –ma –x “C:\My Applications\Application1.exe”
Example of attaching to Visual Studio using ProcDump to collect a dump on an unhandled exception
Beginning in Windows Vista, the Windows Task Manager includes support for creating dump files. This can be very useful, and is slightly quicker and less complicated than creating a dump using ProcDump or Visual Studio; there are however a few things to note when using Task Manager to create dumps.
Q: Can Visual Studio debug dumps of applications written in managed code?A: Yes (kind of), support was added to Visual Studio 2010 to debug dumps of managed applications using CLR version 4, Visual Studio cannot debug dumps of managed applications running on versions of the CLR prior to v4
Q: Can Visual Studio debug dumps of 64bit processes?A: Yes, Visual Studio can debug dumps of both 64 and 32 bit processes
Q: Do I have to debug a 64bit dump on a 64bit operating system?A: Yes, you must be running on a 64bit operating system to debug a 64bit dump