In the previous post around capturing a dump for a crash, we were talking about using DebugDiag.  But what if we can't use this tool.  There are various reasons for this, maybe we don't want to have it installed on the server, or maybe we are trying to capture a 64-bit process (which DebugDiag doesn't yet work against).

In either of these cases, the best option is to use adplus.  This is a tool that comes with the debugger package.  But the question is, how do you capture the correct dump?  If you look at the help for adplus, you will notice that it has a -crash switch.  So you may be tempted to just attach to the process using that switch.  The problem is that this will most likely catch a 1st chance process shutdown dump.  These dumps consist of a single thread and everything else in the process is gone.  Often times, .NET is unloaded already.  A dump at this point doesn't tell us anything.  So we need to catch it sooner.

ADPLUS Config File

Adplus has the ability to run with all of it's settings being loaded from a config file.  In this case, what we want to do is catch the process with it is calling either TerminateProcess or ExitProcess.  At this point, nothing is shut down yet and we can see what happened.  So how do we set this up?  Well, we can use a config file.  So just create a text file with the following lines in it and save it as Adplus_Crash.cfg:

<ADPlus>

      <!--

      Configuring ADPlus to log, list the stack and create full dump
     when kernel32!ExitProcess is called
     To define an output directory uncomment the line in the Settings section
       changing the directory to the one you want to use

     -->

   <Settings>
       <RunMode> CRASH </RunMode>
   <SympathPlus> SRV*c:\symbol_cache*http://msdl.microsoft.com/download/symbols;c:\symbols_os</SympathPlus>
       <!-- <OutputDir> c:\Dumps </OutputDir>  -->
   </Settings>

    <!-- defining breakpoints -->
    <Breakpoints>
       <NewBP>
           <Address> kernel32!ExitProcess </Address>
           <Actions> Log;Stacks;FullDump  </Actions>
       <ReturnAction> Q </ReturnAction>
       </NewBP>
       <NewBP>
           <Address> kernel32!TerminateProcess </Address>
           <Actions> Log;Stacks;FullDump  </Actions>
       <ReturnAction> Q </ReturnAction>
       </NewBP>
    </Breakpoints>

     <Exceptions>
         <!-- options act on all currently defined exceptions -->
        <Option>  NoDumpOnFirstChance  </Option>
     </Exceptions>
</ADPlus>

So how do we go about running adplus with this config file?  We simply run:

adplus -c "c:\Adplus_Crash.cfg" -iis

That is all we need to do in order to capture the dump and get valid data.

kick it on DotNetKicks.com