How do I get started with Windows Error Reporting (WER)?
How do I find Windows Error Reporting information on a PC?
How do we match up crash data (Windows Error Reporting signatures) with companies?
What files should I map?
How do we detect applications hangs in Windows?
What is a bucket?
What is a “special” exception?
What are the different types of memory dumps?
When will I see data?
Q: How do I get started with Windows Error Reporting (WER)?
A: As an Independent Software Vendor (ISV) who develops software applications for the Windows Operating Systems, you are able to register to receive Software Quality information from the Windows Quality website.
Please follow this link to a page with directions on how to get started! (http://www.microsoft.com/whdc/maintain/StartWER.mspx).
Q: How Do I find Windows Error Reporting information on a PC?
A: Here are the solutions for finding WER data on XP, Vista, and Windows 7.
On XP / Server 2003 you can find information about error reports in the Application Log. When a crash occurs the bucketing parameters are written to the Application Event log with the event source of “Application Error” and event ID 1000. When the crash is submitted the bucket ID is written to the Application Log with the same event source and has an event ID 1001.
On Vista you can use the “wercon” control panel accessible via: Start >Control Panel >System and Maintenance >Problem Reports and Solutions >View Problem History Or By typing “wercon” in the Search Box at the base of the Start Menu.
Click on the “View problem history” link
Double click on on a line item below the Application Name to view details:
Notice the bucketID and the Copy to Clipboard feature.
Using the Action Center:
Open the Action Center by clicking on the flag icon in the system tray
Select the Action Icon from the system tray, and click Open Action Center.
By expanding the Maintenance toggle button, the customer can see the View System History link.
After selecting the View System History link, the customer can click the View problem reports and responses link.
Or, you can type error into the Search bar on the Start Menu and click the “View problem History”
Select View Problem History, and then select View problem reports and responses.
Q: How do we match up crash data?
A: Here is the general mapping logic we used based on crash data that is gathered by Windows Error Reporting (WER) client. Notice the difference between Pre Windows Vista, and Post Windows Vista.
How do we match up crash signatures with Files that are mapped?
We use 4-6 basic parameters to match mapped files in the developer portal, Windows XP has fewer and matches on File Name and File Version for either Applications and Modules. With this in mind if you are still developing for Windows XP it is a best practice to come up with a unique file name and file version. This best practice translates to any other development environment, but is important with Windows XP as you can see the parameters below that the Windows XP WER Client sends to our service.
Windows XP (Includes Windows Server 2003)
WER client sends these parameters we use to match crashes:
With Windows XP/Windows Server 2003 crashes we have less data to use for matching crash signatures with files mapped on the portal.
Windows Vista++ (includes Windows Server 2008)
We use the link date to get a more accurate match on the files mapped on the portal.
Q: What files should I map
A: Given the way we have implemented mapping logic the best policy is to map only the files where you own or maintain the source code. If you ship 3rd party or open source modules with your software where you do not own or maintain source then you will not be able to take action on these error reports, and this information will just be added noise and complexity.
Even if you don’t map 3rd party modules you will still see crash reports where any module crashed your application.
NOTE: We have mapping collision detection that will preclude you from mapping certain files.
Product Name: FabrikamReportingApplication
Product Binary files:
With the mapping scenario above you will still see crashes where ThirdPartyChartControl.dll caused a crash in the FabrikamReportGUI.exe application.
Q: What is a bucket?
A: A bucket uses a set of parameters gathered by the WER client to describe a WER Event. For crash events the bucketing parameters are Application Name, Application Version, Application Build Date, Module Name, Module Version, Module Build Date, Exception Code, and Code Offset.
There are also Generic Buckets that are made up of up to 10 parameters.
Q: What is “special” exception?
A: A special exception is a grouping of two WER event types: Buffer Overruns (BEX) where the exception code = C0000409, and Data Execution Prevention (DEP) where the exception code = C0000005. These two event types are related to security of software and can also be viewed in the Security Alerts section of the website. In order for the WER client to capture BEX events you need to use the /GS command when compiling your software.
Q: What are the different types of memory dumps?
A: Below is a table that contains brief descriptions of the different types of dump files that can appear in .CAB file.
Q: When will I see data?
A: After mapping files we will start to pull any existing data we have for crashes. Generally you will see Hit data within a day or so. Users who setup Vista and Windows 7 with recommended settings (~80%) will automatically send us the hit data without any prompting, so you can see hits without cabs.
By default we collect 10 cab (minidump) files per event*, since a user still has to click on the “send additional information” button for us to get the crash dump it can take some time to get cab files.
Once we receive cab files for an event you will generally be able to see these cabs within a few hours of us receiving them.
NOTE: For newly detected crashes it can take more than 4 days to get the crashes processed and up on the site. Commonly if you create an app to test our system you will see a longer latency in getting WER data. Since WER is collecting unhandled exceptions on Windows all the time, we recommend mapping existing released software.
*We do not set collection rules for files that are un-versioned, and automatic collection rules depend on the time you map your files. If you are mapping old files, all the buckets have been created and we will not automatically collect files for old buckets. For newly created buckets we will set the collection rules for the most common file extensions.