I rely on Windows Error Reporting to create full user-mode dumps for a large multi-threaded application. I know that when I started using it (at the beginning of 2012), these dumps contained all the application memory and full stacks for all threads that were accurate at the time the application crashed (threw an unhandled exception, etc.). But at some unknown moment last year, the dumped dumps changed. They still contain all the memory, but show only one thread, and the stack looks from after , the process is already shutting down:
ntdll.dll!_LdrpCallInitRoutine@16() + 0x14 bytes
ntdll.dll!_LdrShutdownProcess@0() + 0x141 bytes
ntdll.dll!_RtlExitUserProcess@4() + 0x74 bytes
kernel32.dll!_UnhandledExceptionFilter@4() + 0x18928 bytes
This is an unmanaged (unmanaged?) 32-bit C ++ application compiled with VS2010 SP1, running on 64-bit Win7 SP1 (and updated). Does anyone know of any Windows updates that changed WER behavior last year? Is there anything customizable besides "HKLM \ SOFTWARE \ Microsoft \ Windows \ Windows Reporting \ LocalDumps \ AppName.exe?
In addition, killing the application by calling "RaiseFailFastException" still leads to a good dump with valid stacks for all threads.
source
share