ADPlus Configuration File to the rescue
Saturday, November 15th, 2008Click to Download access violation adplus configuration file
ADPlus Configuration file to the rescue
Someone asked me about getting a memory dump on breakpoints in production environment.
Usually, you won’t have the luxury of attaching a debugger and inserting a breakpoint in production environment. However, you can still get a memory dump under different conditions or execute a command line option using ADPlus configuration file. AdPlus does support -hang switch to take a memory dump of a process anytime but that’s not good enough if you need to take a memory dump on a particular first chance exception or even when a breakpoint is hit.
ADPlus script supports configuration file with -c switch to create a memory dump of a user mode win32 process. You should read more on ADPlus configuration file on WinDbg help.
Below is the example of a ADPlus configuration file, which will create a memory dump under the following conditions
- When the application throws an unhandled exception with the exception code 0×80000001, a guard page exception which occurs when you access for example a stack’s guard page.
- Creates a full dump, when breakpoint hits the function kernel32.dll!UnhandledExceptionFilter
- Creates a mini dump. When breakpoint hits the function kernel32.dll!SetUnhandledExceptionFilter
<ADPlus>
<!– RunMode could be crash or hang, Quiet suppresses the warning message box–>
<Settings>
<RunMode> CRASH </RunMode>
<Option> Quiet </Option>
<ProcessName> <process name><!–e.g. cmd.exe–> </ProcessName>
</Settings>
<!–
PreCommands is included to change the symbol path for kernel32.dll, the first command .sympath sets the symbol path to c:\windows\system32(kernel32.dll location and the 2nd command reload the kernel32.dll defaulting to export symbols.
The reason for loading the export symbols has to do with setting a breakpoint in kernel32.dll functions as described in my last blog entry
–>
<PreCommands>
<Cmd> .sympath c:\windows\system32 </Cmd>
<Cmd> .reload /f kernel32.dll </Cmd>
</PreCommands>
<Exceptions>
<Config>
<Code>0×80000001</Code>
<Actions1> MiniDump </Actions1>
<Actions2> FullDump </Actions2>
</Config>
</Exceptions>
<Breakpoints>
<NewBP>
<Type> BM </Type>
<Address> kernel32.dll!UnhandledExceptionFilter </Address>
<Actions> FullDump</Actions>
<CustomActions> r </CustomActions>
</NewBP>
<NewBP>
<Type> BM </Type>
<Address> kernel32.dll!SetUnhandledExceptionFilter </Address>
<Actions> MiniDump </Actions>
<CustomActions> r </CustomActions>
</NewBP>
</Breakpoints>
</ADPlus>
adplus command to execute configuration file(exception.cfg)
cscript.exe adplus.vbs -c exception.cfg
