A process crashed in windows Crash dump location

Question

A windows process got crashed for some reason  I need to analyse the crash dump    In Windows 2003 PC health helped us to find the crash dump file   How to get the crash dump file location in Windows 2008

User · Answer

a core dump is usually only made when the Windows kernel crashes (aka blue screen). A servicecrash will most of the times only leave some logging behind (in the event viewer probably).

If it is the bluescreen crash dump you are looking for, look in C:\Windows\Minidump or C:\windows\MEMORY.DMP

User · Answer

Windows 7  64 bit  no modifications to the Registry key  the location is   C  Users Current User when app crashed  AppData Local Microsoft Windows WER ReportArchive

User · Answer

I have observed on Windows 2008 the Windows Error Reporting crash dumps get staged in the folder      C  Users All Users Microsoft Windows WER ReportQueue   Which  starting with Windows Vista  is an alias for      C  ProgramData Microsoft Windows WER ReportQueue

User · Answer

Maybe useful  Powershell  http   sbrennan net 2012 10 21 configuring-application-crash-dumps-with-powershell   From Windows Vista and Windows Server 2008 onwards Microsoft introduced Windows Error Reporting or WER   This allows the server to be configured to automatically enable the generation and capture of Application Crash dumps  The configuration of this is discussed here   The main problem with the default configuration is the dump files are created and stored in the   APPDATA  crashdumps folder running the process which can make it awkward to collect dumps as they are spread all over the server  There are additional problems with this as but the main problem I always had with it was that its a simple task that is very repetitive but easy to do incorrectly   Source code in Powershell  should be useful source code in C  too    verifydumpkey   Test-Path  quot HKLM  Software Microsoft windows Windows Error Reporting LocalDumps quot        if   verifydumpkey -eq  false             New-Item -Path  quot HKLM  Software Microsoft windows Windows Error Reporting  quot  -Name LocalDumps               adding the values    dumpkey    quot HKLM  Software Microsoft Windows Windows Error Reporting LocalDumps quot    New-ItemProperty  dumpkey -Name  quot DumpFolder quot  -Value  Folder -PropertyType  quot ExpandString quot  -Force New-ItemProperty  dumpkey -Name  quot DumpCount quot  -Value 10 -PropertyType  quot Dword quot  -Force New-ItemProperty  dumpkey -Name  quot DumpType quot  -Value 2 -PropertyType  quot Dword quot  -Force  WER -Windows Error Reporting- Folders   HKEY LOCAL MACHINE SOFTWARE Microsoft Windows Windows Error Reporting LocalDumps  localappdata  Microsoft Windows WER  LOCALAPPDATA  CrashDumps C  Users Current User when app gt  crashed  AppData Local Microsoft Windows WER ReportArchive C  ProgramData Microsoft Windows WER ReportArchive c  Users All Users Microsoft Windows WER ReportQueue   BSOD Crash  WINDIR  Minidump  WINDIR  MEMORY DMP Sources  http   sbrennan net 2012 10 21 configuring-application-crash-dumps-with-powershell  http   msdn microsoft com en-us library windows desktop bb787181 28v vs 85 29 aspx http   support microsoft com kb 931673 https   support2 microsoft com kb 931673 wa wsignin1 0

User · Answer

The location is in the following registry key  HKEY LOCAL MACHINE SOFTWARE Microsoft Windows Windows Error Reporting LocalDumps  Source  http   msdn microsoft com en-us library windows desktop bb787181 28v vs 85 29 aspx

User · Answer

On Windows 2008 R2  I have seen application crash dumps under either  C  Users  Some User  Microsoft Windows WER ReportArchive  or  C  ProgramData Microsoft Windows WER ReportArchive  I don t know how Windows decides which directory to use

User · Answer

http   support microsoft com kb 931673  There are Registry changes you can make to explicitly select where the crash dump file resides  otherwise  localappdata  Microsoft Windows WER is the default location   I assume that  localappdata  is defined differently for a user or a service running under System   You will need to enable WER I believe

[windows-server-2008] A process crashed in windows .. Crash dump location

Examples related to windows-server-2008

Examples related to crash-dumps