Starting with Windows Server 2008 and Windows Vista Service Pack 1 (SP1), Windows Error Reporting (WER) can be configured so that full user-mode dumps are collected and stored locally after a user-mode application crashes.
This feature is not enabled by default. Enabling the feature requires administrator privileges. To enable and configure the feature, use the following registry values under the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps key.
| Value | Description | Type | Default value |
| DumpFolder | The path where the dump files are to be stored. If you do not use the default path, then make sure that the folder contains ACLs that allow the crashing process to write data to the folder. For service crashes, the dump is written to service specific profile folders depending on the service account used. For example, the profile folder for System services is %WINDIR%\System32\Config\SystemProfile. For Network and Local Services, the folder is %WINDIR%\ServiceProfiles. | REG_EXPAND_SZ | %LOCALAPPDATA%\CrashDumps |
| DumpCount | The maximum number of dump files in the folder. When the maximum value is exceeded, the oldest dump file in the folder will be replaced with the new dump file. | REG_DWORD | 10 |
| DumpType | Specify one of the following dump types: | Type | Description | | 0 | Create a custom dump | | 1 | Mini dump | | 2 | Full dump | | REG_DWORD | 1 |
| CustomDumpFlags | The custom dump options to be used. This value is used only when DumpType is set to 0. | REG_DWORD | MiniDumpWithDataSegs | MiniDumpWithUnloadedModules | MiniDumpWithProcessThreadData. |
These registry values represent the global settings. You can also provide per-process settings that override the global settings. To create a per-process setting, create a new key under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps that specifies the name of your application. For example, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\MyApplication.exe. Include your dump settings under the MyApplication.exe key.
After an application crashes, crash reporting is handled as it was in previous releases. Prior to application termination, the system will check the registry settings to determine whether a local dump is to be collected. The registry settings control whether a full dump is collected versus a minidump. The custom flags specified also determine which information is collected in the dump. After the dump collection has completed, the application will be allowed to terminate normally. If the application supports recovery, the dump is collected before the recovery callback is called.
These dumps are configured and controlled independently of the rest of the WER infrastructure. You can make use of the local dump collection even if WER is disabled. The local dumps are collected even if the user cancels WER reporting at any point. The local dump can be different than the dump sent to Microsoft.
Send comments about this topic to Microsoft
Build date: 7/1/2008