How to write a sample code that will crash and produce dump file?

Question

I started learned windbg and I found this good post How to use WinDbg to analyze the crash dump for VC++ application?

Now I want to follow the instructions and do it

Answer 1

#include <Windows.h>
#include <Dbghelp.h>

void make_minidump(EXCEPTION_POINTERS* e)
{
    auto hDbgHelp = LoadLibraryA("dbghelp");
    if(hDbgHelp == nullptr)
        return;
    auto pMiniDumpWriteDump = (decltype(&MiniDumpWriteDump))GetProcAddress(hDbgHelp, "MiniDumpWriteDump");
    if(pMiniDumpWriteDump == nullptr)
        return;

    char name[MAX_PATH];
    {
        auto nameEnd = name + GetModuleFileNameA(GetModuleHandleA(0), name, MAX_PATH);
        SYSTEMTIME t;
        GetSystemTime(&t);
        wsprintfA(nameEnd - strlen(".exe"),
            "_%4d%02d%02d_%02d%02d%02d.dmp",
            t.wYear, t.wMonth, t.wDay, t.wHour, t.wMinute, t.wSecond);
    }

    auto hFile = CreateFileA(name, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
    if(hFile == INVALID_HANDLE_VALUE)
        return;

    MINIDUMP_EXCEPTION_INFORMATION exceptionInfo;
    exceptionInfo.ThreadId = GetCurrentThreadId();
    exceptionInfo.ExceptionPointers = e;
    exceptionInfo.ClientPointers = FALSE;

    auto dumped = pMiniDumpWriteDump(
        GetCurrentProcess(),
        GetCurrentProcessId(),
        hFile,
        MINIDUMP_TYPE(MiniDumpWithIndirectlyReferencedMemory | MiniDumpScanMemory),
        e ? &exceptionInfo : nullptr,
        nullptr,
        nullptr);

    CloseHandle(hFile);

    return;
}

LONG CALLBACK unhandled_handler(EXCEPTION_POINTERS* e)
{
    make_minidump(e);
    return EXCEPTION_CONTINUE_SEARCH;
}

int main()
{
    SetUnhandledExceptionFilter(unhandled_handler);

    return *(int*)0;
}

Answer 2

To create a crash dump, I would not write an unhandled exception handler as proposed by @Abyx for the following reasons:

a) in case of some buffer overflow or stack overflow, the code which handles the unhandled exception may be corrupt. In case of an OutOfMemoryException, how can you load another library like DbgHelp.dll?

b) the code which you have written may be buggy. Does that code check the free disk space before it writes the dump? How do you test the code to write a crash dump? Do you have a unit test for that? How does your unit test check if the dump is correct?

c) why write code at all if Windows can do it for you?

MSDN has an article on Collecting user mode dumps. Basically, there are some Registry settings which you can make. The advantage is: Windows will create the crash dump by the operating system, not by some corrupted code inside your own application.

Answer 3

If you want to see a crash dump, you need to create one. See Heisenbug: WinApi program crashes on some computers . While you may be able to get the crash dump intended to be send for WER without going through WinQual, it is a bit messy (basically you can copy it from the temporary location before it is sent away, exact details depend on your operating system), I would recommed to create your own crashdump using the Win API MiniDump provided functions. All code needed for this can be found at The CodeProject page mentioned in the linked answer.

Answer 4

Try this:

int main()
{
   int v[5];

   printf("%d", v[10]);
   return 0;
}

or access a random memory location.

Answer 5

Dump file can be created either programmaticaly or by program error debugger tool. In first case you can use MiniDumpWriteDump function and in the second you can use Dr. Watson (for XP: have a look at this description and this very descriptive video; for Vista, have a look here)

Answer 6

I used the code below when testing out WinDbg some time ago.

• The code below works and will generate a crash dump
• There are two functions so that you can see a stack trace with an obvious chain of functions.
• To find the crash dumps, search for *.dmp or *.mdmp in C:\Users
• It's probably best to let the OS generate the dump for you. This is probably how most of the real crash dumps you see will be generated.
• The code works by first allocating 1 KiB of memory, then writing both it and the following 1 KiB with a recognizable hexadecimal value. This usually hits a page of memory marked by the OS as non-writeable, which will trigger the crash.

---

#include "stdafx.h"
#include "stdio.h"
#include "malloc.h"

void Function2(int * ptr2)
{
    for(int i=0; i < (2 * 1024); i++)
    {
        *ptr2++ = 0xCAFECAFE;
    }
}

void Function1()
{
    int * ptr1 = (int *)malloc(1024 * sizeof(int));

    Function2(ptr1);
}

int _tmain(int argc, _TCHAR* argv[])
{
    printf("Press enter to allocate and corrupt.\r\n");
    getc(stdin);

    printf("Allocating and corrupting...\r\n");
    Function1();

    printf("Done.  Press enter to exit process.\r\n");
    getc(stdin);

    return 0;
}