Hello folks,
Is it possible to create a full memory dump of a Windows service when it crashes? Obviously, there are the well known postmortem debuggers, which can collect a memory dump of a failing process. But the problem with Windows services is that they are running within the system-context and not in the user-context.
Can anybody help me?
Until now, I tried it with WinDbg:
- I set up WinDbg as the default postmortem Debugger by executing WinDbg -I.
- I verified that within both locations of the registry (HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AeDebug and HKLM\SOFTWARE\Wow6432Node\Microsoft\WindowsNT\CurrentVersion\AeDebug) the two entries Auto and Debugger exist.
- I configured WinDbg to automatically write memory dumps at startup by changing the Debugger entry to "Path\WinDbg.exe" -p %ld –c ".dump /ma /u D:\CrashDump.dmp" -e %ld –g
- I verified that WinDbg has privileges to the target location of the memory dump file with and without administrative privileges.
But it does not work. :(
When I write a normal user-mode application which intentionally crashes after startup, WinDbg pops-up and automatically writes the .dmp file to the target location. But if my service crashes, it does not.
Within the task manager, I can see that WinDbg gets started after the process of my service crashes, but both just remain in the list without any dump file.