About
Search
Welcome to M-Files Empower – our new support experience. We'd love to hear what you think!Give feedback
Home/Support and troubleshooting/Troubleshooting/Gathering logs

Collecting crash dumps with registry settings

Last updated on 9 December 2024

Admin

Overview

Starting with Windows Server 2008 and Windows Vista with Service Pack 1 (SP1), Windows Error Reporting (WER) can be configured so that full user-mode dumps are collected and stored locally after a user-mode application crashes. Applications that do their own custom crash reporting, including .NET applications, are not supported by this feature. 
 

This feature is not enabled by default, and enabling the feature requires administrator privileges. This article describes how to enable the user-mode memory dump collection with a Windows registry setting that is usable in crash situation investigation. The registry setting enables catching every crashing application, excluding applications that do their own custom crash reporting. 
 

Note! Creating a dump file with Task Manager is also possible, but those memory dumps are not usable in crash situation investigations, only in freeze or deadlock situations.
 

The user-mode dump files include the entire memory space of a process, the program's executable image itself, the handle table, and other information that will be useful to the debugger. These dump files are pretty similar to the ones that ProcDump creates. ProcDump is more flexible, and its parameters can be configured, but you must know the exact name of the process when using that. 
 

More information about collecting User-Mode dumps can be found here: https://docs.microsoft.com/en-us/windows/desktop/wer/collecting-user-mode-dumps

Prerequisites

Client: Windows Vista SP1 and higher.

Server: Windows Server 2008 and higher.

How to enable

Download LocalFullMemoryDumps.zip from here:  LocalFullMemoryDumps.zip.

Extract both EnableLocalFullMemoryDumps.reg and DisableLocalFullMemoryDumps.reg files from the LocalFullMemoryDumps.zip file to, e.g., Desktop (do NOT run .reg directly from the zip file).
 

Enable EnableLocalFullMemoryDumps.reg by double-clicking it and confirming the registry changes.
 

Registry change enables up to 30 most recent Application Memory Dumps to be available in folder C:\CrashDumps. This happens after the application crashes without further user interaction.
 

Disable the crash dump gathering by double-clicking DisableLocalFullMemoryDumps.reg and confirm the registry changes after crash dumps have been collected.
 

Creating a memory dump from a specific process with Task Manager

Creating a crash dump from a specific process (ProcDump)

Related content

Still need help?

Ask the M-Files Community
Submit a Support Request
On this page
Overview
Prerequisites
How to enable
Links to other information
Popular links
What is enterprise content management?Business process managementCollaboration solutionsSolutions by industryKey capabilities
About M-Files
Contact usSchedule a demoCareersTrust CenterPrivacy policySecurity Hall of Fame
Resources
Customer Support PortalPartner HubDeveloper PortalUser guideM-Files CommunityTerms and conditions