Overview
If there is a need to figure out why a certain program or a process crashes, you can use a utility called ProcDump. It is a command line debugger tool, which will dump the in-memory contents of the process of an application into a .dmp (dump) file. Dumps will contain the call stacks, registers and data of the application at the time the dump is taken. It is like a point-in-time snapshot of an application. You can also create a dump file with Task Manager, but it's not the most optimal tool in a crash situation.
More information about ProcDump with the download link can be found here:
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Solution
Runs on:
- Client: Windows Vista and higher.
- Server: Windows Server 2008 and higher.
Usage:
Download the app, open an elevated Command Prompt (as an Administrator), start ProcDump with the following parameters and repeat the problematic actions until the process crashes:
procdump -ma -e 1 -w processname.exe
This will (try to) catch the crash event and generate a dump file with all process memory. The ProcDump process remains running until the crash happens or the monitored process exits normally.
Example:
When you have problems with e.g. Excel crashing, enter the following command in an elevated Command Prompt in the directory where the ProcDump.exe has been extracted:
procdump -ma -e 1 -w excel.exe
Note: the "-e 1" argument may also create dumps from exceptions the application handles properly. If using it that way generates too many dumps (far more than the application crash entries in the windows event log), try just "-e".
