Overview
This article provides the details on how to create a Crash Dump for a process that is crashing.
Process
For GFI LanGuard 2012 and higher
- These versions automatically create a dump file for any of the following processes that crash in the %temp% directory of the account the process is running under. The filename will be trouble_<ProcessName>.dmp: lnssatt.exe (attendant service), lnsscomm.exe, htservice.exe.
- The %temp% directory of the service account is normally located:
C:\Users\<AcctName>\AppData\Local\Temp\1
(Vista or higher) orC:\DOCUME~1\AcctName>\LOCALS~1\Temp\
(Windows 2003 or lower).
If the process is hanging (instead of crashing), you can create a dump of the process as follows
- Find the Process ID of the process in Task Manager.
- Run the following command:
"c:\Program Files (x86)\GFI\LanGuard 11 Agent\trouble.exe" --HandleCrash 2680
Note: 2680 is the Process ID - include the quotes. - A mini-dump will be generated in the temporary folder of the current interactive/logged on user (i.e., the folder %temp%).
For other GFI Programs or processes
- Download and install the relevant version of the Windows debugging tools from:
- Create a folder named CrashInfo in the root of the C: drive.
Note: if you have limited space on the C:\ drive you can use and alternative drive with more space. - Open a command prompt.
IMPORTANT NOTE: Right click the command prompt and run as administrator or this will not work properly. - Navigate to the installation path of Debugging Tools. By default, this location is usually
- 32 bit Operating System '
C:\Program Files\Debugging Tools for Windows
' - 64 bit Operating System '
C:\Program Files (x86)\Debugging Tools for Windows (x86)
'
- 32 bit Operating System '
- Make sure the service which is having the problems is started.
- Run the following command string by replacing 'Processname.exe' with the actual name of the service's executable:
ADPlus -crash -NoDumpOnFirst -quiet -pn Processname.exe -o C:\CrashInfo\
- At this point, you will want to reproduce the service crash, if possible. Once the service crashes, the memory dump will be created in the CrashInfo folder. You will see a folder that should start with Crash_Mode.
- Please zip up the CrashInfo folder, rename the folder to <GFI-Case-Number>_dump.zip.
- Please upload the zip file to our FTP server .
About the dump file:
The dump file will be created in a sub-folder under where ADPlus is being run. The name of this folder will contain the type of dump taken (Crash or Hang) and the date the dump was taken. This folder will contain several files. When you look at the dump file, you will see it has a very long name and ends with .dmp.
The name of the crash dump file should be checked to be sure it looks correct:
Application name | This is the name of the application for which the dump was taken. |
Partial Error message | |
1st_chance | This means the dump was taken during a caught exception (ie first chance). |
2nd_chance |
This shows that the dump was taken 2nd chance exception - which is what we want to see for a crash dump. Note: There are countless variations, the main thing is that the error message you see should tie back to what you would be expecting. The main thing is that you see 2nd_chance" noted in the filename for a crash dump. |
Type of error |
The file name should contain a partial error description, so you know which exception the 2nd chance exception was thrown for. |
FTP Server details:
Host: ftp://ftp.gfisoftware.com
User: gfi
Pass: gfi911cust
- Please use either IE6 or the My Computer window (address bar) to open the FTP site (Not IE7).
- Login to the FTP server by clicking on File in the top right corner of the browser, then Login As.
- You are now at a Blank page where you can upload your file.
- Upload the zip file containing the Troubleshooter files by right clicking on the zip and choosing copy, then right click in the blank space of the FTP site and paste.