Hacks Weekly #54 Crashing Application

During this Hacks Weekly episode, we will focus on crashing application. Using PerfView we will check what events have caused the application to crash and view the exception stacks of the process.

The first step is to install the Dumping Service. 

In the video attached, we’re doing it by running CreateDumpingService.bat. We need to start the service by running sc start dumpingservice. Afterwards, we can see the start pending. We can check sc query dumpingservice. Now it is running. The next step is to open the PerfView 

We need to start a new collection by clicking Collect and Collect here. It enables us to start a new Collection. Next, let’s go back to the command prompt. Now we can send custom control commands to the service. Let’s do this by typing sc control dumpingservice 128. 

Now let’s send: sc control dumpingservice 129. And finally, let’s send: sc control dumpingservice 130. We can check if the service is still alive by again running: sc query dumpingservice. 

As you can see in the video, it is right now stopped. So the next step is stopping the collection in the PerfView. Remember to give it a few seconds to write everything and save. 

Now let’s open Events and then locate Microsoft Windows Exception Start here. You can see here that we have five events. And we can see that only the bottom one is listed once on contrary to the others.

We can also see that there is an ExceptionType=”SystemAccessViolationException”. The exception message is “Attempted to read or write protected memory”. This is often an indication that other memory is corrupt. We can check if we have something else here. 

And we can see that there is an ExceptionFlags=CorruptedState. It indicates that there is an unrecoverable exception. Close this window and in the main PerfView window you can open Exception Stacks. Here we need to find the DumpingService. Let’s expand the tables. 

Notice the line Throw(SystemAccessViolationException) “Attempted to read or write protected memory” – this is the same as we have seen earlier. Within the table, you can find all the stacks for this event. 

During this lab, we have analysed a case of the application crash by investigating the information collected by PerfView. That information can come in handy when troubleshooting various different issues.

Hope to see you during our next Hacks Weekly episode!