Windows Error Reporting
微软官方说明
These registry values represent the global settings. You can also provide per-application settings that override the global settings. To create a per-application setting, create a new key for your application under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps (for example, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\MyApplication.exe). Add your dump settings under the MyApplication.exe key. If your application crashes, WER will first read the global settings, and then will override any of the settings with your application-specific settings.
After an application crashes and prior to its termination, the system will check the registry settings to determine whether a local dump is to be collected. After the dump collection has completed, the application will be allowed to terminate normally. If the application supports recovery, the local dump is collected before the recovery callback is called.
These dumps are configured and controlled independently of the rest of the WER infrastructure. You can make use of the local dump collection even if WER is disabled or if the user cancels WER reporting. The local dump can be different than the dump sent to Microsoft.
DumpFolder:REG_EXPAND_SZ:%LOCALAPPDATA%\CrashDumps
DumpCount:REG_DWORD:10
DumpType:REG_DWORD:2
- 0: Custom dump
- 1: Mini dump
- 2: Full dump
CustomDumpFlags:REG_DWORD:0
- MiniDumpWithDataSegs | MiniDumpWithUnloadedModules | MiniDumpWithProcessThreadData.
1. 移除默认的调试器
如果你的机器装了VS开发工具,会在注册表里写入调试器地址,需要把它删除。
找到注册表删除以下2个项目
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
在 64 位 操作系统上也删除以下注册表项:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
2. 修改WER注册表配置
这个功能在Windows中默认是关闭的,想打开的话修改方式如下:
1. 运行Regedit
2. 找到这个: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
3. 有四个值需要配置:
a. Value:DumpFolder, Type:REG_EXPAND_SZ - 顾名思义,就是存储dump的位置
b. Value:DumpCount, Type:REG_DWORD - 最大保留的dump个数,默认为10.
c. Value:DumpType, Type:REG_DWORD - Dump类型,0:Custom dump, 1: Mini dump, 2: Full dump. 默认值为1
d. Value:CustomDumpFlags, Type:REG_DWORD - 没怎么用,暂时不解释。
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe]
"DumpFolder"=hex(2):64,00,3a,00,5c,00,64,00,75,00,6d,00,70,00,73,00,00,00
"DumpCount"=dword:00000002
"DumpType"=dword:00000002
3. 启动 Windows Error Reporting Service 服务
借鉴参考IIS转储脚本
rem 可根据实际情况修改磁盘路径DMPPATH=d:\dumps SET DMPPATH=d:\dumps SC CONFIG WerSvc START= AUTO NET START WerSvc ECHO 启用完成 REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger /f REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger /f REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger /f REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger /f ECHO 删除完成 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /t REG_SZ /v DumpFolder /d %DMPPATH% /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /t REG_DWORD /v DumpCount /d 2 /f REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe" /t REG_DWORD /v DumpType /d 2 /f ECHO 启用完成 PAUSE
https://docs.microsoft.com/en-us/windows/win32/wer/windows-error-reporting
