Windows Error Reporting

Collecting user-mode crash dumps with WER

This feature is not enabled by default. Enabling the feature requires administrator privileges. To enable and configure this feature, create the LocalDumps registry values under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting key:

  1. Open the Windows registry editor (Start > Run > type regedit.exe and press Enter)
  2. Make a Backup copy of the registry
  3. Navigate to following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting
  4. If it does not exist, create the following key: LocalDumps
  5. In this key, add the following values:
  • Create STRING value DumpFolder with the following content: C:\dumps; (choose your location here). It is recommended, not to use the root folder.
  • Create DWORD32 value DumpCount – assign 10 (decimal) to it
  • Create DWORD32 value DumpType – assign 2 (decimal) to it
  • Create DWORD32 CustomDumpFlags with 0 (decimal) in it
  1. Restart the machine to apply the changes

These registry values represent the global settings. You can also provide per-application settings that override the global settings. To create a per-application setting, create a new key for your application under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps (for example, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps\MEC.MSEC.attendant.exe). Add your dump settings under the MEC.MSEC.attendant.exe key. If your application crashes, WER will first read the global settings, and then will override any of the settings with your application-specific settings.

After an application crashes and prior to its termination, the system will check the registry settings to determine whether a local dump is to be collected. After the dump collection has completed, the application will be allowed to terminate normally. If the application supports recovery, the local dump is collected before the recovery callback is called.

These dumps are configured and controlled independently of the rest of the WER infrastructure. You can make use of the local dump collection even if WER is disabled or if the user cancels WER reporting. The local dump can be different than the dump sent to Microsoft.

copy and save this reg script as localdumps.reg and execute it to automatically add the key

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpFolder"="C:\\Dumps"
"DumpCount"=dword:00000010
"DumpType"=dword:00000002
"CustomDumpFlags"=dword:00000000

Reading Dump files (.dmp)

to read dmp files install debugdiag tool https://www.microsoft.com/en-us/download/details.aspx?id=49924