╔═══════════════════════════════════════ ║ Instructions - Debugging - Windows Error Reporting - Process Dump Configuration WER (Windows Error Reporting) is the built-in debugger facility available on every Windows 6.0 and uplevel version. It can be configured to automatically create a JIT (Just-In-Time) dump of any user mode process suffering a second-chance exception (i.e. crashing). These instructions will configure WER to create up to 16 JIT full process memory dumps of any user mode processes suffering second-chance exceptions. Full process memory dumps (user mode process dumps) are not to be confused with full memory dumps (kernel mode or kernel+user mode memory dumps). Full process memory dumps are dumps of only a single process, and are called 'full' because they capture a process' full address space. The default user mode process memory dump contains only stacks and registers. ┌─────────────────────────────────────── │ Reference • Collecting User-Mode Dumps • Windows Error Reporting • Operating System Version • User Account Control ┌─────────────────────────────────────── │ Acquire • There is nothing to acquire, Windows Error Reporting is a component of the operating system in Windows 6.0 and uplevel. ┌─────────────────────────────────────── │ Configure - Universal Process Settings - Registry Editor • Universal settings are preferred and should be used unless configuring universal settings results in 'too many' process dumps that consume excessive mass storage space, or for some other environmental reason. • Open 'Registry Editor'.     · Press: Windows Button+R     · The window 'Run' will appear.         · Enter: regedit.exe         · Click: OK     · The window 'Run' will close.     · The window 'User Account Control' will appear.         · Click: OK     · The window 'User Account Control' will close.     · The window 'Registry Editor' will appear.         · Set registry values:             · HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps  DumpCount   REG_DWORD      0x00000010 (16)             · HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps  DumpFolder  REG_EXPAND_SZ  C:\Users\Public\Documents             · HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps  DumpType    REG_DWORD      0x00000002 (2) • Close the window 'Registry Editor'. ┌─────────────────────────────────────── │ Configure - Universal Process Settings - .reg File • The below text can be emplaced in a .reg file and used to configure universal settings: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps] "DumpCount"=dword:00000010 "DumpFolder"=hex(2):25,00,50,00,55,00,42,00,4c,00,49,00,43,00,25,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,00,00 "DumpType"=dword:00000002 ┌─────────────────────────────────────── │ Configure - Per-Application Settings - Registry Editor • Per-application settings for a specific process will override any universal settings.     · Per-application settings may be necessary if a specific process requires settings that differ from the universal settings. • PSPro recommends use of per-application settings only if there is a reason not to use universal settings.     · A specific process may be the identified target of an investigation, but other processes unknowingly related to the investigation also suffering exceptions might escape recognition if universal settings are not configured. • Open 'Registry Editor'.     · Press: Windows Button+R     · The window 'Run' will appear.         · Enter: regedit.exe         · Click: OK     · The window 'Run' will close.     · The window 'User Account Control' will appear.         · Click: OK     · The window 'User Account Control' will close.     · The window 'Registry Editor' will appear.         · For each application:             · Create registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\<processname.exe>                 · Where '<processname.exe>' is the process name of an application.             · Set registry values:                 · HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\<processname.exe>  DumpCount   REG_DWORD      0x00000010 (16)                 · HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\<processname.exe>  DumpFolder  REG_EXPAND_SZ  C:\Users\Public\Documents                 · HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\<processname.exe>  DumpType    REG_DWORD      0x00000002 (2) • Close the window 'Registry Editor'. ┌─────────────────────────────────────── │ Credits Any external referenced material in this document is hyperlinked. Authors responsible for referenced work should be sought through the reference(s) listed. I am Christopher Etter, a Professional Services consultant. Because you are using this, I welcome you as my customer. These documents are free for you to use. I work diligently to serve you with material such as this. I would appreciate it if PSPRO (professionalservices.pro), my name, and this 'Credits' section remain attached to this work so that I accrue name recognition via your success and peer recommendation. Thank you very much, and I hope this document helps you solve your current information technology issue!