From a5082f2cd831bd04f9285a95594a872e0600443b Mon Sep 17 00:00:00 2001 From: misomosi Date: Sat, 5 Oct 2024 00:57:19 -0400 Subject: [PATCH 1/7] Add crash dump setup to README --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 1adbf516d..695d35c1b 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,22 @@ proof, it'd greatly help out if you submitted the issues you find here, along with any information you can gather, like dump files (along with the build you used), instructions to reproduce, test executables, and so on. +You can automatically generate local dumps on Windows for all executables +or specific executables by following [MSDN's Collecting User-Mode Dumps]( +https://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dump://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps). Below is an example batch script to collect dumps for the debugger. +``` +@echo off +REM You can find the dumps later in the default location %LOCALAPPDATA%\CrashDumps +FOR %%F in (raddbg.exe, rdi_from_pdb.exe, rdi_breakpad_from_pdb.exe, rdi_dump.exe) DO ( +REM Custom dump flags retrieved by executing ".dump /mf test.dump" in WinDbg then opening it +REM TODO: RAD Studios, feel free to customize the dump flags here however you want +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpType /t REG_DWORD /d 0 +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v CustomDumpFlags /t REG_DWORD /d 0x641826 +) +``` +In addition, you should ``ZIP`` the crash dump using ``7-zip`` or similar software. + You can download pre-built binaries for the debugger [here](https://github.com/EpicGames/raddebugger/releases). From e93a34476b33a2b812ef09505ed5295650f96be4 Mon Sep 17 00:00:00 2001 From: misomosi Date: Sat, 5 Oct 2024 01:18:10 -0400 Subject: [PATCH 2/7] Mention that script for dumps must run as admin --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 695d35c1b..2b910b5a7 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ used), instructions to reproduce, test executables, and so on. You can automatically generate local dumps on Windows for all executables or specific executables by following [MSDN's Collecting User-Mode Dumps]( -https://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dump://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps). Below is an example batch script to collect dumps for the debugger. +https://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dump://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps). Below is an example batch script that you can run as administrator to collect dumps automatically for the debugger. ``` @echo off REM You can find the dumps later in the default location %LOCALAPPDATA%\CrashDumps From 5e7525bddad3669c6fa4b065708d3daf56265f1d Mon Sep 17 00:00:00 2001 From: misomosi Date: Sat, 5 Oct 2024 09:01:27 -0400 Subject: [PATCH 3/7] Add caveat for CustomDumpFlags, suggest password --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 2b910b5a7..fea06767d 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,12 @@ REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\L ) ``` In addition, you should ``ZIP`` the crash dump using ``7-zip`` or similar software. +Keep in mind that ``CustomDumpFlags`` in this script includes memory info because +it helps when debugging crashes so either go to [MINIDUMP\_TYPE]( +https://learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/ne-minidumpapiset-minidump_type) +and change ``CustomDumpFlags`` to your liking or don't work on anything personal or sensitive with ``raddbg`` +with these settings. If you ``ZIP`` the dump, you can also encrypt it with a password and then post +the password in the bug report as a minor security measure against web scrapers. You can download pre-built binaries for the debugger [here](https://github.com/EpicGames/raddebugger/releases). From 6a7b3f5ec43c7ff86382553cc72713278eef4544 Mon Sep 17 00:00:00 2001 From: misomosi Date: Sat, 5 Oct 2024 11:41:30 -0400 Subject: [PATCH 4/7] Improve batch script for setting dump settings --- README.md | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index fea06767d..95c773872 100644 --- a/README.md +++ b/README.md @@ -18,16 +18,32 @@ used), instructions to reproduce, test executables, and so on. You can automatically generate local dumps on Windows for all executables or specific executables by following [MSDN's Collecting User-Mode Dumps]( -https://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dump://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps). Below is an example batch script that you can run as administrator to collect dumps automatically for the debugger. +https://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps). +Below is an example batch script that you can run as administrator to collect dumps automatically for the debugger. ``` @echo off -REM You can find the dumps later in the default location %LOCALAPPDATA%\CrashDumps -FOR %%F in (raddbg.exe, rdi_from_pdb.exe, rdi_breakpad_from_pdb.exe, rdi_dump.exe) DO ( + REM Custom dump flags retrieved by executing ".dump /mf test.dump" in WinDbg then opening it REM TODO: RAD Studios, feel free to customize the dump flags here however you want -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" +SET RADDBG_CRASH_DUMP_FLAGS=0x641826 +SET /P RADDBG_CRASH_DUMPS="Where would you like to place crash dumps for raddbg (Default: %%LOCALAPPDATA%%\CrashDumps)? " || SET RADDBG_CRASH_DUMPS=%%LOCALAPPDATA%%\CrashDumps +SET /P GLOBAL_CRASH_DUMPS="Where would you like to place crash dumps for other apps by default (Default: NUL)? " || SET GLOBAL_CRASH_DUMPS=NUL + +ECHO. +ECHO Changing registry settings for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps! +ECHO. +ECHO Setting Global Crash Dump Directory to %GLOBAL_CRASH_DUMPS%... +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpLocation /t REG_EXPAND_SZ /d %GLOBAL_CRASH_DUMPS% + +ECHO. +ECHO Setting RADDBG Crash Dump Directory to %RADDBG_CRASH_DUMPS%... +ECHO Using CustomDump Strategy with CustomDumpFlags = %RADDBG_CRASH_DUMP_FLAGS% +FOR %%F in (raddbg.exe, rdi_from_pdb.exe, rdi_breakpad_from_pdb.exe, rdi_dump.exe) DO ( +ECHO. +ECHO Setting Crash Dump Settings for %%F... REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpType /t REG_DWORD /d 0 -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v CustomDumpFlags /t REG_DWORD /d 0x641826 +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v CustomDumpFlags /t REG_DWORD /d %RADDBG_CRASH_DUMP_FLAGS% +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpLocation /t REG_EXPAND_SZ /d %RADDBG_CRASH_DUMPS% ) ``` In addition, you should ``ZIP`` the crash dump using ``7-zip`` or similar software. From fda919cad9450bee079eee53734e24a6cc0c2013 Mon Sep 17 00:00:00 2001 From: misomosi Date: Sat, 5 Oct 2024 12:07:18 -0400 Subject: [PATCH 5/7] Correct DumpLocation to DumpFolder --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 95c773872..a6a950bf7 100644 --- a/README.md +++ b/README.md @@ -27,13 +27,13 @@ REM Custom dump flags retrieved by executing ".dump /mf test.dump" in WinDbg the REM TODO: RAD Studios, feel free to customize the dump flags here however you want SET RADDBG_CRASH_DUMP_FLAGS=0x641826 SET /P RADDBG_CRASH_DUMPS="Where would you like to place crash dumps for raddbg (Default: %%LOCALAPPDATA%%\CrashDumps)? " || SET RADDBG_CRASH_DUMPS=%%LOCALAPPDATA%%\CrashDumps -SET /P GLOBAL_CRASH_DUMPS="Where would you like to place crash dumps for other apps by default (Default: NUL)? " || SET GLOBAL_CRASH_DUMPS=NUL +SET /P GLOBAL_CRASH_DUMPS="Where would you like to place crash dumps for other apps by default (Default: %%LOCALAPPDATA%%\NUL, won't store dumps)? " || SET GLOBAL_CRASH_DUMPS=%%LOCALAPPDATA%%\NUL ECHO. ECHO Changing registry settings for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps! ECHO. ECHO Setting Global Crash Dump Directory to %GLOBAL_CRASH_DUMPS%... -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpLocation /t REG_EXPAND_SZ /d %GLOBAL_CRASH_DUMPS% +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpFolder /t REG_EXPAND_SZ /d %GLOBAL_CRASH_DUMPS% ECHO. ECHO Setting RADDBG Crash Dump Directory to %RADDBG_CRASH_DUMPS%... @@ -43,7 +43,7 @@ ECHO. ECHO Setting Crash Dump Settings for %%F... REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpType /t REG_DWORD /d 0 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v CustomDumpFlags /t REG_DWORD /d %RADDBG_CRASH_DUMP_FLAGS% -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpLocation /t REG_EXPAND_SZ /d %RADDBG_CRASH_DUMPS% +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpFolder /t REG_EXPAND_SZ /d %RADDBG_CRASH_DUMPS% ) ``` In addition, you should ``ZIP`` the crash dump using ``7-zip`` or similar software. From 6c1fa8c8fa62a44ffc195b7a0f3968cc3fa5ac87 Mon Sep 17 00:00:00 2001 From: misomosi Date: Sat, 5 Oct 2024 12:40:06 -0400 Subject: [PATCH 6/7] Store global crash dumps & default flags to 0 --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a6a950bf7..94e4e9873 100644 --- a/README.md +++ b/README.md @@ -23,26 +23,31 @@ Below is an example batch script that you can run as administrator to collect du ``` @echo off -REM Custom dump flags retrieved by executing ".dump /mf test.dump" in WinDbg then opening it +REM Global custom dump flags 0 by default because that's safest for confidentiality and saves the most space +REM RadDbg custom dump flags retrieved by executing ".dump /mf test.dump" in WinDbg then opening it REM TODO: RAD Studios, feel free to customize the dump flags here however you want -SET RADDBG_CRASH_DUMP_FLAGS=0x641826 +SET RADDBG_CRASH_DUMPS_FLAGS=0x641826 SET /P RADDBG_CRASH_DUMPS="Where would you like to place crash dumps for raddbg (Default: %%LOCALAPPDATA%%\CrashDumps)? " || SET RADDBG_CRASH_DUMPS=%%LOCALAPPDATA%%\CrashDumps -SET /P GLOBAL_CRASH_DUMPS="Where would you like to place crash dumps for other apps by default (Default: %%LOCALAPPDATA%%\NUL, won't store dumps)? " || SET GLOBAL_CRASH_DUMPS=%%LOCALAPPDATA%%\NUL +SET /P GLOBAL_CRASH_DUMPS="Where would you like to place crash dumps for other apps by default (Default: %%LOCALAPPDATA%%\CrashDumps)? " || SET GLOBAL_CRASH_DUMPS=%%LOCALAPPDATA%%\CrashDumps +SET /P GLOBAL_CRASH_DUMPS_FLAGS="What CustomDumpFlags would you like to use for other apps by default (Default: 0)? " || SET GLOBAL_CRASH_DUMPS_FLAGS=0 ECHO. ECHO Changing registry settings for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps! ECHO. ECHO Setting Global Crash Dump Directory to %GLOBAL_CRASH_DUMPS%... +echo Using CustomDump Strategy with CustomDumpFlags = %GLOBAL_CRASH_DUMPS_FLAGS% +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpType /t REG_DWORD /d 0 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpFolder /t REG_EXPAND_SZ /d %GLOBAL_CRASH_DUMPS% +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v CustomDumpFlags /t REG_DWORD /d %GLOBAL_CRASH_DUMPS_FLAGS% ECHO. ECHO Setting RADDBG Crash Dump Directory to %RADDBG_CRASH_DUMPS%... -ECHO Using CustomDump Strategy with CustomDumpFlags = %RADDBG_CRASH_DUMP_FLAGS% +ECHO Using CustomDump Strategy with CustomDumpFlags = %RADDBG_CRASH_DUMPS_FLAGS% FOR %%F in (raddbg.exe, rdi_from_pdb.exe, rdi_breakpad_from_pdb.exe, rdi_dump.exe) DO ( ECHO. ECHO Setting Crash Dump Settings for %%F... REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpType /t REG_DWORD /d 0 -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v CustomDumpFlags /t REG_DWORD /d %RADDBG_CRASH_DUMP_FLAGS% +REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v CustomDumpFlags /t REG_DWORD /d %RADDBG_CRASH_DUMPS_FLAGS% REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpFolder /t REG_EXPAND_SZ /d %RADDBG_CRASH_DUMPS% ) ``` From 97582dfb128329cb2d874a3a9f8209a305b3dcab Mon Sep 17 00:00:00 2001 From: misomosi Date: Fri, 11 Oct 2024 21:30:52 -0400 Subject: [PATCH 7/7] Recommend crash dump creation with Task Manager --- README.md | 44 ++------------------------------------------ 1 file changed, 2 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 94e4e9873..1664e60a7 100644 --- a/README.md +++ b/README.md @@ -16,48 +16,8 @@ proof, it'd greatly help out if you submitted the issues you find here, along with any information you can gather, like dump files (along with the build you used), instructions to reproduce, test executables, and so on. -You can automatically generate local dumps on Windows for all executables -or specific executables by following [MSDN's Collecting User-Mode Dumps]( -https://learn.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps). -Below is an example batch script that you can run as administrator to collect dumps automatically for the debugger. -``` -@echo off - -REM Global custom dump flags 0 by default because that's safest for confidentiality and saves the most space -REM RadDbg custom dump flags retrieved by executing ".dump /mf test.dump" in WinDbg then opening it -REM TODO: RAD Studios, feel free to customize the dump flags here however you want -SET RADDBG_CRASH_DUMPS_FLAGS=0x641826 -SET /P RADDBG_CRASH_DUMPS="Where would you like to place crash dumps for raddbg (Default: %%LOCALAPPDATA%%\CrashDumps)? " || SET RADDBG_CRASH_DUMPS=%%LOCALAPPDATA%%\CrashDumps -SET /P GLOBAL_CRASH_DUMPS="Where would you like to place crash dumps for other apps by default (Default: %%LOCALAPPDATA%%\CrashDumps)? " || SET GLOBAL_CRASH_DUMPS=%%LOCALAPPDATA%%\CrashDumps -SET /P GLOBAL_CRASH_DUMPS_FLAGS="What CustomDumpFlags would you like to use for other apps by default (Default: 0)? " || SET GLOBAL_CRASH_DUMPS_FLAGS=0 - -ECHO. -ECHO Changing registry settings for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps! -ECHO. -ECHO Setting Global Crash Dump Directory to %GLOBAL_CRASH_DUMPS%... -echo Using CustomDump Strategy with CustomDumpFlags = %GLOBAL_CRASH_DUMPS_FLAGS% -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpType /t REG_DWORD /d 0 -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpFolder /t REG_EXPAND_SZ /d %GLOBAL_CRASH_DUMPS% -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v CustomDumpFlags /t REG_DWORD /d %GLOBAL_CRASH_DUMPS_FLAGS% - -ECHO. -ECHO Setting RADDBG Crash Dump Directory to %RADDBG_CRASH_DUMPS%... -ECHO Using CustomDump Strategy with CustomDumpFlags = %RADDBG_CRASH_DUMPS_FLAGS% -FOR %%F in (raddbg.exe, rdi_from_pdb.exe, rdi_breakpad_from_pdb.exe, rdi_dump.exe) DO ( -ECHO. -ECHO Setting Crash Dump Settings for %%F... -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpType /t REG_DWORD /d 0 -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v CustomDumpFlags /t REG_DWORD /d %RADDBG_CRASH_DUMPS_FLAGS% -REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\%%F" /v DumpFolder /t REG_EXPAND_SZ /d %RADDBG_CRASH_DUMPS% -) -``` -In addition, you should ``ZIP`` the crash dump using ``7-zip`` or similar software. -Keep in mind that ``CustomDumpFlags`` in this script includes memory info because -it helps when debugging crashes so either go to [MINIDUMP\_TYPE]( -https://learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/ne-minidumpapiset-minidump_type) -and change ``CustomDumpFlags`` to your liking or don't work on anything personal or sensitive with ``raddbg`` -with these settings. If you ``ZIP`` the dump, you can also encrypt it with a password and then post -the password in the bug report as a minor security measure against web scrapers. +Dump files can be generated when ``RadDdg.exe`` crashes by opening task manager, +right clicking on the ``RadDbg.exe`` process and selecting "Create Memory Dump from File". You can download pre-built binaries for the debugger [here](https://github.com/EpicGames/raddebugger/releases).