In the previous article of this cycle dedicated to the Application Restart and Recovery mechanism, we mentioned the Windows Error Reporting mechanism (WER). About him and will be discussed in this article of this cycle

In the previous article of this cycle dedicated to the Application Restart and Recovery mechanism, we mentioned the Windows Error Reporting mechanism (WER). About him and will be discussed in this article of this cycle.

Windows Error Reporting Mechanism

Using the Windows Error Reporting (WER) mechanism, you can collect error data that occur in applications, and or send this information to the Microsoft Special Site (site http://winqal.microsoft.com), or save it locally. Calling for detailed error information and failures helps to eliminate application deficiencies, error correction, simplifies the release of packages of updates and new application versions, provides overall stability and reliability of both the applications themselves and operating system.

Note that Microsoft itself actively uses the Windows Error Reporting mechanism both in the development process and after the production of products to the market. Thus, the Microsoft Office product group corrected 50% of Errors in Office Service PACL 2, Product Group Visual Studio. - 74% of bugs in Beta 1 Visual Studio 2005, 29% of Windows XP errors were fixed in Windows XP Service Pack 1. Currently, more than 2 thousand companies use Windows Error Reporting services to improve the quality of their applications.

The Windows Error Reporting mechanism for the first time appeared in Windows XP, was significantly expanded in Windows Vista and was further developed in Windows Server 2008, Vista Service Pack 1 and Windows 7 and Windows Server 2008 R2. So, at the Windows Vista level, the developers have the opportunity not only to receive information about the failures that occurred in applications, but also performance data. Now you can create more flexibly, configure and send reports about problems, the means of online data analysis have improved and the mechanism of communications with users has simplified - through the mechanism PROBLEM REPORTS AND SOLUTIONS (in Windows Vista - Start. -> Control Panel -\u003e System and Maintenance -\u003e PROBLEM REPORTS AND SOLUTIONS -\u003e View Problem History) I. Action Center. (in Windows 7). Then, in Windows Server 2008 and Vista Service Pack 1, it was possible to create local dumps, and in Windows 7 and Windows Server 2008 R2, the ability to generate exceptions that will not be processed by traditional handlers and will lead to immediate completion of the application and automatically start the Windows Error Reporting mechanism , as well as the ability to specify an external process - exception handler, which will be called to obtain the name of the event, the error report parameters and optional debugger launch.

Using Windows Error Reporting Mechanism

Let's briefly consider how developers can apply the Windows Error Reporting mechanism to obtain information about failures and other problems with their applications. Starting with Windows Vista Windows. By default, it provides a report on failures, enlightening and errors of the operating system kernel (Kernel Faults) for all applications - no changes to application code is not required. If necessary, the report includes a mini-dump of memory and dump "Heaps" applications, applications require the use of software interfaces in cases where you need to send some specific application for the application for more information. Since the Windows kernel automatically collects information about untreated exceptions, applications do not need to handle exceptions leading to fatal errors.

In the event of failures, hangs or errors of the operating system kernel level, the Windows Error Reporting mechanism performs the following sequence of actions:

1. The emergence of the problem.
2. The kernel of the operating system causes WER.
3. Wer collects data, creates a report and, if necessary, requests confirmation from the user to send a report.
4. When you receive confirmation, the WER refers report to Microsoft (the so-called Watson Server).
5. If the server requires additional data, the WER collects them and, if necessary, requests confirmation from the user to send.
6. If the application is registered to restart (we discussed this topic earlier), the WER performs the corresponding indirectly called application function.
7. If there is a solution to the problem that led to a failure, the user receives a notification using the appropriate operating system tools.

Depending on the situation in the CAB file may be present. different types Dumps that can be distinguished by expanding the file name (Table 1).

The application may use the following functions to configure the contents sent to Microsoft, the registration function specifies the Web to include the specified files and memory blocks in the created report.

To enable the file report, the WerregisterFile () function is used, which is transmitted as parameters: the full file name, its type (one of the Wer_register_File_Type values) and two flags: wer_delete_file_when_done, indicating that the file must be removed after sending the report, and WER_ANONYMOUS_ DATA, indicating that the file does not contain private data. Possible values \u200b\u200bof the WER_REGISTER_FILE_ TYPE parameter are given in Table. 2.

Note that the task of generating a memory dump is assigned to the application developer - to solve it, you can apply, for example, the debugging mechanisms described in Windows SDK (see the MiniDumpWritedUdUMP () function).

To exclude a file from the report, use the WERUNREGISTERFILE () function, indicating the name of the file being excluded as a parameter.

In most scenarios, sending additional files only when receiving the corresponding request from the server. In the event of references of additional files, you must apply the wer_add_ registered_data flag when calling the WerreportSubmit () function - we will tell about it further.

To enable a copy area of \u200b\u200bthe memory, the WerregisterMemoryBlock () function is used, which parameters are transmitted to the address of the start of the included memory block and the size of this block in bytes (the maximum size of the memory block is WER_MAX_MEM_BLOCK_SIZE). To cancel the inclusion of a copy of the memory area, the WERUNREGISTERMEMORYBLOCK () function should be applied to the report. In case of sending data from memory, you must use the wer_add_registered_data flag when calling the WerreportSubmit () function.

WersetFlags () and WergetFlags () functions can be used according to control of the process status at the time of generating error report and receiving information about the settings.

The process of generation and references of the report consists of several steps. The report initialization is performed by calling the WerReportCreate () function, which indicates the type of event for which the report is created, the report type ( WerreportnonCritical. - For failures with the ability to restore and WerReportCritical - for failures that caused an emergency completion of the application), a link to the information included in the report (see the WER_Report_INFORMATION structure), and the variable that will contain a link to the created report - Reporthandle.

After the report is successfully initialized, it is necessary to add the parameters of the first and second groups to it. The parameters of the first group are set using the WerReport-Set-Parameter () function, which is sent to the reference to the created report (the result of successfully executing the WerreportCreate function), the set of flags, the name of the parameter and its value (16-bit string in Unicode, ending with zero).

To include in the report additional parameters The WerReportAdDSecondaryParameter () function is used, which is transmitted to the report, the name of the parameter and its value.

In addition to the possibility of incorporating files and snapshots of memory areas, it is provided for a transmission as part of a report and memory dumps - for this you can use the WerreportAdDDUMP () function, as the parameters of which are the reference to the report, references to the process and the flow for which a dump was created , Dampa type (one of the WER_DUMP_TYPE values), exclusion information (pointer to the WER_EXCEPTION_INFORMATION type structure), additional options (data type WER_DUMP_CUSTOM_OPTIONS) and flags. Note that the process for which the dump is created must have access rights standard_rights_read and process_query_information.

To enable the file report, we use the WerreportAdDFile () function, which we pass the link to the report, the full file name, the file type (WER_FILE_ TYPE) and additional flags.

In addition, developers are given the ability to customize user interface - select information displayed in the system dialog panel. For these purposes, the WerReportSetui Option () function is served, which is transmitted to the report link, the report interface type (WER_Report_UI) and the value of the displayed string. An application can modify any of the interface element fields specified by the wer_report_ui parameter; Each function call allows you to modify only one field. The WerReportSetuiOption () function () can be called at any time of the application to directly sending the report.

After the report is formed and configured, we use the WerReportSubmit () function to send a report. A link to the report is transmitted as the parameters of this function, the type of user interface (the presence of administrator rights, confirmation of references, etc.) and the set of flags. After the report is sent, you should close the link to it using the WerReportCloseHandle () function.

To disable the application from the Windows Error Reporting mechanism, use the WRADDEXCLUDEDApplication () function, and for re-connections - the WerremoveExCludedApplication () function.

Windows Error Reporting settings are located in two registry branches:

• HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ Windows Error Reporting;
• HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ Windows Error Reporting.

The most useful settings are shown in Table. 3.

Conclusion

In this cycle of articles, we discussed various issues of improving the stability of the application. We reviewed the technique to avoid memory leakage, prevent application hangs, discussed the use of the Application Restart and Recovery mechanism, which allows you to restart the applications that the resources have been blocked, or have ceased to respond to the system messages, and the Windows Error Reporting mechanism, which allows you to collect data about Failures occurring in applications.

In the following articles dedicated to the operating room windows system 7 For developers, we will consider a number of changes at the level of the operating system core, which may be of interest to application developers.

Service WER. (Windows Error Reporting) serves to collect and send debug information about the fall of system and third-party applications In Windows on Microsoft Server. As an idea of \u200b\u200bMicrosoft, this information should be analyzed and if you have a solution, the problem of fixing the problem must be sent to the user via Windows Error Reporting Response. But in fact, few people use this functionality, although Microsoft persistently leaves the Error collection service WER enabled by default in all the last windows versions. In most cases, the WER service is remembered when the catalog begins to occupy on system disk quite a lot of space (up to several tens of GB), even despite the fact that on this directory is included by default.

Windows Error Reporting Service

Windows Error Reporting is a separate windows servicewhich can be easily disabled by the command:

Inside the Wer \\ ReportQueue directory \\ contains many directories, with the names in the format:

• Critical_6.3.9600.18384_ (ID) _00000000_CAB_3222BF78
• Critical_powershell.exe_ (id) _cab_271e13c0
• Critical_sqlservr.exe __ (id) _cab_b3a19651
• Noncritical_7.9.9600.18235 __ (id) _0bfcb07a
• Appcrash_cmd.exe_ (id) _bda769bf_37d3b403

As you can see, the catalog name contains the degree of criticality of the event and the name of a specific exe file that ended the emergency. All directories necessarily have a file. Report.wer.which contains a description of errors and several files with additional information.

Clearing WER \\ REportQueue folder in Windows

As a rule, the size of each folder is insignificant, but in some cases a memory dump is generated for a problem process, which takes up quite a lot of space. In the screenshot, it shows that the size of the dump file memory.hdmp It is about 610 MB. A couple of such dumps - several free hygibytes disappeared on the disk.

To clear all these errors and magazines staffing, Open the Control Panel and go to Controlpanel section -\u003e System and Security -\u003e Action Center -\u003e Maintenance -\u003e View Reliability History -\u003e View All Problem Reports and click on the button CLEAR ALL PROBLEM REPORTS.

To quickly release a disk space from debug files generated by WER service, content the following catalogs You can safely remove with your hands.

• C: \\ ProgramData \\ Microsoft \\ Windows \\ Wer \\ ReportArchive \\

Disconnection Window Error Reporting in Windows Server 2012 R2 / 2008 R2

Disable Windows Error Reporting Error Record in Server Windows Editors as follows:

Disable the collection and sending and sending reports in Windows 10

In Windows 10, it is possible to disable Error Reporting through the GUI. Check the status of the component in the control panel system and safety ->Security and Service Center -\u003e Section Service. As you see, the default option is on (Control Panel -\u003e System and Security -\u003e Security and Maintenance -\u003e Maintenance -\u003e Check for Solutions to Problem Reports).

Disable Windows Error Reporting in Windows 10 through the registry. To do this, in the branch you need to create a new DWORD type parameter (32 bits) named Disabled. and meaning 1 .

Now check again the status of the parameter Search for solutions for the problems specified in reports In the control panel. Its status should change to disabled.

Disabling Windows Error Reporting through group policies

Windows Error Reporting logging can be disabled group Policy. She is in the section Computer Configuration / Administrative Templates / Windows Components / Windows Error Reporting (Windows components -\u003e Windows error reports). To disable collecting and sending data, enable policies. Disable Windows Error Reporting (Disable Windows error reports).

As a result, application error error messages will stop forming and automatically sent to Microsoft.

This is an article based on issues on the forums: "How can I return the line from DLL?", "How to transfer and return an array of records?", "How to transfer to the DLL form?".

In order for you not to spend half of life to figure out - in this article I will bring everything on a scenery.

The topics of this article in varying degrees have repeatedly affected this blog, but in this article they are collected in a bunch, justifications are given. In short, reference to this article can be thrown in those who develop DLL.

Important note: The article needs to be read sequence. Examples of code are given only as examples, at each step (paragraph) of the article, the code of examples is added with new details. For example, at the very beginning of the article, there is no error handling, "classic" methods (such as, using GetLastterror, SDTCALL agreements, etc.), which in the course of the article are replaced with more adequate. Made so for the reason that the "new" design ("unusual") designs did not cause questions. Otherwise, when I had to insert a note of the species to each example: "This is discussed at that point below, but what is this. In any case, at the end of the article there is a link to the ready-made code, written in the whole of what has been said in the article. You can just take it and use. And the article explains why and why. If you are not interested in "why and why", leaf at the end to the conclusion and link to download the example.

Ceases to work or works incorrectly) Windows Creates a report on the problem that is designed to be sent to Microsoft. (To find a solution to the problem).

Starting from the operating system , to change the "Inspection Tool of Discharges or Alarms" Dr. Watson. Came Windows Error Reporting (WER.) – Registration service windows errors (Other names - , Reports on issues and solutions).

Windows error registration service represented by the following files (all are located in the catalog \\ Windows \\ System32 \\):

– wer.dll. (Windows error library);

– wercon.exe. (Reports on issues and their decisions);

– wercplsupport.dll ();

– wERDIAGCONTROLLER.DLL (Wer Diagnostic Controller.);

– Werfault.exe. (Windows error report);

– WerfaultSecure.exe. (Windows error reports);

– wermgr.exe. (Windows Problem Reporting);

– wersvc.dll (Windows error registration service);

– wertargets.wtl..

When the failure of any process (program), service Windows Error Reporting Runs - in the erroneous process session - its ( Werfault.exe.),

transfering an identifier ( PID) Process B. command line Werfault.:

This displays the window. Microsoft Windows. With an error message - "Discontinued work<Название_программы>. Next connection to Internet windows Can conduct a search for a way to eliminate this error ":

Pressing the button Show details problem You can familiarize yourself with the signature problem:

Signature problems are saved in error reports that are stored in the catalog \\ Users \\ Master \\ APPDATA \\ LOCAL \\ Microsoft \\ Windows \\ Wer \\ ReportArchive \\, every report - in a separate folder REPORT ******** (eg, REPORT0A003E48.), in file Report.wer..

Sample file content Report.wer.:

Version \u003d 1.

EventType \u003d AppCrash.

Eventtime \u003d 129234418886148269.

ReportType \u003d 2.

CONSENT \u003d 1.

Response.Type \u003d 4.

SIG.NAME \u003d application name

SIG.VALUE \u003d IEXPLORE.EXE.

SIG.NAME \u003d application version

SIG.VALUE \u003d 8.0.6001.18928.

SIG.NAME \u003d App Time Stamp

SIG.VALUE \u003d 4BDFA327.

SIG.NAME \u003d Module name with error

SIG.VALUE \u003d mshtml.dll.

SIG.NAME \u003d Module version with error

SIG.VALUE \u003d 8.0.6001.18928.

Sig.name \u003d module time stamp with error

SIG.VALUE \u003d 4BDFB76D.

SIG.NAME \u003d Exception code

SIG.VALUE \u003d C0000005.

SIG.NAME \u003d exclusion shift

SIG.VALUE \u003d 000DA33F.

Dynamicsig.name \u003d OS version

Dynamicsig.value \u003d 6.0.6002.2.2.0.768.3.

Dynamicsig.name \u003d language code

Dynamicsig.Value \u003d 1049.

DynamicsG.Name \u003d Additional Information 1

Dynamicsig.Value \u003d FD00.

DynamicsG.Name \u003d Additional Information 2

Dynamicsig.name \u003d additional information 3

Dynamicsig.Value \u003d FD00.

DynamicsG.Name \u003d Additional Information 4

Dynamicsig.Value \u003d.

UI \u003d C: \\ Program Files \\ Internet Explorer \\ iexplore.exe

UI \u003d stopped internet work Explorer

UI \u003d Windows can search for a way to eliminate this error on the Internet.

Ui \u003d look for a solution to the problem on the Internet and close the program

UI \u003d Check for a way to correct errors in the Internet later and close the program

UI \u003d close the program

FriendlyEventName \u003d Stop work

ConsentKey \u003d AppCrash.

Appname \u003d Internet Explorer

APPPATH \u003d C: \\ Program Files \\ Internet Explorer \\ Iexplore.exe

How to launch service Reports on issues and their decisions

Click Start -\u003e Control Panel -\u003e Reports on Problems and Solutions;

- in the window Reports on issues and their decisions on the menu Tasks The following options are available:

· Search for new solutions (you need an open connection to the Internet);