Local News Site Crashes, Part 1Posted: May 17, 2010
Our local paper redesigned its website a month ago. Ever since, this is what I and many others have seen when opening it for the morning.
Sometimes, a website will crash one time due to an isolated error. A third-party web analytics site once made an error in its HTML that brought down every site that used their services. This sort of error gets found and corrected very quickly.
But this went on over days. Rarely, the site would stay open for reading only to crash when opening another story I wanted to find the problem, even though I have no stake or obligation to do so. I didn’t think I could get the newspaper interested in my bug report so I tried to find out what I could with my own knowledge of Windows internals.
First of all, I needed a crash dump of the failed process, to wit, Internet Explorer. Windows 7 (and Vista) do not save crash dumps for applications by default. (Note that this has nothing to do with the settings for kernel dumps or bluescreens; those are handled through the familiar sysdm.cpl control panel applet.)
MSDN has a page describing how to configure user-mode dumps.
There’s only one setting we need to enable the dumps. In Regedit, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps. Under that key, create a new DWORD value named DumpType. Set its value to 2. This will make Windows perform full dumps of the application, which we will need to make any headway in this diagnosis. Restart the computer.
When an app crashes, Windows will now put its full crash dump in the LocalApps folder (normally c:\users\<user>\AppData\Local\CrashDumps.) It will store up to 10 dumps before overwriting any. These defaults can be changed per the MSDN page but these are fine here.
Next, I installed Fiddler. This is a really ingenious HTTP proxy. It uses the built-in proxy settings, that you may have seen in the Internet Options dialog, to redirect HTTP traffic to itself, capture it and display it, much like WireShark and Network Monitor, but with special emphasis on HTTP debugging. It would tell me what was requested when IE crashed. Fortunately, the crash was repeatable so I captured it with Fiddler:
The main window of Fiddler is very much like other network tracing tools. A list of sessions opened is in the left pane. The right pane has details on a particular session and the lower right pane has even more details.
There are a lot of requests made to open the typical web page. In a crash like the one I experienced, the web page pops up and one can see headlines and content, but a few second later, the crash dialog comes up.
Note request #149 which I have circled. It goes to watson.microsoft.com. This is where Windows Error Reporting sends your crash data. The crash had happened already here. Any of the requests prior to this could have crunched IE, either immediately or a short time afterwards. I have highlighted the prior request, #148, which is to ad.trafficmp.com, a very common ad-serving site. The requests that came afterwards occurred when I dismissed the error dialog and IE tried to reload the page.
Since I had full dumps of IE during the crash, it was time to run the Windows debugger. That’s my next post.