≡ Menu

Troubleshooting: Who killed my process?

Who killed my process?

A tough question. It is very difficult to troubleshoot unexpected process terminations/exits. We don’t know what other process is causing my process to terminate. I am sure some of you have already faced this kind of problem. I came across a nice tool which can address this kind of situation.

Windows debugger(Windbg) has a utility called GFLAGS.EXE which can be used for monitoring a process exit. It has ability to tell us which process has terminated my process. It can monitor that and can give you a pop-up message when it happens. This simplifies the troubleshooting and helps catch the rogue process/application.

Apart from giving a System status message, it can write events to event log as well (check your application log). This also has facilities to dump process memory before exit.

Steps to enable process exit monitoring:

  • Run GFLAGS.EXE and select the Silent Process Exit tab.
  • Type the name of the process that is exiting unexpectedly.
  • Hit the TAB key on the keyboard to refresh the GUI.
  • Check the following boxes:
    • Enable Silent Exit Process Monitoring (This enables the feature and tracks silent process exits in the application event log. Event ID: 3001)
    • Enable Notification (This optionally creates a balloon popup with the same information in the event log.) 
    • Ignore Self Exits (This prevents superfluous logging when the application exits gracefully, such as when File / Exit is selected from a menu.)
  •  Click OK to save the change and exit the GFLAGS tool.

 NOTE: The changes will take effect immediately for any new processes launched after the change.  A reboot is NOT required.

I came across this nice tip in ASKPERF blog(http://blogs.technet.com/b/askperf/archive/2013/05/01/what-killed-my-process.aspx). Go through that for complete information.