none
Determine what killed a process RRS feed

  • Question

  • We have a systems with several windows services.

    One of these services is used to monitor the other services and will do some actions if one of the other services fails.

    Is there any programmatic, or other way, for use to know if one of the services had its process killed by another process, ie task manager?

    We want to know if the service crashed or had its process killed by the user or some other process.

    I found an article here which looked promissing, but it requires installing debugging tools for windows which is not an option.

    Thursday, November 29, 2012 11:50 AM

Answers

All replies

  • Let me get this straight - You wish to debug mysterious terminations of server processes, without the use or aid of the vendor-supplied debugging tools.

    OKAY!

    I guess you are stuck writing your own versions of said tools. Let my grandchildren know when you are done please.


    "Premature optimization is the root of all evil." - Knuth

    If I provoked thought, please click the green arrow

    If I provoked Aha! please click Propose as Answer

    Thursday, November 29, 2012 12:24 PM
  • I only want to know when a process terminates if it was killed by the user, ie using task manager, or a third party process, or not.

    This is more for us to confirm that the user killed a process when they deny doing it.

    Thursday, November 29, 2012 3:01 PM
  • OK. SO install the tools on the server, tweak the flag, and uninstall. COnfront trouoblesome user, and pop stack.

    "Premature optimization is the root of all evil." - Knuth

    If I provoked thought, please click the green arrow

    If I provoked Aha! please click Propose as Answer

    Thursday, November 29, 2012 3:03 PM
  • We need a solution we can deploy within our product, which does not need the installation of extra tools, windows debugging tools etc.

    So, my question is still is there any way to get this kind of information without installing debugging tools?

    Thursday, November 29, 2012 3:19 PM
  • See if this helps:

    http://msdn.microsoft.com/en-us/library/windows/hardware/jj602791(v=vs.85).aspx

    Note that this (as well as the gflags.exe solution given in the article mentioned above) only works in Window 7 or above.  AFAIK, there's no supported/documented way to get this behavior on pre-7 OS's.


    -cd Mark the best replies as answers!

    • Proposed as answer by Mike FengModerator Friday, November 30, 2012 9:22 AM
    • Marked as answer by irishliam Friday, November 30, 2012 4:11 PM
    Thursday, November 29, 2012 10:54 PM
    Moderator
  • Hi.

    Setting the regkey directly looks like it will work, we are running win 2008 R2 so it works for me.

    Besides the desired creation of the windows event, are there any other possibly negative impacts to setting the key? If there aren't we may add the setting of this key for all our processes on produciton deployments to aid in determining if future process terminations were indeed process crashes or not.

    Thanks.
    Friday, November 30, 2012 11:39 AM