Attach WinDbg to a process run from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run at login?

Question

I have a .NET application deployed across 28,000 workstations currently. On all of them, that process is launched at user login from the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key. On most of those workstations, it works fine, but on a few, it crashes when running in this way. Annoyingly, launching it manually after login works fine, and no crash happens.

So I'm trying to work out how to get WinDbg up and running and attached to this process in time for me to try to get a memory dump and at least some idea of what's going on.

How can I do that? As far as I'm aware, the order of automatic start-up of applications is not guaranteed on Windows (It's WindowsXP SP3, in case that matters), and so this isn't going to be super easy.

Answer 1

One of the ways to do it is GFlags. Gflags can be instructed to attach to the debugger when the process launches.

And debugger script can be passed in the command line to get a memory dump when the process terminates or throws an exception.