Dump With FREB

In this article we will learn how to take FREB files and dump simultaneously.

Prerequisites

Install-WindowsFeature -name Web-Http-Tracing

After downloading it, do the following:

This will be that path where FREB will find procdump executable.

Example Image:

This is where the generated dumps will be written.

Example Image:

In this example I will create a FREB rule to generate a file if a request takes at least 8 seconds. In addition to this, FREB will be configure to do a custom action if time taken trigger is met. It will generate a dump.

Go to your site/application where you want to set the FREB rule and create your rule normally.

Now we need to allow Failed Request Tracing Module to accept custom actions

Go at Server level

Close window and in the Actions pane click “apply”.

We just allowed Failed Request Tracing Module to do custom actions.

Now, go to your site where you created the rule:

In here, fill the following attributes with the path where the executable is, the command + path where you would like files to store and with the limit of this custom action:

The “%1%” is vital as it will pass the PID of w3wp.exe to procdump.

Close window and in the Actions pane click “apply”.

Reproduce issue and voila:

As we set a maximum of three for custom action, only three dumps will be written.

That is it.

If you want to reset count, you will have to edit “customActionTriggerLimit”, set another number and save it. It is not enough to only erase dumps.

Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store