From http://support.microsoft.com/kb/317277: If Windows XP restarts because of a serious error, the Windows Error Reporting tool prompts you...
来自http://support.microsoft.com/kb/317277:如果Windows XP由于严重错误而重新启动,则Windows错误报告工具会提示您...
How can my app know that "Windows XP has restarted because of a serious error"?
我的应用程序如何知道“Windows XP因严重错误而重新启动”?
3 个解决方案
#1
8
Note: this is a good question for a code-challenge
注意:对于代码挑战来说,这是一个很好的问题
Here are some executable codes, but feel free to add other solutions, in other languages:
以下是一些可执行代码,但可以随意添加其他语言的其他解决方案:
The uptime might be a good indication:
正常运行时间可能是一个很好的指示:
net stats workstation | find /i "since"
Now link that information with a way to read the windows event logs, like, say in PowerShell:
现在将该信息与读取Windows事件日志的方式相关联,例如在PowerShell中:
Get-EventLog -list | Where-Object {$_.logdisplayname -eq "System"}
And look for the last "Save Dump" messages
并查找最后一次“Save Dump”消息
As Michael Petrotta said, WMI is a good way to retrieve that information.
正如Michael Petrotta所说,WMI是检索该信息的好方法。
Based on the update time, you can make a query like:
根据更新时间,您可以进行如下查询:
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where LogFile = 'System' AND
TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
to easily spot an event log with a "Save Dump" message in it, confirming the crash.
通过其中的“Save Dump”消息轻松识别事件日志,确认崩溃。
More in the Win32_NTLogEvent Class WMI class.
更多在Win32_NTLogEvent类WMI类中。
Actually, this Microsoft article Querying the Event Log for Stop Events does give it to you (the complete request):
实际上,这篇微软文章查询停止事件的事件日志确实给你(完整的请求):
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'System'" _
& " AND SourceName = 'Save Dump'")
For Each objEvent in colLoggedEvents
Wscript.Echo "Event date: " & objEvent.TimeGenerated
Wscript.Echo "Description: " & objEvent.Message
Next
#2
8
Restarts resulting from a BSOD are reported in the event log. Use the libraries in your favorite language to search the log for errors. In .NET, for instance, you'll want to look to the System.Diagnostics.EventLog class. WMI may offer a more flexible way to search the log.
在事件日志中报告由BSOD产生的重新启动。使用您喜欢的语言库来搜索日志中的错误。例如,在.NET中,您需要查看System.Diagnostics.EventLog类。 WMI可以提供更灵活的方式来搜索日志。
#3
2
You can look for a memory or kernel dump file with a recent creation time, if dump file generation has been enabled (or, rather, not disabled since it's on by default.)
如果已启用转储文件生成,则可以查找具有最近创建时间的内存或内核转储文件(或者,默认情况下,由于它已启用,因此不会被禁用)。
#1
8
Note: this is a good question for a code-challenge
注意:对于代码挑战来说,这是一个很好的问题
Here are some executable codes, but feel free to add other solutions, in other languages:
以下是一些可执行代码,但可以随意添加其他语言的其他解决方案:
The uptime might be a good indication:
正常运行时间可能是一个很好的指示:
net stats workstation | find /i "since"
Now link that information with a way to read the windows event logs, like, say in PowerShell:
现在将该信息与读取Windows事件日志的方式相关联,例如在PowerShell中:
Get-EventLog -list | Where-Object {$_.logdisplayname -eq "System"}
And look for the last "Save Dump" messages
并查找最后一次“Save Dump”消息
As Michael Petrotta said, WMI is a good way to retrieve that information.
正如Michael Petrotta所说,WMI是检索该信息的好方法。
Based on the update time, you can make a query like:
根据更新时间,您可以进行如下查询:
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where LogFile = 'System' AND
TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
to easily spot an event log with a "Save Dump" message in it, confirming the crash.
通过其中的“Save Dump”消息轻松识别事件日志,确认崩溃。
More in the Win32_NTLogEvent Class WMI class.
更多在Win32_NTLogEvent类WMI类中。
Actually, this Microsoft article Querying the Event Log for Stop Events does give it to you (the complete request):
实际上,这篇微软文章查询停止事件的事件日志确实给你(完整的请求):
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'System'" _
& " AND SourceName = 'Save Dump'")
For Each objEvent in colLoggedEvents
Wscript.Echo "Event date: " & objEvent.TimeGenerated
Wscript.Echo "Description: " & objEvent.Message
Next
#2
8
Restarts resulting from a BSOD are reported in the event log. Use the libraries in your favorite language to search the log for errors. In .NET, for instance, you'll want to look to the System.Diagnostics.EventLog class. WMI may offer a more flexible way to search the log.
在事件日志中报告由BSOD产生的重新启动。使用您喜欢的语言库来搜索日志中的错误。例如,在.NET中,您需要查看System.Diagnostics.EventLog类。 WMI可以提供更灵活的方式来搜索日志。
#3
2
You can look for a memory or kernel dump file with a recent creation time, if dump file generation has been enabled (or, rather, not disabled since it's on by default.)
如果已启用转储文件生成,则可以查找具有最近创建时间的内存或内核转储文件(或者,默认情况下,由于它已启用,因此不会被禁用)。