How do you create

memory dumps for

diagnostics purposes
in WinCC/PCS 7?
Siemens
User Dump Industry
Online
https://support.industry.siemens.com/cs/ww/en/view/45020870 Support
 This entry is from the Siemens Industry Online Support. The general terms of use
(http://www.siemens.com/terms_of_use) apply.

Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, systems, machines and networks.
tion In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement – and continuously maintain – a holistic,
state-of-the-art industrial security concept. Siemens’ products and solutions only
form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems,
machines and networks. Systems, machines and components should only be
connected to the enterprise network or the internet if and to the extent necessary
and with appropriate security measures (e.g. use of firewalls and network
segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be
taken into account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends to apply product updates as soon
as available and to always use the latest product versions. Use of product
versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under http://www.siemens.com/industrialsecurity.
© Siemens 2021 All rights reserved

Table of content
1 Installing the Microsoft Windows Software Development Kit (SDK) ............ 4
2 Start and Parameterize the "adplus.exe" Program ....................................... 8
2.1 Preparations ...................................................................................... 9
2.2 Start and Parameterize the "adplus.exe" Program............................ 10
2.3 Terminating Process Monitoring with the "adplus.exe" Program ....... 12
2.3.1 Procedure for terminating monitoring without terminating the
process being monitored.................................................................. 12
3 Entering the "adplus.exe" Program in the Startup List of the WinCC
Project........................................................................................................... 14
4 Notes ............................................................................................................. 16
5 Enabling and Using the "gflags" Tool ......................................................... 17
5.1 Enabling the "gflags" Tool ................................................................ 17
6 Usage of ProcDump ..................................................................................... 20
6.1 Approach ......................................................................................... 20
6.2 Notes............................................................................................... 21
7 Glossary........................................................................................................ 22

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 2
Contents

Question
How do you create memory dumps for diagnostics purposes in WinCC/PCS 7?

Answer
Follow the instructions and notes listed in this document for a detailed answer to
the above question.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 3
 1 Installing the Microsoft Windows Software Development Kit (SDK)

1 Installing the Microsoft Windows Software

Development Kit (SDK)
Table 1-1
No. Procedure
1. Download the Microsoft Windows Software Development Kit (SDK) for your
Operating System into a temporary folder.
SDK 8.1
https://developer.microsoft.com/en-us/windows/downloads/windows-8-1-sdk
SDK 10
https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk

Note
The following procedure is idenical for both versions.
2. Start the downloaded "sdksetup.exe" file.
In the "Specify Location" window you select the "Download the Windows Software
Development Kit for installation on a separate computer" option.
Select a path in which you want to temporarily save installation files.
© Siemens AG 2021 All rights reserved

Click the "Next" button.

And in the "Join the Customer..." window once again click the "Next" button.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 4
 1 Installing the Microsoft Windows Software Development Kit (SDK)

No. Procedure
3. In the new window select only "Debugging Tools for Windows".
© Siemens AG 2021 All rights reserved

Press the "Download" button.

The Debugging Tools are now downloaded onto your computer for installation.

Note
Microsoft .NET Framework 4.0 is also installed automatically.

Install the downloaded files on this computer or copy the files to a target computer
and install them there.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 5
 1 Installing the Microsoft Windows Software Development Kit (SDK)

No. Procedure
4. Start the "sdksetup.exe" file.
Retain the proposed installation path.
© Siemens AG 2021 All rights reserved

5. Click the "Next" button.

And in the "Join the Customer..." window once again click the "Next" button.
Likewise in the "License Agreement…" window you click the "Accept" button.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 6
 1 Installing the Microsoft Windows Software Development Kit (SDK)

No. Procedure
6. Select only "Debugging Tools for Windows" and click the "Install" button.
© Siemens AG 2021 All rights reserved

7. Close the next window with "Close".

8. The installation has now been completed.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 7
 2 Start and Parameterize the "adplus.exe" Program

2 Start and Parameterize the "adplus.exe"

Program

WARNING When you proceed as described below, there might be situations where
performance is impaired as listed below:
• Loss of performance
• Extremely high use of memory
• Changed system timings
• Unusable plant

The procedures should only be executed if recommended by the service staff.

First, check whether the application you want to examine with adplus.exe was
compiled for a 32 bit or 64 bit architecture.
To do so, select in Windows 10 the "Details" tab of the Task Manager and activate
the column "Platform" by means of the context menu, if it's not already visible.
© Siemens AG 2021 All rights reserved

Figure 2-1

In previous OS versions, you recognize 32 bit processes by the name suffix "*32".

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 8
 2 Start and Parameterize the "adplus.exe" Program

2.1 Preparations
Table 2-1
No. Procedure
1 Create a directory in which you want to store the diagnostics data
generated (c:\temp, for example).
2 Download the adplusconfig.xml file from this entry onto your computer and copy
this file into the newly created directory. Configure this file corresponding to your
requirements.

Notes on the important entries in the XML file:

<ProcessName> CcAlgRtServer.exe </ProcessName>

<Exception Code='AV'>
<Actions1> FullDump </Actions1>
<ReturnAction1> GN </ReturnAction1>
</Exception>

• The <ProcessName> entry indicates which process is to be monitored

(CCAlgRtServer.exe, for example)
• Code=’AV’ : parameterization pertains to AccessViolation
© Siemens AG 2021 All rights reserved

• <ReturnAction1> defines that the monitoring continues after creation of

the dump
• FullDump defines that a complete memory dump is created
(alternatives: MiniDump, Log, void)

A full description of the parameters is given in the "adplus.doc" file in the

relevant installation path.
• The process to be supervised is a 32-bit application
C:\Programs\Windows Kits\ 8.1\ Debuggers\x86
• The process to be supervised is a 64-bit application
C:\Programs (X86)\Windows Kits\ 8.1\ Debuggers\x64

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 9
 2 Start and Parameterize the "adplus.exe" Program

2.2 Start and Parameterize the "adplus.exe" Program

Table 2-2
No. Procedure
1 Click the "Start" button on the Windows desktop.
Enter "cmd" in the input field and confirm with "OK".
Open the context menu of the "cmd.exe" file and select "Run as
administrator".
Confirm the system query with "Yes".
© Siemens AG 2021 All rights reserved

2 On your computer, switch to the one of the following paths, depending on

the version of the application you wish to supervise:
• 32-bit applications
C:\Program Files\Windows Kits\ 8.1\ Debuggers\x86
• 64-bit applications
C:\Program Files (X86)\Windows Kits\ 8.1\ Debuggers\x64

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 10
 2 Start and Parameterize the "adplus.exe" Program

No. Procedure
3 Start WinCC Runtime (Alarm Logging Runtime must be enabled in the
Startup list).
Wait until WinCC Runtime has completely started.

Start adplus.exe with the following parameters:

adplus.exe -o "c:\temp" -c "c:\temp\adplusconfig.xml"
© Siemens AG 2021 All rights reserved

The folder "c:\temp" is an example (see table 2.2, No. 1).

Note
Beside the cmd-console, a second console will be opened for diagnostic
purposes. Don't manipulate that console, in particular don't close the
console window.
4 Check at regular intervals in the "c:\temp" path whether .dmp files have
been created.

• When the "adplus" program starts, a new directory is created in

"c:\temp" (the name of the directory depends on the date/time).
• You must regularly check whether new .dmp files have been created
there. These must be forwarded for analysis and once save can be
deleted from the directory.

Note
A new directory is created each time "adplus" starts.
This should be taken into account when checking new files.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 11
 2 Start and Parameterize the "adplus.exe" Program

2.3 Terminating Process Monitoring with the

"adplus.exe" Program
When the process being monitored terminates, the "adplus.exe" program
terminates too.
Proceed as follows if you want to terminate monitoring without terminating the
process being monitored. This is necessary, for example, when you cannot
terminate WinCC Runtime.

2.3.1 Procedure for terminating monitoring without terminating the process

being monitored

Table 2-4
No. Procedure
1 If monitoring is enabled as described above, a second window (cdb.exe) is
opened in addition to the cmd window. The debug information etc. is listed
in this second window.
2 Select this window and press "CTRL + C". This creates a manual
minidump.
© Siemens AG 2021 All rights reserved

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 12
 2 Start and Parameterize the "adplus.exe" Program

No. Procedure
3 Now enter the "qd" ("quit with detach") command in this window. This
detaches the monitored process and terminates monitoring. You can now
close the two windows cmd.exe and cdb.exe without affecting the process
being monitored.
© Siemens AG 2021 All rights reserved

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 13
 3 Entering the "adplus.exe" Program in the Startup List of the WinCC Project

3 Entering the "adplus.exe" Program in the

Startup List of the WinCC Project
Since the command mentioned above is always executed first, when the
application to be monitored is started, an additional entry can be made as an
alternative in the WinCC startup list of the WinCC project. This entry must be
moved to the end of the startup list.
Table 3-1
No. Procedure
1 In the WinCC Explorer open "Computer > context menu 'Properties' >
Properties >Startup > Add"
Enter the "adplus.exe" program with the complete path.
Enter the required parameters under "Parameters".
© Siemens AG 2021 All rights reserved

2 Using the "Down" button you move the new entry to the bottom so that it is
started last.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 14
 3 Entering the "adplus.exe" Program in the Startup List of the WinCC Project

Note This works only with processes that are not executed in the System Account
(which is why the command line environment must also be started with
administrator rights).
© Siemens AG 2021 All rights reserved

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 15
 4 Notes

4 Notes
• The "adplus.exe" tool from Microsoft needs the "Net Framework 4". If not
already installed on the computer to be analyzed, the "sdksetup.exe" setup
installs it on the target system.
• The "adplus.exe" tool starts a process called "cdb.exe". This is a debugging
tool which connects with the process to be monitored and keeps a look out for
exceptions.
• The configuration given above increases the memory requirement for the log
files in c:\temp continuously, because the debugging information of the cdb.exe
process is written continuously to these log files. Examinations are being made
as to how this can be stopped, so that the log files do not become enormous in
size after a long running time.
• To stop monitoring of the processes, you must terminate the process to be
monitored. In this case it would suffice to disable the WinCC Runtime, because
this also terminates the "CCAlgRtServer.exe" process. However, this also
means that after restarting the computer or WinCC, you have to restart the
"adplus.exe" with the appropriate parameters.
• The above-mentioned application requires that the process to be monitored
has already been started. The "adplus.exe" tool also has the option of being
started before the process to be monitored and then connecting automatically
to it. It is not recommended to use this feature, because the "adplus.exe" tool
© Siemens AG 2021 All rights reserved

would in this case cause too much load on the CPU. An alternative solution is
being looked for at the time to provide the same function but at not such a
great cost of resources.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 16
 5 Enabling and Using the "gflags" Tool

5 Enabling and Using the "gflags" Tool

WARNING When you proceed as described below, there might be situations where
performance is impaired as listed below:
• Loss of performance
• Extremely high use of memory
• Change of system timing
• Inoperability of the plant
The procedures should only be executed if recommended by the service
staff of the Siemens Technical Support.

General
This option writes additional information in the user dump. (This enables and
configures "PageHeaps" in the operating system.)
This information might be useful if you have memory swell or memory overflows on
your system.

5.1 Enabling the "gflags" Tool

© Siemens AG 2021 All rights reserved

The "gflags" tool is installed automatically when you install the Microsoft Windows
Software Development Kit (SDK).
The tool is in the following path:
• For the supervision of 32-bit processes
C:\Programs\Windows Kits\ 8.0\ Debuggers\x86
• For the supervision of 64-bit processes
C:\Programs (X86)\Windows Kits\ 8.0\ Debuggers\x64

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 17
 5 Enabling and Using the "gflags" Tool

Table 5-1
No. Procedure
1 Click the "Start" button on the Windows desktop.
Enter "cmd" in the input field and confirm with "OK".
Open the context menu of the "cmd.exe" file and select "Run as administrator".
Confirm the system query with "Yes".
© Siemens AG 2021 All rights reserved

2 Switch to the path where the "adplus.exe" file is located.

• 32-bit operating systems
C:\Program Files\Windows Kits\ 8.0\ Debuggers\x86
• 64-bit operating systems
C:\Program Files (X86)\Windows Kits\ 8.0\ Debuggers\x64

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 18
 5 Enabling and Using the "gflags" Tool

No. Procedure
3 Now enter one of the commands below according to whether you want to enable or disable
"gflags":
The command for enabling "gflags" for the "script.exe" is:
"gflags -p /enable script.exe /full"

Note
In the case of memory overwrites you need the "/full" parameter.
In the case of memory usage you do not need the "/full" parameter.
Please check out the use of the "/full" parameter with our Technical Support.

The command for displaying the current settings of "gflags" is:

"gflags -p"

The command for disabling "gflags" for the "script.exe" is:

"gflags -p /disable script.exe"

The screenshot below shows how the commands given above are executed. In the first line
"gflags" is enabled. In the second and third lines the change is queried.
In the next line "gflags" is disabled and then the change is checked.
© Siemens AG 2021 All rights reserved

4 Restart the computer now to apply the settings in the Registry. As of now the additional
information is written in the dumps.

Note
It is mandatory to disable "gflags" after completing the examination.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 19
 6 Usage of ProcDump

6 Usage of ProcDump
The program Adplus triggers the creation of a memory dump, as soon as the
access violation with the error code 0xC0000005 happens. If another error code
occurs, Adplus might not trigger a memory dump. The command line tool
ProcDump can trigger the creation of memory dumps for any error with an error
code that might occur.

System requirements
• Windows Vista or higher
• Windows Server 2008 or higher

6.1 Approach
Nr. Approach
1 Download the program ProcDump V9.0:
https://docs.microsoft.com/en-US/sysinternals/downloads/procdump
2 Unpack the ZIP-file into a folder of your choice (e.g. c\temp). The
subsequent memory dumps will also be placed in this folder.
3 Click the "Start" button on the Windows desktop. Enter "cmd" in the input
field and confirm with "OK". Open the context menu of the "cmd.exe" file
© Siemens AG 2021 All rights reserved

and select "Run as administrator". Confirm the system query with "Yes".

4 Navigate to the directory, where the ProcDump files are located inside the
cmd. In this case its "c:\temp".

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 20
 6 Usage of ProcDump

5 Execute the following command to start ProcDump:

procdump -n 5 -e 1 -g -f C0000417 -ma -t IMServerX.exe

„IMServerX.exe“ is only an example. Please enter the desired process.

With this command different parameters are handed over to ProcDump. In

this conjunction the order of the parameters has to be considered. By
default ProcDump creates a 32 bit memory dump of a 32 bit process, which
is running on a 64 bit system. Therefore a separate treatment of 32 and 64
bit processes is not necessary.

Further details on parameters can be taken from the following table or the
URL:
https://docs.microsoft.com/en-US/sysinternals/downloads/procdump

Parameter Description
-n 5 Number of dumps to write before exiting.

-e 1 Write a dump when the process encounters an

unhandled exception. Include the 1 to create dump
on first chance exceptions.
-g Run as a native debugger in a managed process
(no interop).
© Siemens AG 2021 All rights reserved

-f C0000417 Filter the first chance exceptions. Wildcards (*)

are supported. To just display the names without
dumping, use a blank ("") filter.
-ma Write a dump file with all process memory. The
default dump format only includes thread and
handle information.
-t Write a dump when the process terminates.

IMServerX.exe Process for which a memory dumb should be

created
6 If an exception arises, which matches the parameters, a memory dump is
automatically created.

6.2 Notes
• The memory dumps are saved by the following:
"PROCESSNAME_YYMMDD_HHMMSS"
• If you want to stop the monitoring of the process, without closing it, you can
press "Ctrl-C" or close the cmd.exe.

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 21
 7 Glossary

7 Glossary

dmp/dump file
Backup of the memory dump of a running process.
Using this backup it is possible to retrace the software behavior at a specific point in
time (time of creation, for example).
The information cannot be evaluated by end users.

Debugging information
Applications can generate additional analysis information. This information is generally
invisible to the end user and can only be seen using the appropriate tools.

Exception
Exceptional situation in an application that can either be detected and remedied in the
program or which leads to a crash.

Access Violation
In the application there is unauthorized access to memory areas, which can lead to
abortion of the application, for example.
© Siemens AG 2021 All rights reserved

WinCC V7.5 User Dump

Entry-ID: 45020870, V 1.5, 04/2021 22