If you have a WER treated collapse process, but you know JIT debugger is set incorrectly, or not set at all (and therefore does not collapse "Debug" button on the dialog box), you can keep the dialog box open, and your choice of any debugger is attached to the pending collapse of the process.
However, there is a problem. By attaching the debugger to suspend the process, the process of the last exception information has been lost; this is because the debugger successfully attach to suspend (or suspend) the process is to plunge into a new thread and the thread running collapse. Therefore, any small debugger and dump .dump generated will not be able to find abnormal information of the original program. Damn! How to do?
Stack trace kb from the start:
RetAddr : Args to Child : Call Site
000007f9`d88212d2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForMultipleObjects+0xa
000007f9`dae8d20e : 00000000`02300000 000007f6`96e75000 00000000`00000000 00000000`000001dc : KERNELBASE!WaitForMultipleObjectsEx+0xe5
000007f9`dae8cfd2 : fffff8a0`00000080 00000000`80004005 00000000`000001ec 00000000`00000000 : KERNEL32!WerpReportFaultInternal+0x1fa
000007f9`d889fc87 : 00000000`00000000 00000000`00195c30 00000000`00000030 00000000`00195c30 : KERNEL32!WerpReportFault+0x42
000007f9`db56a43d : 00000001`00000000 00000000`00196990 00000000`0019f620 00000000`003441d0 : KERNELBASE!UnhandledExceptionFilter+0x1d7
000007f9`db4b4ad4 : 000007f9`d8eeabdd 00000000`00196990 00000000`00000000 00000000`00000000 : ntdll!LdrpLogFatalUserCallbackException+0x4d
000007f9`db4d464d : 00000000`00000000 00000000`00195de8 00000000`00195da0 000007f9`d8f7f000 : ntdll!KiUserCallbackDispatcherHandler+0x20
000007f9`db4d567c : 000007f9`d8ee0000 00000000`0019f5c0 000007f9`0000e4f0 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xd
000007f9`db4b4bba : 00000000`00000000 00000000`00000000 000007f6`96e7e300 00000000`00000000 : ntdll!RtlDispatchException+0x392
000007f9`db4b2acd : 000007f9`d8bbc36c 00000000`00360f00 00000000`00360f00 00000000`00360f00 : ntdll!KiUserExceptionDispatch+0x2e
000007f9`d8bbc36c : 00000000`00360f00 00000000`00360f00 00000000`00360f00 00000000`00000000 : ntdll!memcpy+0x21a
EXCEPTION_POINTERS structure appears to address a call KERNEL32! WerpReportFault parameters 2 and 4 pass. This makes it possible to display abnormal and context record - but we only need to contain abnormal pointer address in a small dump, because add this address will allow analyze command to work!.
Use the command ".dump / ma / xp 00195c30 dump.dmp " Creating a small dump is complete.