Kamis, 17 Januari 2008

How Windows Error Reporting Communicates with Sites on the Internet

The data that Microsoft collects is used strictly for the purpose of tracking down and solving problems that users are experiencing. The information is stored in a secure database to which access is limited. This subsection describes various aspects of the data that is sent to and from the Internet during error reporting, and how the exchange of information takes place.

  • Specific information sent or received: For Windows XP with SP1, Microsoft collects various types of information related to two types of errors, user mode or application errors, and kernel mode or operating system failures. Some information that uniquely identifies the user might unintentionally be collected as part of the crash report. This information, if present, is never used to identify a user. The specific data collected is described later in this subsection. Also, Microsoft may send information about a problem, including links to Web sites.

  • Default and recommended settings: Error reporting for application and system errors is enabled by default on clients running Windows XP with SP1. For more information about recommended settings, see "Controlling Error Reporting to Prevent the Flow of Information to and from the Internet," later in this section.

  • Triggers: The opportunity to send an error report is triggered by application or system errors.

  • User notification: A dialog box appears notifying users that an error has occurred and asks if they want to send an error report to Microsoft. Users can review the data that will be sent.

  • Logging: Descriptions of system and application errors are recorded in the event log.

  • Encryption: All data that could include personally identifiable information is encrypted (HTTPS) during transmission. The "crash signature," which includes such information as the application name and version, module name and version, and offset (location) is not encrypted.

  • Access: Microsoft employees and contingent staff may access the error reports to maintain the Error Reporting service or improve Microsoft products, and may not use the reports for other purposes.

    If the error report indicates that one or more non-Microsoft products were involved in causing the problem, Microsoft may send the report to the respective companies. Qualified software or hardware developers (employed by Microsoft or one of its partners) will analyze the fault data and try to identify and correct the problem.

  • Privacy: The privacy statement for Microsoft Error Reporting is located at the following Web site:

    http://go.microsoft.com/fwlink/?LinkId=825

    Details related to privacy of data are presented in "Types of Data Collected," later in this section.

  • Transmission protocol and port: The transmission protocol is HTTP and the ports are HTTP 80 and HTTPS 443.

  • Ability to disable: The feature can be disabled through Group Policy or by users on their own computers.

Types of Errors Reported

In Windows XP with SP1 there are two types of errors that are reported, user mode and kernel mode.

User Mode Reporting

When a user mode error occurs, such as an application error, the Error Reporting service does the following:

  • Displays an alert stating that Windows XP detected a problem.

    Users can choose to report the problem or not. If they do report it, they will see that the information is being sent to Microsoft.

  • Sends a problem report to Microsoft.

    Users may then be queried for additional computer information (to complete the error report) and again may choose to send it or not.

  • When more information is available, offers it to users.

    Users might be offered the option of selecting More Information, which directs them to updated drivers, patches, or Microsoft Knowledge Base articles.

If the error report indicates that one or more non-Microsoft products were involved in causing the problem, Microsoft may send the report to the respective companies. Qualified software or hardware developers (employed by Microsoft or one of its partners) will analyze the fault data and try to identify and correct the problem.

Kernel Mode Reporting

When a kernel-mode (system) error occurs, Windows XP with SP1 displays a Stop message and writes diagnostic information to a memory dump file. When a user restarts the computer by using normal mode or Safe Mode (with networking) and logs on to Windows XP as an administrator, the Error Reporting service gathers information about the problem and displays a dialog box that gives the user the option of sending a report to Microsoft.

Types of Data Collected

The Error Reporting service collects information about the computer configuration, what the software was doing when the problem occurred, and other information directly related to the problem. The Error Reporting service does not intentionally collect anyone’s name, address, e-mail address, computer name, or any other form of personally identifiable information. It is possible that such information may be captured in memory or in the data collected from open files, but Microsoft does not use it to identify users. The Error Reporting service collects Internet Protocol (IP) addresses, but the addresses are not used to identify users, and in many cases are the address of a Network Address Translation (NAT) computer or proxy server, not a specific client behind that NAT computer or proxy server. IP address information is used in aggregate by the operators who maintain the servers that receive error reports. The other use for IP address information is to locate error reports that come from computers inside Microsoft—errors on those computers can be more thoroughly investigated as needed.

In rare cases, such as problems that are especially difficult to solve, Microsoft may request additional data, including sections of memory (which may include memory shared by any or all applications running at the time the problem occurred), some registry settings, and one or more files from the user’s computer. When additional data is requested, the user can review the data and choose to send the information or not.

In Windows XP with SP1 the specific types of data that are collected when application errors or kernel failures occur is as follows.

Application Errors

If an application error occurs for which Error Reporting is available and the user chooses to send the report, the information included is as follows:

  • The Digital Product ID, which can be used to identify your license.

  • Information regarding the condition of the computer and the application at the time when the error occurred. This includes data stored in memory and stacks, information about files in the application's directory, as well as the operating system version and the computer hardware in use. This information is packaged into a minidump—a small memory dump. The minidump contains the following:

    • Exception information: This is information regarding the problem that occurred. It tells Microsoft what kind of instruction the application received that caused it to generate an error.

    • System information: This is data about the kind of CPU (processor) you have and what operating system you are running.

    • A list of all the modules that are currently loaded and their version information.

    • A list of all the threads that are currently running. For each thread, the current context and the whole stack are collected.

    • Global data.

    The minidump data is shown as a hexadecimal representation that the user cannot read.

    Note For the exact specification of the minidump format, see the Microsoft Platform SDK, which is available on the MSDN Web site.

Windows Kernel Failures

Windows kernel fault reports contain information about what your operating system was doing when the problem occurred. These event reports contain the minimum information that can help to identify why the operating system stopped unexpectedly. If the user chooses to send the report, it includes:

  • The operating system name (for example, Microsoft Windows XP).

  • The operating system version (for example, 5.1.2600 0.0).

  • The operating system language as represented by the locale identifier (LCID) (for example, 1033 for United States English). This is a standard international numeric abbreviation.

  • The loaded and recently unloaded drivers. These identify the modules used by the kernel when the Stop error occurred, and the modules that were used recently.

  • The list of drivers in the Drivers folder on your hard disk (systemroot\System32\Drivers).

  • The file size, date created, version, manufacturer, and full product name for each driver.

  • The number of available processors.

  • The amount of random access memory (RAM).

  • The time stamp that indicates when the Stop error occurred.

  • The messages and parameters that describe the Stop error.

  • The processor context for the process that stopped. This includes the processor, hardware state, performance counters, multiprocessor packet information, deferred procedure call information, and interrupts (requests from software or devices for processor attention).

  • The process information and kernel context for the halted process. This includes the offset (location) of the directory table and the database that maintains the information about every physical page (block of memory) in the operating system.

  • The process information and kernel context for the thread that stopped. This information identifies registers (data-storage blocks of memory in the processor) and interrupt request levels, and includes pointers to data structures for operating system data.

  • The kernel-mode call stack for the interrupted thread. This is a data structure that consists of a series of memory locations and one or more pointers.

Kata Kunci dari postingan ini



Diposting oleh v di 07.49