ProcDump - CMD

Overview

ProcDump is a command-line utility from Microsoft’s Sysinternals suite that allows users to monitor applications for CPU spikes and generate crash dumps during a spike. It can also produce dumps based on other triggers such as memory thresholds. This tool is primarily useful for developers and system administrators to debug and diagnose software issues in both development and production environments.

Syntax

The basic syntax for ProcDump is:

procdump [Options] <ProcessName|ProcessID>

ProcDump can be used in several modes, primarily focusing on creating dumps based on performance counters or as a just-in-time (JIT) debugger replacement.

Options/Flags

Below are some commonly used ProcDump options and flags:

  • -ma: Writes a dump file with all process memory. The default dump file includes only the stack and module data.
  • -e: Write a dump when the process encounters an unhandled exception.
  • -f <filter>: Capture based on a specified string in the error or exception.
  • -g: Run as a native debugger in a managed process (no interop).
  • -h: Generate dump if process has a hung window.
  • -l: Print debug logging messages.
  • -m <MB>: Trigger a dump when process commits memory reaches specified threshold in MB.
  • -n <number>: Number of dumps to write before exiting.
  • -p <period>: The period in seconds to check for trigger conditions.
  • -s <seconds>: Consecutive seconds before dump is written (used with CPU threshold trigger).

Examples

  1. Basic Dump Generation:
    Generate a full memory dump of a process with ID 1234:

    procdump -ma 1234
  2. Monitor CPU Usage:
    Create a dump file if the process named example.exe exceeds 80% CPU usage for 10 consecutive seconds:

    procdump -c 80 -s 10 -n 3 example.exe
  3. Handle Exception Dumps:
    Write a dump file when the application named app.exe encounters an unhandled exception:

    procdump -e 1 -f "" -ma app.exe

Common Issues

  • Access Denied: Ensure you have administrative privileges when attaching to processes.
  • Incorrect Syntax: Commonly due to a misplaced option or a typo in process ID/name. Double-check the command structure.
  • High Resource Usage: Monitoring with tight triggers over prolonged periods might lead to high resource consumption. Adjust parameters to balance monitoring granularity and resource use.

Integration

ProcDump can be integrated with scripts to automate monitoring and logging. For instance, combining it with Task Scheduler to automatically capture dumps at specific times or in response to an event log entry.

Example Batch Script:

@echo off
:loop
procdump -ma -e 1 -f "" app.exe
timeout /t 3600
goto loop
  • Task Manager: For more user-friendly but less detailed monitoring.
  • DebugDiag: Another advanced tool for monitoring and producing dumps.

For further reading and more detailed information, visit the ProcDump page on Microsoft Docs.

This manual should give both beginners and advanced users the basic and some extended uses of ProcDump, empowering them to use it effectively in their specific environments for troubleshooting and development tasks.