Microsoft Windows
- Download the ProcDump tool for Windows and save it to the root of the C: drive on the system in question.
- Run the commands from the command prompt.
The following syntax can be used while running the tool depending on what data is required in the process dump file:
procdump [-64] [-c CPU usage [-u] [-s seconds] [-n exceeds]] [-h] [-e] [-ma] [-r] [-o] [ [dump file]] | [-x][arguments]
Common Switches:
- -ma — Creates a dump of all process memory. This switch should always be used for support cases in order to ensure as much information as possible is collected.
- -e — Creates a dump when the target process encounters an unhandled exception. This is useful for most crashes.
- -t — Generates a dump when the process ends, even if no errors were encountered.
- -w — Instructs ProcDump to wait for a process with the specified name to launch. This is used when you want to start ProcDump before the process.
- -i — Install ProcDump as the post mortem debugger for Windows Processes. This will allow ProcDump to automatically be invoked on application errors.
- -u — When run with no other arguments, will uninstall ProcDump as the post mortem debugger.
- -c — Specify a CPU threshold at which to generated a dump. This is typically used when troubleshooting high CPU usage issues.
- -m — Specify a memory usage threshold (in MB) at which to generate a dump. This is typically used when troubleshooting high memory usage issues or memory leaks.
- -s — Write a dump after specified number of seconds. This is useful in conjunction with -c and -m.
- -n — Write n number of dumps.
- -x [arguments] — Have ProcDump execute the executable and writing the dump file to the specified arguments.
- -64 — Forces the creation of 64-bit dump. This switch should generally not be used on 32-bit processes.
Linux
- Download and install the ProcDump tool for Linux, per the instructions on GitHub, to the system in question.
- Run the commands from the command prompt with
sudo.
The following syntax can be used while running the tool depending on what data is required in the process dump file:
sudo procdump [OPTIONS...] TARGET
Common Switches:
- -C –CPU threshold at which to create a dump of the process from 0 to 100 * nCPU.
- -c — CPU threshold below which to create a dump of the process from 0 to 100 * nCPU.
- -M — Memory commit threshold in MB at which to create a dump.
- -m — Trigger when memory commit drops below specified MB value.
- -n — Number of dumps to write before exiting.
- -s — Consecutive seconds before dump is written (default is 10)
TARGET must be specified as -p pid, where pid is of the process in question.
Command Line Examples:
- Immediately generate a full memory process dump for CcSvcHst.exe: procdump -ma CcSvcHst.exe
- Generate a full memory process dump for the process with PID 4512 when it exists: procdump -ma -t 4512
- Attach to a process with the name httpd.exe when it launches. Then generate a full dump, if it encounters an unhandled exception: procdump -ma -e -w httpd.exe
- Have ProcDump run BadApp.exe and write a full dump to C:\Dumps if it encounters an unhandled exception: procdump -ma -e -x C:\Dumps C:\Program Files\BadApp\BadApp.exe
- Install ProcDump as the postmortem debugger, and instruct it to write full dumps to C:\Dumps: procdump -ma -i C:\Dumps
- Create up to 3 full dumps of the process with PID 3213, if that process consumes 75% or more total CPU for 10 seconds: procdump -ma -c 75 -s 10 -n 3 3213
References:
http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
https://github.com/Microsoft/ProcDump-for-Linux