Introduction
ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.
Using ProcDump
usage: procdump [-64] [[-c CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1]] [-h] [-m commit usage] [-ma | -mp] [-o] [-p counter threshold] [-r] [-t] < <process name or PID> [dump file]] | [-x <image file> <dump file> [arguments]>| -64 | By default Procdump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. |
| -c | CPU threshold at which to create a dump of the process. |
| -e | Write a dump when the process encounters an unhandled exception. |
| -h | Write dump if process has a hung window (does not respond to window messages for at least 5 seconds). |
| -m | Memory commit threshold in MB at which to create a dump of the process. |
| -ma | Write a dump file with all process memory. The default dump format includes thread and handle information. |
| -mp | Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same-sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%. |
| -n | Number of dumps to write before exiting. |
| -o | Overwrite an existing dump file. |
| -p | Trigger on the specified performance counter when the threshold is exceeded. |
| -r | Reflect (clone) the process for the dump to minimize the time the process is suspended (Windows 7 and higher only). |
| -s | Consecutive seconds CPU threshold must be hit before dump is written (default is 10). |
| -t | Write a dump when the process terminates. |
| -u | Treat CPU usage relative to a single core. |
| -x | Launch the specified image with optional arguments. |
To just create a dump of a running process, omit the CPU threshold. If you omit the dump file name, it defaults to <processname>.dmp.
Examples
Write up to 3 dumps of a process named 'consume' when it exceeds 20% CPU usage for 5 seconds to the directory c:\dump\consume with the name consume.dmp:C:\>procdump -c 20 -s 5 -n 3 -o consume c:\dump\consume
Write a dump for a process named 'hang.exe' when one of its windows is unresponsive for more than 5 seconds:
C:\>procdump -h hang.exe hungwindow.dmp
Write 3 dumps 5 seconds apart:
C:\>procdump -s 5 -n 3 notepad.exe notepad.dmp
Launch a process and then monitor it for excessive CPU usage:
C:\>procdump -c 30 -s 10 -x consume.exe consume.dmp
Write a dump of a process named "iexplore" to a dump file that has the default name iexplore.dmp:
C:\>procdump iexplore
Write a dump of a process named 'outlook' when total system CPU usage exceeds 20% for 10 seconds:
C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20
Write a dump of a process named 'outlook' when Outlook's handle count exceeds 10000:
C:\>procdump outlook -p "\Process(Outlook)\Handle Count" 10000
Download ProcDump(173 KB)
Just tried ProcDump and it sure looks to be working nicely.
ReplyDelete