ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.
Using ProcDump
- -a Avoid outage. Requires -r. If the trigger will cause the target to suspend for a prolonged time due to an exceeded concurrent dump limit, the trigger will be skipped.
- -b Treat debug breakpoints as exceptions (otherwise ignore them).
- -c CPU threshold at which to create a dump of the process.
- -cl CPU threshold below which to create a dump of the process.
- -d Invoke the minidump callback routine named MiniDumpCallbackRoutine of the specified DLL.
- -e Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions.
- -f Filter the first chance exceptions. Wildcards (*) are supported. To just display the names without dumping, use a blank ("") filter.
- -g Run as a native debugger in a managed process (no interop).
- -h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds).
- -i Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp, -d and -r are supported as additional options.
- -l Display the debug logging of the process.
- -m Memory commit threshold in MB at which to create a dump.
- -ma Write a dump file with all process memory. The default dump format only includes thread and handle information.
- -ml Trigger when memory commit drops below specified MB value.
- -mp Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%.
- -n Number of dumps to write before exiting.
- -o Overwrite an existing dump file.
- -p Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: "\Process(
_ )\counter" - -pl Trigger when performance counter falls below the specified value.
- -r Dump using a clone. Concurrent limit is optional (default 1, max 5). CAUTION: a high concurrency value may impact system performance.
- Windows 7 : Uses Reflection. OS doesn't support -e.
- Windows 8.0 : Uses Reflection. OS doesn't support -e.
- Windows 8.1+: Uses PSS. All trigger types are supported.
- -s Consecutive seconds before dump is written (default is 10).
- -t Write a dump when the process terminates.
- -u Treat CPU usage relative to a single core (used with -c).
- As the only option, Uninstalls ProcDump as the postmortem debugger.
- -w Wait for the specified process to launch if it's not running.
- -x Launch the specified image with optional arguments. If it is a Store Application or Package, ProcDump will start on the next activation (only).
- -64 By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. Only use for WOW64 subsystem debugging.
- -? Use -? -e to see example command lines.
If you omit the dump file name, it defaults to