Microsoft ProcDump

Microsoft ProcDump 8.2

ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike.


Quick Facts

401 KB
5 /5 from 1 votes

ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.

Using ProcDump

usage: procdump [-a] [[-c|-cl CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1 [-b]] [-f ] [-g] [-h] [-l] [-m|-ml commit usage] [-ma | -mp] [-o] [-p|-pl counter threshold] [-r] [-t] [-d ] [-64] <[-w] [dump file] | -i | -u | -x [arguments] >] [-? [ -e]

  • -a Avoid outage. Requires -r. If the trigger will cause the target to suspend for a prolonged time due to an exceeded concurrent dump limit, the trigger will be skipped.
  • -b Treat debug breakpoints as exceptions (otherwise ignore them).
  • -c CPU threshold at which to create a dump of the process.
  • -cl CPU threshold below which to create a dump of the process.
  • -d Invoke the minidump callback routine named MiniDumpCallbackRoutine of the specified DLL.
  • -e Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions.
  • -f Filter the first chance exceptions. Wildcards (*) are supported. To just display the names without dumping, use a blank ("") filter.
  • -g Run as a native debugger in a managed process (no interop).
  • -h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds).
  • -i Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp, -d and -r are supported as additional options.
  • -l Display the debug logging of the process.
  • -m Memory commit threshold in MB at which to create a dump.
  • -ma Write a dump file with all process memory. The default dump format only includes thread and handle information.
  • -ml Trigger when memory commit drops below specified MB value.
  • -mp Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%.
  • -n Number of dumps to write before exiting.
  • -o Overwrite an existing dump file.
  • -p Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: "\Process(_)\counter"
  • -pl Trigger when performance counter falls below the specified value.
  • -r Dump using a clone. Concurrent limit is optional (default 1, max 5). CAUTION: a high concurrency value may impact system performance.
    • Windows 7 : Uses Reflection. OS doesn't support -e.
    • Windows 8.0 : Uses Reflection. OS doesn't support -e.
    • Windows 8.1+: Uses PSS. All trigger types are supported.
  • -s Consecutive seconds before dump is written (default is 10).
  • -t Write a dump when the process terminates.
  • -u Treat CPU usage relative to a single core (used with -c).
  • As the only option, Uninstalls ProcDump as the postmortem debugger.
  • -w Wait for the specified process to launch if it's not running.
  • -x Launch the specified image with optional arguments. If it is a Store Application or Package, ProcDump will start on the next activation (only).
  • -64 By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. Only use for WOW64 subsystem debugging.
  • -? Use -? -e to see example command lines.

If you omit the dump file name, it defaults to _.dmp. Use the -accepteula command line option to automatically accept the Sysinternals license agreement.