Two Minute Drill: Using PROCDUMP

Hello again AskPerf!  Blake Morrison here to introduce you to a new tool from Sysinternals called ProcDump.  If you are familiar with AdPlus then ProcDump will be a welcome addition to your debugging arsenal.  ProcDump is a new command line tool which allows you to monitor a running process for CPU spikes, and then create a memory dump (or dumps) based on specific criteria.

For example, you have a server where a particular process is spiking CPU usage for 1-2 minutes per day at random times, and you have been unable to capture a dump to determine why this is occurring.  Using ProcDump, you can tell it to monitor the process and create process dumps based on the amount of time it has consumed CPU.  A quick note here, when Procdump captures the dump file, it does not kill the running process.

OK, let’s take a look at the command parameters:

Parameter Information
-64 If you are running ProcDump on a x64 system, then by default ProcDump captures a 32-bit dump of a 32-bit process.  The –64 switch overrides this and creates a 64-bit dump
-c Defines the CPU threshold for the process
-e Writes a dump when the process encounters an unhandled exception
-h Writes a dump if the process has a hung window
-ma Writes a dump file with all process memory.  The default includes thread and handle information
-n Number of dumps to create.  Those of you that have worked with us in the past may have used ADPlus to capture a series of process dumps for high CPU issues – it’s the same concept
-o Overwrite an existing dump file
-r Reflect (clone) the process (Windows 7 and higher only) – this helps to minimize the time required to suspend the process while the dump is written
-s Number of consecutive seconds that the process has to be over the CPU threshold before the dump is written.  This helps to differentiate between what may be a normal spike and sustained high CPU
-u Treat CPU usage relative to a single core
-x Launch the specified image with optional arguments

Now let’s examine some common scenarios and the appropriate Procdump command for each one:

Scenario: Wait for the Spooler to spike the CPU for 30 seconds at 90%.  When this occurs, we need to create 5 dump files named SPOOLSV_date_time.dmp in the c:\dumps folder with all process memory:

Procdump.exe –c 90 –n 5 –ma –s 30 spoolsv.exe c:\dumps

Scenario: Create a simple dump (thread and handle only) of Calculator in c:\temp:

Procdump.exe calc.exe c:\temp

Scenario: Capture a dump of Outlook called Outlook_hang.dmp when one of its windows is unresponsive:

Procdump.exe –h outlook.exe c:\dumps\Outlook_hang.dmp

Scenario: Start a process and then monitor it for high CPU usage over 50% for 20 seconds

Procdump.exe –c 50 –s 20 –x notepad.exe c:\dumps\notepad.dmp

As you can see, there are many powerful features in ProcDump.  It is definitely a useful tool to have in your troubleshooting toolkit.  With that, we’ve reached the end of our post.  Enjoy the rest of your week!

Additional Resources:

– Blake Morrison

Share this post :