Thoughts from the EPS Windows Server Performance Team
Hello again AskPerf! Blake Morrison here to introduce you to a new tool from Sysinternals called ProcDump. If you are familiar with AdPlus then ProcDump will be a welcome addition to your debugging arsenal. ProcDump is a new command line tool which allows you to monitor a running process for CPU spikes, and then create a memory dump (or dumps) based on specific criteria.
For example, you have a server where a particular process is spiking CPU usage for 1-2 minutes per day at random times, and you have been unable to capture a dump to determine why this is occurring. Using ProcDump, you can tell it to monitor the process and create process dumps based on the amount of time it has consumed CPU. A quick note here, when Procdump captures the dump file, it does not kill the running process.
OK, let’s take a look at the command parameters:
Now let’s examine some common scenarios and the appropriate Procdump command for each one:
Scenario: Wait for the Spooler to spike the CPU for 30 seconds at 90%. When this occurs, we need to create 5 dump files named SPOOLSV_date_time.dmp in the c:\dumps folder with all process memory:
Procdump.exe –c 90 –n 5 –ma –s 30 spoolsv.exe c:\dumps
Scenario: Create a simple dump (thread and handle only) of Calculator in c:\temp:
Procdump.exe calc.exe c:\temp
Scenario: Capture a dump of Outlook called Outlook_hang.dmp when one of its windows is unresponsive:
Procdump.exe –h outlook.exe c:\dumps\Outlook_hang.dmp
Scenario: Start a process and then monitor it for high CPU usage over 50% for 20 seconds
Procdump.exe –c 50 –s 20 –x notepad.exe c:\dumps\notepad.dmp
As you can see, there are many powerful features in ProcDump. It is definitely a useful tool to have in your troubleshooting toolkit. With that, we’ve reached the end of our post. Enjoy the rest of your week!
- Blake Morrison
Even better - procdump can be run from live.sysinternals.com, on a system that is connected to the internet - \\live.sysinternals.com\tools\procdump.exe <rest of command-line> - no need to download anything...
It might have been posted before, but I'm still curious what is the best way to analyze the dumps we create with procdump?
Debugging Tools for Windows, probably WinDbg...
This is the correct URL
That link will let you download procdump.exe, yes. But you can run the tool directly via WebDAV, using the previously provided command, without needing to download it.
It is possible to monitor processes that does not exists but will be created? eg. I would like to monitor w3wp.exe worker process at any point of time when it is started by the svcshost.exe process.
It because w3wp.exe can be alive and die at any point of time.
@Rene The only functionality close to what you're describing would be to have procdump launch the process itself which isn't feasible with w3wp.
That's not to say you couldn't use another tool to monitor for an event or threshold and execute procdump then.
Is it possible to run it as service on Windows server 2008?
from where i get the symbol for outlook to analyze the outlook hang dump