Monitor an application for CPU spikes and/or generate a crash dump during a CPU spike.
Syntax
procdump [-a] [[-c|-cl CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1 [-b]]
[-f filter,...] [-g] [-h] [-l] [-m|-ml commit_threshold_MB] [-ma | -mp] [-o]
[-p|-pl counter threshold] [-r] [-t] [-d <callback DLL>] [-64]
<[-w] process_name_or_service_name_or_PID [dump_file]
| -i dump_file
| -u
| -x dump_file image_file [arguments] >]
[-accepteula] [-? [ -e]
Key:
-a Avoid outage. Requires -r. If the trigger will cause the target to suspend for a
prolonged time due to an exceeded concurrent dump limit, the trigger will be skipped.
-b Treat debug breakpoints as exceptions (otherwise ignore them).
-c CPU threshold at which to create a dump of the process.
-cl CPU threshold below which to create a dump of the process.
-d Invoke the minidump callback routine named MiniDumpCallbackRoutine of the specified DLL.
-e Write a dump when the process encounters an unhandled exception. Include the 1 to
create dump on first chance exceptions.
-f Filter the first chance exceptions. Wildcards (*) are supported. To just display the
names without dumping, use a blank ("") filter.
-g Run as a native debugger in a managed process (no interop).
-h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds).
-i Install ProcDump as the AeDebug postmortem debugger.
Only -ma, -mp, -d and -r are supported as additional options.
-l Display the debug logging of the process.
-m Trigger a dump when memory commit reaches this threshold value (in MB).
-ma Write a dump file with all process memory. The default dump format only includes thread
and handle information.
-ml Trigger when memory commit drops below specified threshold value (in MB).
-mp Write a dump file with thread and handle information, and all read/write process memory.
To minimize dump size, memory areas larger than 512MB are searched for, and if found,
the largest area is excluded. A memory area is the collection of same sized memory allocation
areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%.
-n Number of dumps to write before exiting.
-o Overwrite an existing dump file.
-p Trigger on the specified performance counter when the threshold is exceeded.
Note: to specify a process counter when there are multiple instances of the process running,
use the process ID with the following syntax: "\Process(name_pid)\counter"
-pl Trigger when performance counter falls below the specified value.
-r Dump using a clone. Concurrent limit is optional (default 1, max 5).
CAUTION: a high concurrency value can impact system performance.
Windows 7 : Uses Reflection. OS doesn't support -e.
Windows 8.0 : Uses Reflection. OS doesn't support -e.
Windows 8.1+: Uses PSS. All trigger types are supported.
-s Consecutive seconds before dump is written (default is 10).
-t Write a dump when the process terminates.
-u Treat CPU usage relative to a single core (used with -c).
As the only option, Uninstalls ProcDump as the postmortem debugger.
-w Wait for the specified process to launch if it's not running.
-x Launch the specified image with optional arguments.
If it is a Store Application or Package, ProcDump will start on the next activation (only).
-64 By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows.
This option overrides to create a 64-bit dump. Only use for WOW64 subsystem debugging.
-accepteula Suppress the display of the license dialog.
-? Use -? -e to see example command lines.
If you omit the dump file name, it will default to processname_datetime.dmp
Examples:
Write a mini dump of a process named 'notepad' (only one match can exist):
C:\> procdump notepad
Write a full dump of a process with PID '6464':
C:\> procdump -ma 6464
Write 3 mini dumps 5 seconds apart of a process named 'notepad':
C:\> procdump -s 5 -n 3 notepad
See a longer list of example command lines:
C:\> procdump -? -e
“History will be kind to me for I intend to write it” ~ Winston Churchill
Related:
PsKill - Kill processes by name or process ID.
PsList - List detailed information about processes.
SYSMON - Monitor and log system activity to the Windows event log.