ProcDump
This tool is a command-line utility whose primary purpose is to monitor an application for CPU spikes and generate crash dumps during a spike. As an administrator or developer, you can use these dumps to determine the cause of the spike.
The
ProcDump tool can provide:
- Unresponsive Window monitoring (using the same definition that Windows and Task Manager use).
- Unhandled exception monitoring.
- Dumps based on the values of system performance counters.
- A general process dump utility that you can embed in other scripts.
You can find the utility and instructions at:
http://technet.microsoft.com/en-us/sysinternals/dd996900.
Use examples:
- If a process, or application is in a troubled state, type the following command and press Enter to generate an on-demand dump:
procdump -ma <Process name or PID>
To write a full dump of a process with PID '4572', type the following command and press Enter:
C:\>procdump -ma 4572
- If a process or application has an exception, type the following command and press Enter:
IMPORTANT: The command prompt must stay open until the exception occurs and the dump is generated.
procdump -ma -e <process name or PID>
- If a process, or application unexpectedly terminates immediately when trying to start, type the following command and press Enter:
IMPORTANT: The command prompt must stay open until the exception occurs and the dump is generated.
procdump -ma -e -w <process name or PID>
NOTE: If you enable terminate
(-t) or exception
(-e) monitoring and kill
ProcDump, the target process is also terminated. You can use CTRL+C to terminate
ProcDump without affecting the process it is monitoring.
Resolutions when ProcDump fails to start:
- Issue 1: Unable to start ProcDump using the Windows RUNAS command.
The following error is displayed: Unable to run. 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Cause: The Windows RUNAS command has a dependency on the Windows Secondary Logon service.
Solution: Use the Sysinternals tool PsExec to correct the problem.
- If an Access Denied error is returned, verify the account in use, and verify it is a member of Local Administrators Group.
- If the error continues to display, download the Sysinternals tool PsExec from: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
- Extract PsTools.zip.
- Open an Administrator level command line interface.(CLI)
- Change directory to the location of the extracted psexec.exe.
- At the command prompt type:
Psexec.exe -i -s %SystemRoot%\system32\cmd.exe
- The user must now be running as NT AUTHORITY\SYSTEM, to confirm this type:
whoami
- Run PROCDUMP from this CLI.
IMPORTANT: Do not close the window until the dumpfile is created.
- Issue 2: Unable to start ProcDump using the Windows RUNAS command.
The following error is displayed: Unable to run. 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Cause: The Windows RUNAS command has a dependency on the Windows Secondary Logon service.
Solution: Start the Windows Secondary Logon service.
- Issue 3: Unable to start ProcDump.
The following error is displayed: Error 0x00000005 (5) Access is denied.
Cause: Insufficient permissions.
Solution: Make sure the logged on user account is a member of the Local Administrators Group.
