ProcDump
This tool is a command-line utility whose primary purpose is to monitor an application for CPU spikes and generate crash dumps during a spike. As an administrator or developer, you can use these dumps to determine the cause of the spike.
The
ProcDump tool can provide the following:
- Unresponsive Window monitoring (using the same definition that Windows and Task Manager use)
- Unhandled exception monitoring
- Dumps based on the values of system performance counters
- A general process dump utility that you can embed in other scripts
You can find the utility and instructions in the following
Microsoft article.
Use examples:
- If a process or application is in a troubled state, type the following command and press Enter to generate an on-demand dump:
procdump -ma <Process name or PID>
To write a full dump of a process with PID '4572', type the following command and press Enter:
C:\>procdump -ma 4572
- If a process or application has an exception, type the following command and press Enter:
IMPORTANT: The command prompt must stay open until the exception occurs and the dump is generated.
procdump -ma -e <process name or PID>
- If a process, or application unexpectedly terminates immediately when trying to start, type the following command and press Enter:
IMPORTANT: The command prompt must stay open until the exception occurs and the dump is generated.
procdump -ma -e -w <process name or PID>
NOTE: If you enable terminate
(-t) or exception
(-e) monitoring and kill
ProcDump, the target process is also terminated. You can use Ctrl+C to terminate
ProcDump without affecting the process that it's monitoring.
Resolutions when ProcDump fails to start:
- Issue 1: Unable to start ProcDump using the Windows RUNAS command.
The following error is displayed: Unable to run. 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Cause: The Windows RUNAS command has a dependency on the Windows Secondary Logon service.
Solution: Use the Sysinternals tool PsExec to correct the problem.
- If an Access Denied error is returned, verify the account in use, and verify that it's a member of the Local Administrators Group.
- If the error continues to display, download the Sysinternals tool PsExec from this Microsoft article.
- Extract PsTools.zip.
- Open an Administrator level command-line interface (CLI).
- Change the directory to the location of the extracted psexec.exe.
- At the command prompt, type the following command:
Psexec.exe -i -s %SystemRoot%\system32\cmd.exe
- The user must now be running as NT AUTHORITY\SYSTEM to confirm this type:
whoami
- Run PROCDUMP from this CLI.
IMPORTANT: Don't close the window until the dumpfile is created.
- Issue 2: Unable to start ProcDump using the Windows RUNAS command.
The following error is displayed: Unable to run. 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Cause: The Windows RUNAS command has a dependency on the Windows Secondary Logon service.
Solution: Start the Windows Secondary Logon service.
- Issue 3: Unable to start ProcDump.
The following error is displayed: Error 0x00000005 (5) Access is denied.
Cause: Insufficient permissions.
Solution: Make sure that the logged-on user account is a member of the Local Administrators Group.