ProcDump 是ㄧ命令列 Dump 工具。能監控 Process 狀態,在滿足特定的條件時自動產生 Dump 文件。

像是我們常常會要在 CPU 飆高時或是應用程式無回應做些分析,若用工作管理員去手動產生 Dump 文件,我們可能會無法準確的抓到要 Dump 的時機。而若用一些分析工具,多半要額外安裝,又會 Dump 出太多不相關的資訊。

在這種清況下, ProcDump 就特別好用。程式小巧可攜,又可彈性的設定 Dump 的條件,準確的 Dump 出我們想要的資訊。

程式主檔可至 ProcDump - TechNet - Microsoft 這邊下載

{% img /images/posts/ProcDump/1.png %}

下載完後可直接呼叫命令查閱使用方式以及使用參數

ProcDump v6.00 - Writes process dump files Copyright (C) 2009-2013 Mark Russinovich Sysinternals - www.sysinternals.com With contributions from Andrew Richards

Monitors a process and writes a dump file when the process exceeds the specified criteria or has an exception.

usage: procdump [-64] [[-c|-cl CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1 [-b] [-f ] [-g]]] [-h] [-l] [-m|-ml commit usage] [-ma | -mp] [-o] [-p|-pl counter threshold] [-r] [-t] [-d ] [dump file] | -i | -x [arguments] >

-64 By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. -b Treat debug breakpoints as exceptions (otherwise ignore them). -c CPU threshold above which to create a dump of the process. -cl CPU threshold below which to create a dump of the process. -d Invoke the minidump callback routine named MiniDumpCallbackRoutine of the specified DLL. -e Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions. -f Filter the first chance exceptions. Wildcards (*) are supported. To just display the names without dumping, use a blank ("") filter. -g Only capture native exceptions in a managed process (no interop). -h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds). -i Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp and -d are supported as options. -l Display the debug string logging of the process. -m Memory commit threshold in MB at which to create a dump of the process. -ml Trigger when memory commit drops below specified MB value. -ma Write a dump file with all process memory. The default dump format only includes thread and handle information. -mp Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%. -n Number of dumps to write before exiting. -o Overwrite an existing dump file. -p Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: “\Process(_)