简介
ProcDump是一个命令行实用程序,其主要目的是监视应用程序的CPU峰值,并在峰值期间生成崩溃转储,管理员或开发人员可以使用该转储来确定峰值的原因。ProcDump还包括挂起窗口监视(使用与Windows和任务管理器使用的相同的窗口挂起定义)、未处理的异常监视,并且可以基于系统性能计数器的值生成转储。它还可以作为一个通用的进程转储实用程序,可以嵌入到其他脚本中。
使用ProcDump
procdump [-a] [[-c|-cl CPU usage]
[-u] [-s seconds]] [-n exceeds] [-e [1 [-b]] [-f <filter,...>]
[-g] [-h] [-l] [-m|-ml commit usage] [-ma | -mp] [-o] [-p|-pl
counter threshold] [-r] [-t] [-d <callback DLL>] [-64] <[-w] <process name or service name or PID>
[dump file] | -i <dump file> | -u | -x <dump file> <image file> [arguments] >] [-? [ -e]
| Parameter | Description |
|---|---|
| -a | Avoid outage. Requires -r. If the trigger will cause the target to suspend for a prolonged time due to an exceeded concurrent dump limit, the trigger will be skipped. |
| -at | Avoid outage at Timeout. Cancel the trigger's collection at N seconds. |
| -b | Treat debug breakpoints as exceptions (otherwise ignore them). |
| -c | CPU threshold at which to create a dump of the process. |
| -cl | CPU threshold below which to create a dump of the process. |
| -d | Invoke the minidump callback routine named MiniDumpCallbackRoutine of the specified DLL. |
| -e | Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions. |
| -f | Filter the first chance exceptions. Wildcards (*) are supported. To just display the names without dumping, use a blank ("") filter. |
| -fx | Filter (exclude) on the content of exceptions and debug logging. Wildcards are supported. |
| -g | Run as a native debugger in a managed process (no interop). |
| -h | Write dump if process has a hung window (does not respond to window messages for at least 5 seconds). |
| -i | Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp, -d and -r are supported as additional options. |
| -k | Kill the process after cloning (-r), or at the end of dump collection |
| -l | Display the debug logging of the process. |
| -m | Memory commit threshold in MB at which to create a dump. |
| -ma | Write a dump file with all process memory. The default dump format only includes thread and handle information. |
| -mc | Write a custom dump file. Include memory defined by the specified MINIDUMP_TYPE mask (Hex). |
| -md | Write a Callback dump file. Include memory defined by the MiniDumpWriteDump callback routine named MiniDumpCallbackRoutine of the specified DLL. |
| -mk | Also write a Kernel dump file. Includes the kernel stacks of the threads in the process. OS doesn't support a kernel dump (-mk) when using a clone (-r). When using multiple dump sizes, a kernel dump is taken for each dump size. |
| -ml | Trigger when memory commit drops below specified MB value. |
| -mm | Write a mini dump file (default). |
| -mp | Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%. |
| -n | Number of dumps to write before exiting. |
| -o | Overwrite an existing dump file. |
| -p | Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: "Process(<name>_<pid>)counter" |
| -pl | Trigger when performance counter falls below the specified value. |
| -r | Dump using a clone. Concurrent limit is optional (default 1, max 5). CAUTION: a high concurrency value may impact system performance. - Windows 7 : Uses Reflection. OS doesn't support -e. - Windows 8.0 : Uses Reflection. OS doesn't support -e. - Windows 8.1+: Uses PSS. All trigger types are supported. |
| -s | Consecutive seconds before dump is written (default is 10). |
| -t | Write a dump when the process terminates. |
| -u | Treat CPU usage relative to a single core (used with -c). As the only option, Uninstalls ProcDump as the postmortem debugger. |
| -w | Wait for the specified process to launch if it's not running. |
| -wer | Queue the (largest) dump to Windows Error Reporting. |
| -x | Launch the specified image with optional arguments. If it is a Store Application or Package, ProcDump will start on the next activation (only). |
| -64 | By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. Only use for WOW64 subsystem debugging. |
| -? | Use -? -e to see example command lines. |
如果省略转储文件名,则默认为<processname>.dmp。使用-accepteula命令行选项自动接受Sysinternals许可协议。
自动终止:设置名为“procdump-<PID>”的事件与键入Ctrl+C以正常终止procdump相同
Filename:
默认dump文件名: PROCESSNAME_YYMMDD_HHMMSS.dmp
支持以下替换:
PROCESSNAME Process Name
Process ID PID
EXCEPTIONCODE Exception Code
YYMMDD Year/Month/Day
HHMMSS Hour/Minute/Second
几个例子
名为“记事本”的进程的小型转储(只能存在一个匹配项):
C:>procdump notepad
使用PID'4572编写进程的完整转储:
C:>procdump -ma 4572
在名为“记事本”的进程中每隔5秒写入3个小转储:
C:>procdump -s 5 -n 3 notepad
当名为“consume”的进程的CPU使用率超过20%并持续5秒时,最多写入3个小转储:
C:>procdump -c 20 -s 5 -n 3 consume
当一个名为“hang.exe”的进程的某个窗口的响应时间超过5秒时,为该进程编写一个小型转储:
C:>procdump -h hang.exe hungwindow.dmp
当系统CPU总使用率超过20%并持续10秒时,写入名为“outlook”的进程的小型转储:
C:>procdump outlook -p "Processor(_Total)\% Processor Time" 20
当outlook的句柄数超过10000时,写入名为“outlook”的进程的完整转储:
C:>procdump -ma outlook -p "Process(Outlook)Handle Count" 10000
当Microsoft Exchange信息存储有未处理的异常时,写入其MiniPlus转储:
C:>procdump -mp -e store.exe
显示w3wp.exe的异常代码/名称而不写入转储文件:
C:>procdump -e 1 -f "" w3wp.exe
如果异常的代码/名称包含“NotFound”,则写入w3wp.exe的小型转储:
C:>procdump -e 1 -f NotFound w3wp.exe
启动一个进程,然后监视它是否有异常:
C:>procdump -e 1 -f "" -x c:dumps consume.exe
注册启动并尝试激活现代“应用程序”。当新的ProcDump实例被激活以监视异常时,它将启动:
C:>procdump -e 1 -f "" -x c:dumpsMicrosoft.BingMaps_8wekyb3d8bbwe!AppexMaps
注册推出现代“套餐”。新的ProcDump实例将在(手动)激活以监视异常时启动:
C:>procdump -e 1 -f "" -x c:dumps Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe
注册为实时(AeDebug)调试器。在c:dumps中生成完整转储.
C:>procdump -ma -i c:dumps
查看示例命令行列表(示例如下所示):
C:>procdump -? -e