1.hang dump
(1)任务管理--选中待跟踪进程--右键--创建转储文件
(2)process-explorer抓取
下载地址: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
使用方式:运行procexp.exe--找到待分析进程--右键--creat dump--create full dump
2.crash dump
(1)procdump抓取
工具下载地址:https://docs.microsoft.com/zh-cn/sysinternals/downloads/procdump
使用方法:
将下载的工具包解压,然后打开控制台命令行窗口,并跳转到procdump.exe所在路径下。输入procdump回车即可查看帮助,想看更详细示例可以用procdump -? -e
D:\Tools\Performance\DotNet Tool\Procdump>procdump -? -e ProcDump v8.0 - Writes process dump files Copyright (C) 2009-2016 Mark Russinovich Sysinternals - www.sysinternals.com With contributions from Andrew Richards Monitors a process and writes a dump file when the process exceeds the specified criteria or has an exception. Capture Usage: procdump.exe [-ma | -mp | -d Callback_DLL] [-64] [-n Count] [-s Seconds] [-c|-cl CPU_Usage [-u]] [-m|-ml Commit_Usage] [-p|-pl Counter_Threshold] [-h] [-e [1 [-g] [-b]]] [-l] [-t] [-f Filter, ...] [-o] [-r [1..5] [-a]] { {{[-w] Process_Name | Service_Name | PID} [Dump_File | Dump_Folder] } | {-x Dump_Folder Image_File [Argument, ...]} } Install Usage: procdump.exe -i [Dump_Folder] [-ma | -mp | -d Callback_DLL] Uninstall Usage: procdump.exe -u Examples: ------------------------------------------------------------------------------- - Write a mini dump of a process named 'notepad' (only one match can exist): C:\>procdump notepad ------------------------------------------------------------------------------- - Write a full dump of a process with PID '4572': C:\>procdump -ma 4572 ------------------------------------------------------------------------------- - Write 3 mini dumps 5 seconds apart of a process named 'notepad': C:\>procdump -n 3 -s 5 notepad ------------------------------------------------------------------------------- - Write up to 3 mini dumps of a process named 'consume' when it exceeds 20% CPU usage for five seconds: C:\>procdump -n 3 -s 5 -c 20 consume ------------------------------------------------------------------------------- - Write a mini dump for a process named 'hang.exe' when one of its windows is unresponsive for more than 5 seconds: C:\>procdump -h hang.exe ------------------------------------------------------------------------------- - Write a mini dump of a process named 'outlook' when total system CPU usage exceeds 20% for 10 seconds: C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20 - Write a full dump of a process named 'outlook' when Outlook's handle count exceeds 10,000: C:\>procdump -ma outlook -p "\Process(Outlook)\Handle Count" 10000 ------------------------------------------------------------------------------- - Writes a full dump for a 2nd chance exception: C:\>procdump -ma -e w3wp.exe - Writes a full dump for a 1st or 2nd chance exception: C:\>procdump -ma -e 1 w3wp.exe - Writes a full dump for a debug string message: C:\>procdump -ma -l w3wp.exe - Write up to 10 full dumps of each 1st or 2nd chance exception of w3wp.exe: C:\>procdump -ma -n 10 -e 1 w3wp.exe - Write up to 10 full dumps if an exception's code/name/msg contains 'NotFound': C:\>procdump -ma -n 10 -e 1 -f NotFound w3wp.exe - Write up to 10 a full dump if a debug string message contains 'NotFound': C:\>procdump -ma -n 10 -l -f NotFound w3wp.exe ------------------------------------------------------------------------------- - Wait for a process called 'notepad' (and monitor it for exceptions): C:\>procdump -e -w notepad - Launch a process called 'notepad' (and monitor it for exceptions): C:\>procdump -e -x c:\dumps notepad - Register for launch, and attempt to activate, a store 'application'. A new ProcDump instance will start when it is activated: C:\>procdump -e -x c:\dumps Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps - Register for launch of a store 'package'. A new ProcDump instance will start when it is (manually) activated: C:\>procdump -e -x c:\dumps Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe ------------------------------------------------------------------------------- - Windows 7/8.0; Use Reflection to reduce outage for 5 consecutive triggers: C:\>procdump -r -ma -n 5 -s 15 wmplayer.exe - Windows 8.1+; Use PSS to reduce outage for 5 concurrent triggers: C:\>procdump -r 5 -ma -n 5 -s 15 wmplayer.exe ------------------------------------------------------------------------------- - Install ProcDump as the (AeDebug) postmortem debugger: C:\>procdump -ma -i c:\dumps ..or.. C:\Dumps>procdump -ma -i - Uninstall ProcDump as the (AeDebug) postmortem debugger: C:\>procdump -u ------------------------------------------------------------------------------- D:\Tools\Performance\DotNet Tool\Procdump>
(2)WER抓取
WER配置方法:
• 打开注册表编辑器(use Win+R shortcut key to launch the Run window).
• 定位到注册表:“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps”, 如果不存在,则创建该键;
• 在该键值下使用程序名创建子健“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps”, 键值名为您应用程序的名称,如您的环境中为“w3wp.exe”
• 在 “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe”, 子健下创建三个项,如下表:
| Value Name |
Type |
value |
| DumpFolder |
REG_EXPAND_SZ |
c:\dumps |
| DumpCount |
REG_DWORD |
5 |
| DumpType |
REG_DWORD |
2 |
Note:
DumpFolder 根据实际情况,选择合适的路径即可.
配置后如下截图,注意其中的程序名称需要更改为待跟踪进程名称
