簡介
ProcDump是一個命令行實用程序,其主要目的是監視應用程序的CPU峰值,並在峰值期間生成崩潰轉儲,管理員或開發人員可以使用該轉儲來確定峰值的原因。ProcDump還包括掛起窗口監視(使用與Windows和任務管理器使用的相同的窗口掛起定義)、未處理的異常監視,並且可以基於系統性能計數器的值生成轉儲。它還可以作為一個通用的進程轉儲實用程序,可以嵌入到其他腳本中。
使用ProcDump
procdump [-a] [[-c|-cl CPU usage]
[-u] [-s seconds]] [-n exceeds] [-e [1 [-b]] [-f <filter,...>]
[-g] [-h] [-l] [-m|-ml commit usage] [-ma | -mp] [-o] [-p|-pl
counter threshold] [-r] [-t] [-d <callback DLL>] [-64] <[-w] <process name or service name or PID>
[dump file] | -i <dump file> | -u | -x <dump file> <image file> [arguments] >] [-? [ -e]
| Parameter | Description |
|---|---|
| -a | Avoid outage. Requires -r. If the trigger will cause the target to suspend for a prolonged time due to an exceeded concurrent dump limit, the trigger will be skipped. |
| -at | Avoid outage at Timeout. Cancel the trigger's collection at N seconds. |
| -b | Treat debug breakpoints as exceptions (otherwise ignore them). |
| -c | CPU threshold at which to create a dump of the process. |
| -cl | CPU threshold below which to create a dump of the process. |
| -d | Invoke the minidump callback routine named MiniDumpCallbackRoutine of the specified DLL. |
| -e | Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions. |
| -f | Filter the first chance exceptions. Wildcards (*) are supported. To just display the names without dumping, use a blank ("") filter. |
| -fx | Filter (exclude) on the content of exceptions and debug logging. Wildcards are supported. |
| -g | Run as a native debugger in a managed process (no interop). |
| -h | Write dump if process has a hung window (does not respond to window messages for at least 5 seconds). |
| -i | Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp, -d and -r are supported as additional options. |
| -k | Kill the process after cloning (-r), or at the end of dump collection |
| -l | Display the debug logging of the process. |
| -m | Memory commit threshold in MB at which to create a dump. |
| -ma | Write a dump file with all process memory. The default dump format only includes thread and handle information. |
| -mc | Write a custom dump file. Include memory defined by the specified MINIDUMP_TYPE mask (Hex). |
| -md | Write a Callback dump file. Include memory defined by the MiniDumpWriteDump callback routine named MiniDumpCallbackRoutine of the specified DLL. |
| -mk | Also write a Kernel dump file. Includes the kernel stacks of the threads in the process. OS doesn't support a kernel dump (-mk) when using a clone (-r). When using multiple dump sizes, a kernel dump is taken for each dump size. |
| -ml | Trigger when memory commit drops below specified MB value. |
| -mm | Write a mini dump file (default). |
| -mp | Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%. |
| -n | Number of dumps to write before exiting. |
| -o | Overwrite an existing dump file. |
| -p | Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: "\Process(<name>_<pid>)\counter" |
| -pl | Trigger when performance counter falls below the specified value. |
| -r | Dump using a clone. Concurrent limit is optional (default 1, max 5). CAUTION: a high concurrency value may impact system performance. - Windows 7 : Uses Reflection. OS doesn't support -e. - Windows 8.0 : Uses Reflection. OS doesn't support -e. - Windows 8.1+: Uses PSS. All trigger types are supported. |
| -s | Consecutive seconds before dump is written (default is 10). |
| -t | Write a dump when the process terminates. |
| -u | Treat CPU usage relative to a single core (used with -c). As the only option, Uninstalls ProcDump as the postmortem debugger. |
| -w | Wait for the specified process to launch if it's not running. |
| -wer | Queue the (largest) dump to Windows Error Reporting. |
| -x | Launch the specified image with optional arguments. If it is a Store Application or Package, ProcDump will start on the next activation (only). |
| -64 | By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. Only use for WOW64 subsystem debugging. |
| -? | Use -? -e to see example command lines. |
如果省略轉儲文件名,則默認為<processname>.dmp。使用-accepteula命令行選項自動接受Sysinternals許可協議。
自動終止:設置名為“procdump-<PID>”的事件與鍵入Ctrl+C以正常終止procdump相同
Filename:
默認dump文件名: PROCESSNAME_YYMMDD_HHMMSS.dmp
支持以下替換:
PROCESSNAME Process Name
Process ID PID
EXCEPTIONCODE Exception Code
YYMMDD Year/Month/Day
HHMMSS Hour/Minute/Second
幾個例子
名為“記事本”的進程的小型轉儲(只能存在一個匹配項):
C:\>procdump notepad
使用PID'4572編寫進程的完整轉儲:
C:\>procdump -ma 4572
在名為“記事本”的進程中每隔5秒寫入3個小轉儲:
C:\>procdump -s 5 -n 3 notepad
當名為“consume”的進程的CPU使用率超過20%並持續5秒時,最多寫入3個小轉儲:
C:\>procdump -c 20 -s 5 -n 3 consume
當一個名為“hang.exe”的進程的某個窗口的響應時間超過5秒時,為該進程編寫一個小型轉儲:
C:\>procdump -h hang.exe hungwindow.dmp
當系統CPU總使用率超過20%並持續10秒時,寫入名為“outlook”的進程的小型轉儲:
C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20
當outlook的句柄數超過10000時,寫入名為“outlook”的進程的完整轉儲:
C:\>procdump -ma outlook -p "\Process(Outlook)\Handle Count" 10000
當Microsoft Exchange信息存儲有未處理的異常時,寫入其MiniPlus轉儲:
C:\>procdump -mp -e store.exe
顯示w3wp.exe的異常代碼/名稱而不寫入轉儲文件:
C:\>procdump -e 1 -f "" w3wp.exe
如果異常的代碼/名稱包含“NotFound”,則寫入w3wp.exe的小型轉儲:
C:\>procdump -e 1 -f NotFound w3wp.exe
啟動一個進程,然后監視它是否有異常:
C:\>procdump -e 1 -f "" -x c:\dumps consume.exe
注冊啟動並嘗試激活現代“應用程序”。當新的ProcDump實例被激活以監視異常時,它將啟動:
C:\>procdump -e 1 -f "" -x c:\dumpsMicrosoft.BingMaps_8wekyb3d8bbwe!AppexMaps
注冊推出現代“套餐”。新的ProcDump實例將在(手動)激活以監視異常時啟動:
C:\>procdump -e 1 -f "" -x c:\dumps Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe
注冊為實時(AeDebug)調試器。在c:\dumps中生成完整轉儲.
C:\>procdump -ma -i c:\dumps
查看示例命令行列表(示例如下所示):
C:\>procdump -? -e