概要
手軽にプロセスダンプを採取する。
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\administrator>C:\Users\administrator\Downloads\Procdump\procdump.exe -?
ProcDump v7.0 - Writes process dump files
Copyright (C) 2009-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards
Monitors a process and writes a dump file when the process exceeds the
specified criteria or has an exception.
usage: procdump [-a] [[-c|-cl CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1]
[-b]] [-f <filter,...>] [-g] [-h] [-l] [-m|-ml commit usage] [-ma | -mp] [-o] [
-p|-pl counter threshold] [-r [1..5]] [-t] [-d ] [-64] <[-w] [dump file] | -i [dump folder] | -u | -x [arguments] >
-a Avoid outage. Requires -r. If the trigger will cause the target
to suspend for a prolonged time due to an exceeded concurrent
dump limit, the trigger will be skipped.
-b Treat debug breakpoints as exceptions (otherwise ignore them).
-c CPU threshold above which to create a dump of the process.
-cl CPU threshold below which to create a dump of the process.
-d Invoke the minidump callback routine named MiniDumpCallbackRoutine
of the specified DLL.
-e Write a dump when the process encounters an unhandled exception.
Include the 1 to create dump on first chance exceptions.
-f Filter on the content of exceptions and debug logging.
Wildcards (*) are supported.
-g Run as a native debugger in a managed process (no interop).
-h Write dump if process has a hung window (does not respond to
window messages for at least 5 seconds).
-i Install ProcDump as the AeDebug postmortem debugger.
Only -ma, -mp, -d and -r are supported as additional options.
Uninstall (-u only) restores the previous configuration.
-l Display the debug logging of the process.
-m Memory commit threshold in MB at which to create a dump.
-ml Trigger when memory commit drops below specified MB value.
-ma Write a dump file with all process memory. The default
dump format only includes thread and handle information.
-mp Write a dump file with thread and handle information, and all
read/write process memory. To minimize dump size, memory areas
larger than 512MB are searched for, and if found, the largest
area is excluded. A memory area is the collection of same
sized memory allocation areas. The removal of this (cache)
memory reduces Exchange and SQL Server dumps by over 90%.
-n Number of dumps to write before exiting.
-o Overwrite an existing dump file.
-p Trigger on the specified performance counter when the threshold
is exceeded. Note: to specify a process counter when there are
multiple instances of the process running, use the process ID
with the following syntax: "\Process(_)\counter"
-pl Trigger when performance counter falls below the specified value.
-r Dump using a clone. Concurrent limit is optional (default 1, max 5).
CAUTION: a high concurrency value may impact system performance.
- Windows 7 : Uses Reflection. OS doesn't support -e.
- Windows 8.0 : Uses Reflection. OS doesn't support -e.
- Windows 8.1+: Uses PSS. All trigger types are supported.
-s Consecutive seconds before dump is written (default is 10).
-t Write a dump when the process terminates.
-u Treat CPU usage relative to a single core (used with -c).
As the only option, Uninstalls ProcDump as the postmortem debugger.
-w Wait for the specified process to launch if it's not running.
-x Launch the specified image with optional arguments.
If it is a Store Application or Package, ProcDump will start
on the next activation (only).
-64 By default ProcDump will capture a 32-bit dump of a 32-bit process
when running on 64-bit Windows. This option overrides to create a
64-bit dump. Only use for WOW64 subsystem debugging.
Use the -accepteula command line option to automatically accept the
Sysinternals license agreement.
Use -? -e to see example command lines.
If you omit the dump file name, it defaults to _.dmp.
手順
C:\Users\administrator>C:\Users\administrator\Downloads\Procdump\procdump.exe -ma -t notepad.exe
ProcDump v7.0 - Writes process dump files
Copyright (C) 2009-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards
Process: notepad.exe (2600)
CPU threshold: n/a
Performance counter: n/a
Commit threshold: n/a
Threshold seconds: n/a
Hung window check: Disabled
Log debug strings: Disabled
Exception monitor: Disabled
Exception filter: *
Terminate monitor: Enabled
Cloning type: Disabled
Concurrent limit: n/a
Avoid outage: n/a
Number of dumps: 1
Dump folder: C:\Users\administrator\
Dump filename/mask: PROCESSNAME_YYMMDD_HHMMSS
Press Ctrl-C to end monitoring without terminating the process.
[16:11:43] Dump 1 initiated: C:\Users\administrator\notepad.exe_140515_161143.dm
p
[16:11:44] Dump 1 writing: Estimated dump file size is 47 MB.
[16:11:46] Dump 1 complete: 47 MB written in 2.7 seconds
[16:11:46] The process has exited.
[16:11:46] Dump count reached.
C:\Users\administrator>
