This article provides an overview on Microsoft's Sysinternals ProcDump tool, how to use it to produce memory dumps with applications that exhibit occasional high CPU utilization.
ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike. It also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters.
Here's how to use it:
- Download latest version of ProcDump here.
- Extract the tool (procdump.exe) on a temporary folder like %systemroot%\temp on the target computer.
- Open command prompt (run as the Administrator) and change the directory to where the procdump.exe was extracted.
- Run the following command:procdump -ma someprocess.exe -s 20 -p "\Processor(_Total)\% Processor Time" 80
- Click the Agree button when the EULA dialog box shows up.
The switches are defined as follows:
-ma someprocess.exe - means generate full dump on ntrtscan.exe process
-s 20 - means 20 seconds before creating dump
-p "\Processor(_Total)\% Processor Time" - 80 means threshold of 80% CPU
When the above command is executed, ProcDump monitors someprocess.exe and only when it reaches 80% CPU Utilization for 20 seconds that the tool starts creating the full memory dump. The tool terminates itself after creating the process dump file found in the same file path as the procdump.exe.
Reference Microsoft article: ProcDump v7.0