Monitor an application for CPU spikes and/or generate a crash dump during a CPU spike.
Syntax procdump [-a] [[-c|-cl CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1 [-b]] [-f filter,...] [-g] [-h] [-l] [-m|-ml commit_threshold_MB] [-ma | -mp] [-o] [-p|-pl counter threshold] [-r] [-t] [-d <callback DLL>] [-64] <[-w] process_name_or_service_name_or_PID [dump_file] | -i dump_file | -u | -x dump_file image_file [arguments] >] [-accepteula] [-? [ -e] Key: -a Avoid outage. Requires -r. If the trigger will cause the target to suspend for a prolonged time due to an exceeded concurrent dump limit, the trigger will be skipped. -b Treat debug breakpoints as exceptions (otherwise ignore them). -c CPU threshold at which to create a dump of the process. -cl CPU threshold below which to create a dump of the process. -d Invoke the minidump callback routine named MiniDumpCallbackRoutine of the specified DLL. -e Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions. -f Filter the first chance exceptions. Wildcards (*) are supported. To just display the names without dumping, use a blank ("") filter. -g Run as a native debugger in a managed process (no interop). -h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds). -i Install ProcDump as the AeDebug postmortem debugger. Only -ma, -mp, -d and -r are supported as additional options. -l Display the debug logging of the process. -m Trigger a dump when memory commit reaches this threshold value (in MB). -ma Write a dump file with all process memory. The default dump format only includes thread and handle information. -ml Trigger when memory commit drops below specified threshold value (in MB). -mp Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%. -n Number of dumps to write before exiting. -o Overwrite an existing dump file. -p Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: "\Process(name_pid)\counter" -pl Trigger when performance counter falls below the specified value. -r Dump using a clone. Concurrent limit is optional (default 1, max 5). CAUTION: a high concurrency value can impact system performance. Windows 7 : Uses Reflection. OS doesn't support -e. Windows 8.0 : Uses Reflection. OS doesn't support -e. Windows 8.1+: Uses PSS. All trigger types are supported. -s Consecutive seconds before dump is written (default is 10). -t Write a dump when the process terminates. -u Treat CPU usage relative to a single core (used with -c). As the only option, Uninstalls ProcDump as the postmortem debugger. -w Wait for the specified process to launch if it's not running. -x Launch the specified image with optional arguments. If it is a Store Application or Package, ProcDump will start on the next activation (only). -64 By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. Only use for WOW64 subsystem debugging. -accepteula Suppress the display of the license dialog. -? Use -? -e to see example command lines.
If you omit the dump file name, it will default to processname_datetime.dmp
Write a mini dump of a process named 'notepad' (only one match can exist):
C:\> procdump notepad
Write a full dump of a process with PID '6464':
C:\> procdump -ma 6464
Write 3 mini dumps 5 seconds apart of a process named 'notepad':
C:\> procdump -s 5 -n 3 notepad
See a longer list of example command lines:
C:\> procdump -? -e
“History will be kind to me for I intend to write it” ~ Winston Churchill
PsKill - Kill processes by name or process ID.
PsList - List detailed information about processes.
SYSMON - Monitor and log system activity to the Windows event log