EDN Admin
Well-known member
In this 3 part episode of Defrag Tools , Andrew and I walk you through Sysinternals ProcDump . ProcDump allows you to capture the memory of a process running on the computer. The dump file can be of varying size and can be taken with varying outage durations. Dumps can be triggered immediately or can be triggered by a variety of events including CPU utilization, Memory utilization, a Performance Counter, a Hung Window and/or Native/Managed exceptions. http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-3-Process-Monitor Part 1 (this week) covers what the tool captures and the outage durations that can be expected.
Part 2 goes through the wide variety of triggering options; in particular 1st and 2nd chance exceptions.
Part 3 goes through Windows 8 Modern Application support and Process Monitor logging support. Resources:
http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx Sysinternals ProcDump
http://technet.microsoft.com/en-us/sysinternals/dd535533.aspx Sysinternals VMMap <span><span> Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=01m15s [01:15] - Download latest version - http://www.sysinternals.com www.sysinternals.com
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=02m23s [02:23] - ProcDump v5 features
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=03m52s [03:52] - Task Manager, Process Explorer vs. ProcDump
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=05m32s [05:32] - Dump architecture (x86 vs. x64) needs to match the target
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=08m02s [08:02] - Mini, Full (-ma), MiniPlus (-mp) and Custom (-d) dumps
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=13m45s [13:45] - WinDbg - rely on Mapped Memory Image File
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=16m54s [16:54] - ProcDump Custom Dump Support (-d <dll>) - [ http://msdn.microsoft.com/en-us/magazine/28014460-afba-4167-aaa8-ba7960a6a902 MSDN Magazine ]
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=18m34s [18:34] - Detach at Shutdown, Logoff, Console Close, Ctrl-C, Ctrl-Break
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=19m15s [19:15] - Process Reflection (-r)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=21m44s [21:44] - Episode review and required permissions
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=23m03s [23:03] - Next episode, triggering... <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:ee164cb9f6104a229782a0d201415d7b
View the full article
Part 2 goes through the wide variety of triggering options; in particular 1st and 2nd chance exceptions.
Part 3 goes through Windows 8 Modern Application support and Process Monitor logging support. Resources:
http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx Sysinternals ProcDump
http://technet.microsoft.com/en-us/sysinternals/dd535533.aspx Sysinternals VMMap <span><span> Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=01m15s [01:15] - Download latest version - http://www.sysinternals.com www.sysinternals.com
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=02m23s [02:23] - ProcDump v5 features
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=03m52s [03:52] - Task Manager, Process Explorer vs. ProcDump
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=05m32s [05:32] - Dump architecture (x86 vs. x64) needs to match the target
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=08m02s [08:02] - Mini, Full (-ma), MiniPlus (-mp) and Custom (-d) dumps
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=13m45s [13:45] - WinDbg - rely on Mapped Memory Image File
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=16m54s [16:54] - ProcDump Custom Dump Support (-d <dll>) - [ http://msdn.microsoft.com/en-us/magazine/28014460-afba-4167-aaa8-ba7960a6a902 MSDN Magazine ]
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=18m34s [18:34] - Detach at Shutdown, Logoff, Console Close, Ctrl-C, Ctrl-Break
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=19m15s [19:15] - Process Reflection (-r)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=21m44s [21:44] - Episode review and required permissions
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump#time=23m03s [23:03] - Next episode, triggering... <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:ee164cb9f6104a229782a0d201415d7b
View the full article