EDN Admin
Well-known member
In this 3 part episode of Defrag Tools , Andrew Richards and Larry Larsen walk you through Sysinternals ProcDump . ProcDump allows you to capture the memory of a process running on the computer. The dump file can be of varying size and can be taken with varying outage durations. Dumps can be triggered immediately or can be triggered by a variety of events including CPU utilization, Memory utilization, a Performance Counter, a Hung Window and/or Native/Managed exceptions. http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-9-ProcDump Part 1 covers what the tool captures and the outage durations that can be expected.
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers Part 2 (this week) goes through the wide variety of triggering options; in particular 1st and 2nd chance exceptions.
Part 3 goes through Windows 8 Modern Application support and Process Monitor logging support.
Resources:
http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx Sysinternals ProcDump <span><span> Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=00m27s [00:27] - WinDbg -IA - Register File Associations
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=00m58s [00:58] - WinDbg -I - Postmortem Debugger (AeDebug) **
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=04m48s [04:48] - Triggers
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=05m13s [05:13] - Breakpoints (-b)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=06m03s [06:03] - CPU (-c) and Uniprocessor scale (-u) [ http://blogs.technet.com/b/markrussinovich/archive/2010/08/24/3351213.aspx Compound Case of the Outlook Hangs ]
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=11m06s [11:06] - Count (-n)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=11m42s [11:42] - Examples (-? -e)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=12m02s [12:02] - Performance Counters (-p <counter> <value>) *
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=13m20s [13:20] - Hung window (-h)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=13m36s [13:36] - Wait (-w <process>) and Execute (-x <folder> <process>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=14m28s [14:28] - Crashes (e.g. procdump -e -x c:dumps notepad) ***
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=16m45s [16:45] - Memory Commit (-m <Mb>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=18m25s [18:25] - Timed (-n <count> -s <seconds>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=21m30s [21:30] - Process Name vs PID
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=22m24s [22:24] - Exceptions; C++ (msc) vs CLR vs OS
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=23m35s [23:35] - Crashes & Recovery - aka 2nd Chance Exceptions (-e)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=28m40s [28:40] - 1st Chance Exceptions (-e 1)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=31m07s [31:07] - Exception Filtering (-f <filter>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=33m30s [33:30] - Exception Names
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=34m50s [34:50] - http://msdn.microsoft.com/en-us/library/windows/desktop/ms681381.aspx System Error Codes and !error
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=36m30s [36:30] - Ignore transistion to .NET 4 managed debugging (-g)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=38m07s [38:07] - Next time... Windows 8 Modern Applications and Process Monitor Logging
<span><span>* The Performance Counter (-p) trigger does use the seconds (-s) parameter.
<span><span>** ProcDump v5.1 (not yet released) adds procdump.exe -i <folder> support to set ProcDump as the postmortem debugger for both x64 and x86 applications (includes a JIT context).
*** If you are using ProcDump v5.0 as the postmortem debugger (doesnt include a JIT context), use these AeDebug settings:
Auto = "1"
Debugger = "C:mysysinternalsprocdump.exe %ld -ma c:dumps" <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:bb227dfcdaba44ad94bfa0d201418ecb
View the full article
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers Part 2 (this week) goes through the wide variety of triggering options; in particular 1st and 2nd chance exceptions.
Part 3 goes through Windows 8 Modern Application support and Process Monitor logging support.
Resources:
http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx Sysinternals ProcDump <span><span> Timeline:
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=00m27s [00:27] - WinDbg -IA - Register File Associations
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=00m58s [00:58] - WinDbg -I - Postmortem Debugger (AeDebug) **
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=04m48s [04:48] - Triggers
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=05m13s [05:13] - Breakpoints (-b)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=06m03s [06:03] - CPU (-c) and Uniprocessor scale (-u) [ http://blogs.technet.com/b/markrussinovich/archive/2010/08/24/3351213.aspx Compound Case of the Outlook Hangs ]
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=11m06s [11:06] - Count (-n)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=11m42s [11:42] - Examples (-? -e)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=12m02s [12:02] - Performance Counters (-p <counter> <value>) *
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=13m20s [13:20] - Hung window (-h)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=13m36s [13:36] - Wait (-w <process>) and Execute (-x <folder> <process>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=14m28s [14:28] - Crashes (e.g. procdump -e -x c:dumps notepad) ***
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=16m45s [16:45] - Memory Commit (-m <Mb>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=18m25s [18:25] - Timed (-n <count> -s <seconds>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=21m30s [21:30] - Process Name vs PID
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=22m24s [22:24] - Exceptions; C++ (msc) vs CLR vs OS
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=23m35s [23:35] - Crashes & Recovery - aka 2nd Chance Exceptions (-e)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=28m40s [28:40] - 1st Chance Exceptions (-e 1)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=31m07s [31:07] - Exception Filtering (-f <filter>)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=33m30s [33:30] - Exception Names
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=34m50s [34:50] - http://msdn.microsoft.com/en-us/library/windows/desktop/ms681381.aspx System Error Codes and !error
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=36m30s [36:30] - Ignore transistion to .NET 4 managed debugging (-g)
http://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-10-ProcDump-Triggers#time=38m07s [38:07] - Next time... Windows 8 Modern Applications and Process Monitor Logging
<span><span>* The Performance Counter (-p) trigger does use the seconds (-s) parameter.
<span><span>** ProcDump v5.1 (not yet released) adds procdump.exe -i <folder> support to set ProcDump as the postmortem debugger for both x64 and x86 applications (includes a JIT context).
*** If you are using ProcDump v5.0 as the postmortem debugger (doesnt include a JIT context), use these AeDebug settings:
Auto = "1"
Debugger = "C:mysysinternalsprocdump.exe %ld -ma c:dumps" <img src="http://m.webtrends.com/dcs1wotjh10000w0irc493s0e_6x1g/njs.gif?dcssip=channel9.msdn.com&dcsuri=http://channel9.msdn.com/Feeds/RSS&WT.dl=0&WT.entryid=Entry:RSSView:bb227dfcdaba44ad94bfa0d201418ecb
View the full article