27931: Creating Process Dumps with ProcDump

Also read in:

use Google Translate

Operating Systems: 

Last update: 25-08-2022

How to create dumps of crashed/stuck process using ProcDump

Introduction

ProcDump (procdump.exe), a Windows Sysinternals tool. It allows you to create dumps of the processes in any scenario that may arise while troubleshooting issues with Acronis products.

If an application crashes in Windows 2000, Windows XP or Windows Server 2003 you can create Dr. Watson Crash Dump instead.

(!) When Procdump captures the dump file, it does not kill the running process.

Solution

To create a dump with ProcDump, do the following:

  1. Download ProcDump from Windows Sysinternals site;
  2. Create a folder where dumps will be stored (e.g. C:\Dumps\);
  3. Unzip the archive and put the procdump.exe in to the created directory;
  4. Open Windows command-line: Hit Start -> Run and type in cmd. We recommend running cmd with administrative privileges (right-click -> run as administrator), otherwise, the utility might not find the required process;
  5. In CMD, switch to the newly created folder using the cd command:

    cd <path_to_folder> 

    For example: cd C:\Dumps

  6. Depending on the nature of the issue (immediate process crash, hanging process, lock-up etc.) choose what options are to be used with ProcDump. See the most common examples below:

    A. Situations when processes are crashing (e.g. right upon starting, or they crash randomly) can be universally handled by the following command:

    procdump -e -ma -w <process_name>

    E.g. if you have service_process.exe crashing, the command will look like:

    procdump -e -ma -w service_process.exe

    => this will execute ProcDump to monitor for the process to start (if it's not running yet) and create a full process memory dump as soon as it encounters an unhandled exception and crashes.

    In case you need to capture memory dumps of more than one process, or you don't know what process is going to crash (e.g. when provided with custom libraries), use the following command - it will capture all memory dumps for any crash that occurs:

    procdump -ma -i C:\dumps

    B. If you need to create a dump file of the running process in its current state (e.g. if there is a suspicion the process hangs or it is necessary to understand why the service uses a lot of resources, etc.), use the following command:

    procdump -ma -s 5 -n 3  <process_name> 

    (this command will write 3 mini dumps 5 seconds apart; change the numbers if needed)

    or using PID (useful if multiple processes with the same name are running):

    procdump -ma <process_PID> (where process_PID is the process identifier)

    E.g. in case mms.exe seems to be hanging, the following command can be used:

    procdump -ma -s 5 - n 3 mms.exe

    or

    procdump -ma 3255 (if 3255 is the process identifier)

    (!) The full list of the parameters can be found on the ProcDump download page or by issuing command procdump /? ;

    (!) If you get a message Multiple processes match the specified name, use Just-in-time debugging

  7. Once the necessary dumps are created, you can locate them in the same folder where ProcDump resides (e.g. C:\Dumps\);
  8. Compress the process dump into a .zip file;
  9. It is recommended to collect a fresh output of AcronisInfo Utility;
  10. Send the dump file (with the system report or Acronis info output) to Acronis Support via FTP: see Uploading Files to Acronis FTP Server. A unique FTP link tied to your case can be provided by the Support Engineer assigned to your case.

You can also set up Just-in-time debugging (AeDebug Windows option) to collect crash dump automatically in case of a process crash. For example, if previous ways did not work. Once configured, the system will invoke procdump automatically, without any user interaction, whenever an application crash event occurs and the dump file will be written automatically. Also, the system can be rebooted any amount of times and there will be no need for any extra action after each reboot to resume monitoring for crashes.

More information

To collect dump files of multiple processes with a given name:

  1. Navigate to the directory where procdump.exe is located.
  2. Execute:
    for /f "tokens=2 delims=," %F in ('tasklist /nh /fi "imagename eq <process>.exe" /fo csv') do procdump -ma %~F SP_%~F.dmp
    where <process> is the name of the process(es) you are collecting dumps of, for example service_process.exe

    Or create a batch file with this command:
    for /f "tokens=2 delims=," %%F in ('tasklist /nh /fi "imagename eq <process>.exe" /fo csv') do procdump -ma %%~F SP_%%~F.dmp
    where <process> is the name of the process(es) you are collecting dumps of, for example service_process.exe

Please also check the Process Explorer tool which can be useful for dumps creation:

http://technet.microsoft.com/en-en/sysinternals/bb896653.aspx

This tool detects which dump (32/64 Bit) should be created automatically.

See also:

 

Tags: