使用ProcDump自动生成Dump文件

时间:2022-03-06 16:47:57

ProcDump工具来自Sysinternals Suite

最近用来自动产生Dump文件

一是用来监视服务器程序无响应

procdump -accepteula -64 -ma -h server.exe

二是用来监视客户端程序闪退(猜测是有未处理的异常)

procdump -accepteula -ma -e client.exe

注意:客户端程序是32位,服务器程序是64位的

下面的例子来自官方介绍:

为名为“notepad”的进程产生迷你Dump文件(只能有一个匹配的进程存在)

C:\>procdump notepad

为ID为4572的进程产生完整Dump文件

C:\>procdump -ma 4572

为名为“notepad”的进程产生3个迷你Dump文件(每个之间间隔5秒钟)

C:\>procdump -s 5 -n 3 notepad

当名为“consume”的进程超过20%CPU达到5秒时产生最多3个迷你Dump文件

C:\>procdump -c 20 -s 5 -n 3 consume

Write a mini dump for a process named 'hang.exe' when one of it's Windows is unresponsive for more than 5 seconds:

C:\>procdump -h hang.exe hungwindow.dmp

Write a mini dump of a process named 'outlook' when total system CPU usage exceeds 20% for 10 seconds:

C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20

Write a full dump of a process named 'outlook' when Outlook's handle count exceeds 10,000:

C:\>procdump -ma outlook -p "\Process(Outlook)\Handle Count" 10000

Write a MiniPlus dump of the Microsoft Exchange Information Store when it has an unhandled exception:

C:\>procdump -mp -e store.exe

Display without writing a dump, the exception codes/names of w3wp.exe:

C:\>procdump -e 1 -f "" w3wp.exe

Write a mini dump of w3wp.exe if an exception's code/name contains 'NotFound':

C:\>procdump -e 1 -f NotFound w3wp.exe

Launch a process and then monitor it for exceptions:

C:\>procdump -e 1 -f "" -x c:\dumps consume.exe

Register for launch, and attempt to activate, a modern 'application'. A new ProcDump instance will start when it activated to monitor for exceptions:

C:\>procdump -e 1 -f "" -x c:\dumpsMicrosoft.BingMaps_8wekyb3d8bbwe!AppexMaps

Register for launch of a modern 'package'. A new ProcDump instance will start when it is (manually) activated to monitor for exceptions:

C:\>procdump -e 1 -f "" -x c:\dumps Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe

Register as the Just-in-Time (AeDebug) debugger. Makes full dumps in c:\dumps.

C:\>procdump -ma -i c:\dumps

See a list of example command lines (the examples are listed above):

C:\>procdump -? -e