learn.microsoft.com
Open in
urlscan Pro
23.45.150.46
Public Scan
URL:
https://learn.microsoft.com/en-us/sysinternals/downloads/procdump
Submission: On July 06 via manual from CA — Scanned from CA
Submission: On July 06 via manual from CA — Scanned from CA
Form analysis 3 forms found in the DOM
Name: site-header-search-form-mobile — GET /en-us/search/
<form class="flex-grow-1" method="GET" role="search" id="ms--site-header-search-form-mobile" data-bi-name="site-header-search-form-mobile" name="site-header-search-form-mobile" aria-label="Search" action="/en-us/search/">
<div class="autocomplete display-block" data-bi-name="autocomplete"><!---->
<div class="field-body control ">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="site-header-search-autocomplete-input-mobile"
data-test-id="site-header-search-autocomplete-input-mobile" class="autocomplete-input input
width-full" type="search" name="terms" aria-expanded="false" aria-owns="ax-3-listbox" aria-controls="ax-3-listbox" aria-activedescendant="" aria-label="Search" aria-describedby="ms--site-header-search-autocomplete-input-mobile-description"
placeholder="Search" data-bi-name="site-header-search-autocomplete-input-mobile" pattern=".*">
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--site-header-search-autocomplete-input-mobile-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-3-listbox" data-test-id="site-header-search-autocomplete-input-mobile-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
<!-- mobile safari will not dispatch submit event unless there's a submit button that is not display:none -->
<button type="submit" class="visually-hidden" tabindex="-1" aria-hidden="true"></button>
<input name="category" hidden="" value="">
</form>Name: site-header-search-form — GET /en-us/search/
<form class="flex-grow-1" method="GET" role="search" id="ms--site-header-search-form" data-bi-name="site-header-search-form" name="site-header-search-form" aria-label="Search" action="/en-us/search/">
<div class="autocomplete display-block" data-bi-name="autocomplete"><!---->
<div class="field-body control ">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="site-header-search-autocomplete-input" data-test-id="site-header-search-autocomplete-input" class="autocomplete-input input input-sm
width-full" type="search" name="terms" aria-expanded="false" aria-owns="ax-2-listbox" aria-controls="ax-2-listbox" aria-activedescendant="" aria-label="Search" aria-describedby="ms--site-header-search-autocomplete-input-description"
placeholder="Search" data-bi-name="site-header-search-autocomplete-input" pattern=".*">
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--site-header-search-autocomplete-input-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-2-listbox" data-test-id="site-header-search-autocomplete-input-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
<!-- mobile safari will not dispatch submit event unless there's a submit button that is not display:none -->
<button type="submit" class="visually-hidden" tabindex="-1" aria-hidden="true"></button>
<input name="category" hidden="" value="">
</form>javascript:
<form action="javascript:" role="search" aria-label="Search" class="margin-bottom-xxs"><label class="visually-hidden" for="ax-0">Search</label>
<div class="autocomplete display-block" data-bi-name="autocomplete"><!---->
<div class="field-body control has-icons-left">
<input role="combobox" maxlength="100" aria-autocomplete="list" autocapitalize="off" autocomplete="off" autocorrect="off" spellcheck="false" id="ax-0" data-test-id="ax-0" class="autocomplete-input input input-sm
control has-icons-left
width-full" type="text" aria-expanded="false" aria-owns="ax-1-listbox" aria-controls="ax-1-listbox" aria-activedescendant="" aria-describedby="ms--ax-0-description" placeholder="Filter by title" pattern=".*">
<span aria-hidden="true" class="icon is-small is-left">
<span class="has-text-primary docon docon-filter-settings"></span>
</span>
<span aria-hidden="true" class="autocomplete-loader loader has-text-primary " hidden=""></span>
<span hidden="" id="ms--ax-0-description"> Suggestions will filter as you type </span>
</div>
<ul role="listbox" id="ax-1-listbox" data-test-id="ax-0-listbox" class="autocomplete-suggestions is-vertically-scrollable padding-xxs " aria-label="Suggestions" hidden="">
</ul>
<!---->
</div>
</form>Text Content
Skip to main content
We use optional cookies to improve your experience on our websites, such as
through social media connections, and to display personalized advertising based
on your online activity. If you reject optional cookies, only cookies necessary
to provide you the services will be used. You may change your selection by
clicking “Manage Cookies” at the bottom of the page. Privacy Statement
Third-Party Cookies
Accept Reject Manage cookies
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security
updates, and technical support.
Download Microsoft Edge More info about Internet Explorer and Microsoft Edge
Learn
Suggestions will filter as you type
Sign in
* Profile
* Settings
Sign out
Learn
* Discover
* Documentation
In-depth articles on Microsoft developer tools and technologies
* Training
Personalized learning paths and courses
* Credentials
Globally recognized, industry-endorsed credentials
* Q&A
Technical questions and answers moderated by Microsoft
* Code Samples
Code sample library for Microsoft developer tools and technologies
* Assessments
Interactive, curated guidance and recommendations
* Shows
Thousands of hours of original programming from Microsoft experts
Featured assessment
It's your AI learning journey
Wherever you are in your AI journey, Microsoft Learn meets you where you are
and helps you deepen your skills.
* Product documentation
* ASP.NET
* Azure
* Dynamics 365
* Microsoft 365
* Microsoft Edge
* Microsoft Entra
* Microsoft Graph
* Microsoft Intune
* Microsoft Purview
* Microsoft Teams
* .NET
* Power Apps
* Power Automate
* Power BI
* Power Platform
* PowerShell
* SQL
* Sysinternals
* Visual Studio
* Windows
* Windows Server
View all products
Featured assessment
It's your AI learning journey
Wherever you are in your AI journey, Microsoft Learn meets you where you are
and helps you deepen your skills.
* Development languages
* C++
* C#
* DAX
* Java
* OData
* OpenAPI
* Power Query M
* VBA
Featured assessment
It's your AI learning journey
Wherever you are in your AI journey, Microsoft Learn meets you where you are
and helps you deepen your skills.
* Topics
* Artificial intelligence
* Compliance
* DevOps
* Platform engineering
* Security
Featured assessment
It's your AI learning journey
Wherever you are in your AI journey, Microsoft Learn meets you where you are
and helps you deepen your skills.
Suggestions will filter as you type
Sign in
* Profile
* Settings
Sign out
Sysinternals
* Downloads
* Community
* Resources
* More
* Downloads
* Community
* Resources
Table of contents Exit focus mode
Search
Suggestions will filter as you type
* Home
* Downloads
* Downloads
* File and Disk Utilities
* Networking Utilities
* Process Utilities
* Process Utilities
* AutoRuns
* Handle
* ListDLLs
* Portmon
* ProcDump
* Process Explorer
* Process Monitor
* PsExec
* PsGetSid
* PsKill
* PsList
* PsService
* PsSuspend
* PsTools
* ShellRunas
* VMMap
* Security Utilities
* System Information
* Miscellaneous
* Sysinternals Suite
* Microsoft Store
* Community
* Resources
* Software License Terms
* Licensing FAQ
Download PDF
1. Learn
2. Sysinternals
1. Learn
2. Sysinternals
Read in English Save
* Add to Collections
* Add to Plan
Table of contents Read in English Add to Collections Add to Plan Edit
--------------------------------------------------------------------------------
SHARE VIA
Facebook x.com LinkedIn Email
--------------------------------------------------------------------------------
Print
Table of contents
PROCDUMP V11.0
* Article
* 12/12/2022
* 8 contributors
Feedback
IN THIS ARTICLE
1. Introduction
2. Using ProcDump
3. Examples
4. Related Links
5. Learn More
By Mark Russinovich and Andrew Richards
Published: 11/03/2022
Download ProcDump (714 KB)
Download ProcDump for Linux (GitHub)
Created with ZoomIt
INTRODUCTION
ProcDump is a command-line utility whose primary purpose is monitoring an
application for CPU spikes and generating crash dumps during a spike that an
administrator or developer can use to determine the cause of the spike. ProcDump
also includes hung window monitoring (using the same definition of a window hang
that Windows and Task Manager use), unhandled exception monitoring and can
generate dumps based on the values of system performance counters. It also can
serve as a general process dump utility that you can embed in other scripts.
USING PROCDUMP
Capture Usage:
Windows Command Prompt Copy
procdump.exe [-mm] [-ma] [-mt] [-mp] [-mc <Mask>] [-md <Callback_DLL>] [-mk]
[-n <Count>]
[-s <Seconds>]
[-c|-cl <CPU_Usage> [-u]]
[-m|-ml <Commit_Usage>]
[-p|-pl <Counter> <Threshold>]
[-h]
[-e [1] [-g] [-b] [-ld] [-ud] [-ct] [-et]]
[-l]
[-t]
[-f <Include_Filter>, ...]
[-fx <Exclude_Filter>, ...]
[-dc <Comment>]
[-o]
[-r [1..5] [-a]]
[-at <Timeout>]
[-wer]
[-64]
{
{{[-w] <Process_Name> | <Service_Name> | <PID>} [<Dump_File> | <Dump_Folder>]}
|
{-x <Dump_Folder> <Image_File> [Argument, ...]}
}
Install Usage:
Windows Command Prompt Copy
procdump.exe -i [Dump_Folder]
[-mm] [-ma] [-mt] [-mp] [-mc <Mask>] [-md <Callback_DLL>] [-mk]
[-r]
[-at <Timeout>]
[-k]
[-wer]
Uninstall Usage:
Windows Command Prompt Copy
procdump.exe -u
Dump Types:
Expand table
Dump Type Description -mm Write a 'Mini' dump file. (default)
- Includes directly and indirectly referenced memory (stacks and what they
reference).
- Includes all metadata (Process, Thread, Module, Handle, Address Space, etc.).
-ma Write a 'Full' dump file.
- Includes all memory (Image, Mapped and Private).
- Includes all metadata (Process, Thread, Module, Handle, Address Space, etc.).
-mt Write a 'Triage' dump file.
- Includes directly referenced memory (stacks).
- Includes limited metadata (Process, Thread, Module and Handle).
- Removal of sensitive information is attempted but not guaranteed. -mp Write a
'MiniPlus' dump file.
- Includes all Private memory and all Read/Write Image or Mapped memory.
- Includes all metadata (Process, Thread, Module, Handle, Address Space, etc.).
- To minimize size, the largest Private memory area over 512MB is excluded.
A memory area is defined as the sum of same-sized memory allocations.
The dump is as detailed as a Full dump but 10%-75% the size.
- Note: CLR processes are dumped as Full (-ma) due to debugging limitations. -mc
Write a 'Custom' dump file.
- Includes the memory and metadata defined by the specified MINIDUMP_TYPE mask
(Hex). -md Write a 'Callback' dump file.
- Includes the memory defined by the MiniDumpWriteDump callback routine named
MiniDumpCallbackRoutine of the specified DLL.
- Includes all metadata (Process, Thread, Module, Handle, Address Space, etc.).
-mk Also write a 'Kernel' dump file.
- Includes the kernel stacks of the threads in the process.
- OS doesn't support a kernel dump (-mk) when using a clone (-r).
- When using multiple dump sizes, a kernel dump is taken for each dump size.
Conditions:
Expand table
Condition Description -a Avoid outage. Requires -r. If the trigger will cause
the target to suspend for a prolonged time due to an exceeded concurrent dump
limit, the trigger will be skipped. -at Avoid outage at Timeout. Cancel the
trigger's collection at N seconds. -b Treat debug breakpoints as exceptions
(otherwise ignore them). -c CPU threshold above which to create a dump of the
process. -cl CPU threshold below which to create a dump of the process. -dc Add
the specified string to the generated Dump Comment. -e Write a dump when the
process encounters an unhandled exception.
Include the 1 to create dump on first chance exceptions.
Add -ld to create a dump when a DLL (module) is loaded (filtering applies).
Add -ud to create a dump when a DLL (module) is unloaded (filtering applies).
Add -ct to create a dump when a thread is created.
Add -et to create a dump when a thread exits. -f Filter (include) on the content
of exceptions, debug logging and filename at DLL load/unload. Wildcards (*) are
supported. -fx Filter (exclude) on the content of exceptions, debug logging and
filename at DLL load/unload. Wildcards (*) are supported. -g Run as a native
debugger in a managed process (no interop). -h Write dump if process has a hung
window (does not respond to window messages for at least 5 seconds). -k Kill the
process after cloning (-r), or at end of dump collection. -l Display the debug
logging of the process. -m Memory commit threshold in MB at which to create a
dump. -ml Trigger when memory commit drops below specified MB value. -n Number
of dumps to write before exiting. -o Overwrite an existing dump file. -p Trigger
when the Performance Counter is at, or exceeds, the specified Threshold. Some
Counters and/or Instance Names can be case-sensitive. -pl Trigger when the
Performance Counter falls below the specified Threshold. -r Dump using a clone.
Concurrent limit is optional (default 1, max 5). OS doesn't support a kernel
dump (-mk) when using a clone (-r). CAUTION: a high concurrency value may impact
system performance.
- Windows 7: Uses Reflection. OS doesn't support -e.
- Windows 8.0: Uses Reflection. OS doesn't support -e.
- Windows 8.1+: Uses PSS. All trigger types are supported. -s Consecutive
seconds before dump is written (default is 10). -t Write a dump when the process
terminates. -u Treat CPU usage relative to a single core (used with -c). -v
DEBUG ONLY: Verbose output. -w Wait for the specified process to launch if it's
not running. -wer Queue the (largest) dump to Windows Error Reporting. -x Launch
the specified image with optional arguments. If it is a Store Application or
Package, ProcDump will start on the next activation (only). -y HIDDEN: Store
Application activation. -64 By default ProcDump will capture a 32-bit dump of a
32-bit process when running on 64-bit Windows. This option overrides to create a
64-bit dump. Only use for WOW64 subsystem debugging.
License Agreement:
Use the -accepteula command line option to automatically accept the Sysinternals
license agreement.
Automated Termination:
-cancel <Target Process PID>
Using this option or setting an event with the name ProcDump-<PID> is the same
as typing Ctrl+C to gracefully terminate ProcDump. Graceful termination ensures
the process is resumed if a capture is active. The cancellation applies to ALL
ProcDump instances monitoring the process.
Filename:
Default dump filename: PROCESSNAME_YYMMDD_HHMMSS.dmp
The following substitutions are supported:
Expand table
Substitution Explanation PROCESSNAME Process Name PID Process ID EXCEPTIONCODE
Exception Code YYMMDD Year/Month/Day HHMMSS Hour/Minute/Second
EXAMPLES
* Write a mini dump of a process named 'notepad' (only one match can exist):
Windows Command Prompt Copy
C:\>procdump notepad
* Write a Full dump of a process with PID '4572':
Windows Command Prompt Copy
C:\>procdump -ma 4572
* Write a Mini first, and then a Full dump of a process with PID '4572':
Windows Command Prompt Copy
C:\>procdump -mm -ma 4572
* Write 3 Mini dumps 5 seconds apart of a process named 'notepad':
Windows Command Prompt Copy
C:\>procdump -n 3 -s 5 notepad
* Write up to 3 Mini dumps of a process named 'consume' when it exceeds 20% CPU
usage for five seconds:
Windows Command Prompt Copy
C:\>procdump -n 3 -s 5 -c 20 consume
* Write a Mini dump for a process named 'hang.exe' when one of its windows is
unresponsive for more than 5 seconds:
Windows Command Prompt Copy
C:\>procdump -h hang.exe
* Write a Full and Kernel dump for a process named 'hang.exe' when one of its
windows is unresponsive for more than 5 seconds:
Windows Command Prompt Copy
C:\>procdump -ma -mk -h hang.exe
* Write a Mini dump of a process named 'outlook' when total system CPU usage
exceeds 20% for 10 seconds:
Windows Command Prompt Copy
C:\>procdump outlook -s 10 -p "\Processor(_Total)\% Processor Time" 20
* Write a Full dump of a process named 'outlook' when Outlook's handle count
exceeds 10,000:
Windows Command Prompt Copy
C:\>procdump -ma outlook -p "\Process(Outlook)\Handle Count" 10000
* Write a Full dump of 'svchost' PID 1234, Instance #87, when the handle count
exceeds 10,000:
Windows Command Prompt Copy
C:\>procdump -ma 1234 -p "\Process(svchost#87)\Handle Count" 10000
Note: Multiple Instance Counters
If there are multiple instances of the counter, you'll need to include the
Name and/or Instance number.
txt Copy
\Processor(NNN)\% Processor Time
\Thermal Zone Information(<name>)\Temperature
\Process(<name>[#NNN])\<counter>
Older OSes require you to append the PID for \Process counters.
txt Copy
\Process(<name>[_PID])\<counter>
Tip: Use Performance Monitor to view the counters (esp. case sensitivity).
Tip: For \Process(*) based counters, use PowerShell to map a PID to its #NNN.
pwsh Copy
Get-Counter -Counter "\Process(*)\ID Process"
* Write a Full dump for a 2nd chance exception:
Windows Command Prompt Copy
C:\>procdump -ma -e w3wp.exe
* Write a Full dump for a 1st or 2nd chance exception:
Windows Command Prompt Copy
C:\>procdump -ma -e 1 w3wp.exe
* Write a Full dump for a debug string message:
Windows Command Prompt Copy
C:\>procdump -ma -l w3wp.exe
* Write up to 10 Full dumps of each 1st or 2nd chance exception of w3wp.exe:
Windows Command Prompt Copy
C:\>procdump -ma -n 10 -e 1 w3wp.exe
* Write up to 10 Full dumps if an exception's code/name/msg contains
'NotFound':
Windows Command Prompt Copy
C:\>procdump -ma -n 10 -e 1 -f NotFound w3wp.exe
* Write up to 10 Full dumps if a debug string message contains 'NotFound':
Windows Command Prompt Copy
C:\>procdump -ma -n 10 -l -f NotFound w3wp.exe
* Wait for a process called 'notepad' (and monitor it for exceptions):
Windows Command Prompt Copy
C:\>procdump -e -w notepad
* Launch a process called 'notepad' (and monitor it for exceptions):
Windows Command Prompt Copy
C:\>procdump -e -x c:\dumps notepad
* Register for launch, and attempt to activate, a store 'application'. A new
ProcDump instance will start when it is activated:
Windows Command Prompt Copy
C:\>procdump -e -x c:\dumps Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps
* Register for launch of a store 'package'. A new ProcDump instance will start
when it is (manually) activated:
Windows Command Prompt Copy
C:\>procdump -e -x c:\dumps Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe
* Write a MiniPlus dump of the Microsoft Exchange Information Store when it has
an unhandled exception:
Windows Command Prompt Copy
C:\>procdump -mp -e store.exe
* Display without writing a dump, the exception codes/names of w3wp.exe:
Windows Command Prompt Copy
C:\>procdump -e 1 -f "" w3wp.exe
* Windows 7/8.0; Use Reflection to reduce outage for 5 consecutive triggers:
Windows Command Prompt Copy
C:\>procdump -r -ma -n 5 -s 15 wmplayer.exe
* Windows 8.1+; Use PSS to reduce outage for 5 concurrent triggers:
Windows Command Prompt Copy
C:\>procdump -r 5 -ma -n 5 -s 15 wmplayer.exe
* Install ProcDump as the (AeDebug) postmortem debugger:
Windows Command Prompt Copy
C:\>procdump -ma -i c:\dumps
..or..
Windows Command Prompt Copy
C:\Dumps>procdump -ma -i
* Uninstall ProcDump as the (AeDebug) postmortem debugger:
Windows Command Prompt Copy
C:\>procdump -u
See a list of example command lines (the examples are listed above):
Windows Command Prompt Copy
C:\>procdump -? -e
RELATED LINKS
* Windows Internals Book The official updates and errata page for the
definitive book on Windows internals, by Mark Russinovich and David Solomon.
* Windows Sysinternals Administrator's Reference The official guide to the
Sysinternals utilities by Mark Russinovich and Aaron Margosis, including
descriptions of all the tools, their features, how to use them for
troubleshooting, and example real-world cases of their use.
Download ProcDump (714 KB)
Download ProcDump for Linux (GitHub)
Runs on:
* Client: Windows 8.1 and higher.
* Server: Windows Server 2012 and higher.
LEARN MORE
* Defrag Tools: #9 - ProcDump This episode of Defrag Tools covers what the tool
captures and expected outage durations
* Defrag Tools: #10 - ProcDump - Triggers This episode covers trigger options
in particular 1st & 2nd chance exceptions
* Defrag Tools: #11 - ProcDump - Windows 8 & Process Monitor This episode
covers modern application support and Process Monitor logging support
--------------------------------------------------------------------------------
ADDITIONAL RESOURCES
English (United States)
California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices
Theme
* Light
* Dark
* High contrast
* Manage cookies
* Previous Versions
* Blog
* Contribute
* Privacy
* Terms of Use
* Trademarks
* © Microsoft 2024
ADDITIONAL RESOURCES
IN THIS ARTICLE
English (United States)
California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices
Theme
* Light
* Dark
* High contrast
* Manage cookies
* Previous Versions
* Blog
* Contribute
* Privacy
* Terms of Use
* Trademarks
* © Microsoft 2024