Defrag Tools: #10 - ProcDump - Triggers

Sign in to queue


In this 3 part episode of Defrag Tools, Andrew Richards and Larry Larsen walk you through Sysinternals ProcDump. ProcDump allows you to capture the memory of a process running on the computer. The dump file can be of varying size and can be taken with varying outage durations. Dumps can be triggered immediately or can be triggered by a variety of events including CPU utilization, Memory utilization, a Performance Counter, a Hung Window and/or Native/Managed exceptions.

Part 1 covers what the tool captures and the outage durations that can be expected.
Part 2 (this week) goes through the wide variety of triggering options; in particular 1st and 2nd chance exceptions.
Part 3 goes through Windows 8 Modern Application support and Process Monitor logging support.

Sysinternals ProcDump

[00:27] - WinDbg -IA - Register File Associations
[00:58] - WinDbg -I - Postmortem Debugger (AeDebug) **
[04:48] - Triggers
[05:13] - Breakpoints (-b)
[06:03] - CPU (-c) and Uniprocessor scale (-u) [Compound Case of the Outlook Hangs]
[11:06] - Count (-n)
[11:42] - Examples (-? -e)
[12:02] - Performance Counters (-p <counter> <value>) *
[13:20] - Hung window (-h)
[13:36] - Wait (-w <process>) and Execute (-x <folder> <process>)
[14:28] - Crashes (e.g. procdump -e -x c:\dumps notepad) ***
[16:45] - Memory Commit (-m <Mb>)
[18:25] - Timed (-n <count> -s <seconds>)
[21:30] - Process Name vs PID
[22:24] - Exceptions; C++ (msc) vs CLR vs OS
[23:35] - Crashes & Recovery - aka 2nd Chance Exceptions (-e)
[28:40] - 1st Chance Exceptions (-e 1)
[31:07] - Exception Filtering (-f <filter>)
[33:30] - Exception Names
[34:50] - System Error Codes and !error
[36:30] - Ignore transistion to .NET 4 managed debugging (-g)
[38:07] - Next time... Windows 8 Modern Applications and Process Monitor Logging

* The Performance Counter (-p) trigger does use the seconds (-s) parameter.
** ProcDump v5.1 (not yet released) adds procdump.exe -i <folder> support to set ProcDump as the postmortem debugger for both x64 and x86 applications (includes a JIT context).
*** If you are using ProcDump v5.0 as the postmortem debugger (doesn't include a JIT context), use these AeDebug settings:
Auto = "1"
Debugger = "C:\my\sysinternals\procdump.exe %ld -ma c:\dumps"



Download this episode

The Discussion

Add Your 2 Cents