ProcDump is becoming my favourite tool to generate Process dumps

Depending upon the type of problem and client data centre environment, I have used Task Manager, ADPlus and DebugDiag for generating process dumps. However, lately I have start using ProcDump more and more. Main reasons: Ease of install, no complex dependencies and most critical flexibility to configure it for quite complex scenario. More recently, I had to debug a scenario where application causes a sustained high-cpu peak. This will happen only couple of times in a week. Remember this is a 24×7 application, so if you miss opportunity when cpu usage is peaking then you will have to wait until next time which is completlely unpredictable. Thanks to ProcDump, I was able to capture the dump. Finding root cause of the problem was another story, that I will blog about some other time.

Until next, happy debugging.

 

Advertisements
This entry was posted in Debugging. Bookmark the permalink.

4 Responses to ProcDump is becoming my favourite tool to generate Process dumps

  1. saragani says:

    I also like ProcDump and I want to use it for exceptions.
    However, I want it to create a mini dump which should be small (Like 1 MB), but ProcDump creates (at least for my application) a dump with a size of 25MB.

    If I use MiniDumpWriteDump, then I can chose what to dump (so I can get a small dump), but MiniDumpWriteDump does not always work (It requires a pointer to the exceptions using GetExceptionPointers, which returns IntPtr.Zero when the process is a 32 bit on a 64 Bit OS).

    Do you know of any way to reduce the size of the dump which is created by ProcDump?

    Do you know of any other programs like ProcDump that can take a crash dump silently, without the need to install anything and that can create small dumps?

    Thanks

  2. Kamran says:

    Thanks Saragani for your comments. Have you tried using mp switch in ProcDump? As an alternate you can try ADPlus.

  3. saragani says:

    Well, I did, and -mp creates a 400MB file (and -ma creates a 740MB file… it it a huge WPF application with a lot of dlls. This is why it is so big).

    I did try some other solutions for creating crash dumps like cdb (which for some reason fails when I try yo create minudumps, but works fine with /ma), and ntsd (which has the same switches and also fails with the same error).

    I think that ADPlus uses CDB since the newest version is written in managed code, and in reflector I saw something about CreateCDBScript

    Anyway, When using /m switch with cdb with the following command:
    cdb -pv -p 3980 -c “.dump /ma /o c:\dumps\crash.dmp;q”

    I get:
    WriteMemoryFromProcess.Read(0xe2e000, 0x2000) failed, 0x8007012b
    Dump creation failed, Win32 error 0n299
    “Only part of a ReadProcessMemory or WriteProcessMemory request was completed.”

    The same thing happens when I use for example /mFhutwd

  4. saragani says:

    I’ve checked it a little further. I’ve took an example of a .Net 4 process on my Windows 7 64.
    When the process is compiled as “Any CPU”, GetExceptionPointers returns what it should and cdb is able to dump the process with /m switch

    After compiling it as x86, GetExceptionPointers returns IntPtr.Zero and cdb fails with the error: “Only part of a ReadProcessMemory or WriteProcessMemory request was completed.”

    The error “Dump creation failed, Win32 error 0n299” is explained here:
    http://winprogger.com/getmodulefilenameex-enumprocessmodulesex-failures-in-wow64/

    I’m guessing I will have to stick with procdump then.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s