ProcDump (procdump.exe), a Windows Sysinternals tool. It allows you to create dumps of the processes in any scenario that may arise while troubleshooting issues
When Procdump captures the dump file, it does not kill the running process.
To create a dump with ProcDump, do the following:
- Download from Windows Sysinternals site;
- Create a folder where dumps will be stored (e.g. C:\Dumps\);
- Unzip the archive and put the in to the created directory;
- Open Windows command-line: Hit and type in ;
- In CMD, switch to the newly created folder using the command:
Depending on the nature of the issue (immediate process crash, hanging process, lock-up etc.) choose what options are to be used with ProcDump. See the most common examples below:
Situations when processes are (e.g. right upon starting, or they crash randomly) can be universally handled by the following command:
E.g. if you have service_process.exe crashing, the command will look like:
=> this will execute ProcDump to monitor for the process to start (if it's not running yet) and create a full process memory dump as soon as it encounters unhandled exception and crashes.
If you need to (e.g. if there is a suspicion the process hangs or it is necessary to understand why the service uses a lot of resources, etc.), then the command is even simpler:
or using PID (useful if multiple processes with the same name are running):
(where process_PID is the process identifier)
(if 3255 is the process identifier)
Once the necessary dumps are created, you can locate them in the same folder where ProcDump resides (e.g. ).
Also check the Process Explorer tool which can be useful for dumps creation:
This tool detects which dump (32/64 Bit) should be created automatically.