使用ProcDump自动生成Dump文件
ProcDump工具来自Sysinternals Suite
最近用来自动产生Dump文件
一是用来监视服务器程序无响应
procdump -accepteula -64 -ma -h server.exe
二是用来监视客户端程序闪退(猜测是有未处理的异常)
procdump -accepteula -ma -e client.exe
注意:客户端程序是32位,服务器程序是64位的
下面的例子来自官方介绍:
为名为“notepad”的进程产生迷你Dump文件(只能有一个匹配的进程存在)
C:\>procdump notepad
为ID为4572的进程产生完整Dump文件
C:\>procdump -ma 4572
为名为“notepad”的进程产生3个迷你Dump文件(每个之间间隔5秒钟)
C:\>procdump -s 5 -n 3 notepad
当名为“consume”的进程超过20%CPU达到5秒时产生最多3个迷你Dump文件
C:\>procdump -c 20 -s 5 -n 3 consume
Write a mini dump for a process named 'hang.exe' when one of it's Windows is unresponsive for more than 5 seconds:
C:\>procdump -h hang.exe hungwindow.dmp
Write a mini dump of a process named 'outlook' when total system CPU usage exceeds 20% for 10 seconds:
C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20
Write a full dump of a process named 'outlook' when Outlook's handle count exceeds 10,000:
C:\>procdump -ma outlook -p "\Process(Outlook)\Handle Count" 10000
Write a MiniPlus dump of the Microsoft Exchange Information Store when it has an unhandled exception:
C:\>procdump -mp -e store.exe
Display without writing a dump, the exception codes/names of w3wp.exe:
C:\>procdump -e 1 -f "" w3wp.exe
Write a mini dump of w3wp.exe if an exception's code/name contains 'NotFound':
C:\>procdump -e 1 -f NotFound w3wp.exe
Launch a process and then monitor it for exceptions:
C:\>procdump -e 1 -f "" -x c:\dumps consume.exe
Register for launch, and attempt to activate, a modern 'application'. A new ProcDump instance will start when it activated to monitor for exceptions:
C:\>procdump -e 1 -f "" -x c:\dumpsMicrosoft.BingMaps_8wekyb3d8bbwe!AppexMaps
Register for launch of a modern 'package'. A new ProcDump instance will start when it is (manually) activated to monitor for exceptions:
C:\>procdump -e 1 -f "" -x c:\dumps Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe
Register as the Just-in-Time (AeDebug) debugger. Makes full dumps in c:\dumps.
C:\>procdump -ma -i c:\dumps
See a list of example command lines (the examples are listed above):
C:\>procdump -? -e