dump抓取方法

1.hang dump

(1)任务管理--选中待跟踪进程--右键--创建转储文件

(2)process-explorer抓取

下载地址: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

使用方式:运行procexp.exe--找到待分析进程--右键--creat dump--create full dump

2.crash dump

(1)procdump抓取

工具下载地址:https://docs.microsoft.com/zh-cn/sysinternals/downloads/procdump

使用方法:

将下载的工具包解压,然后打开控制台命令行窗口,并跳转到procdump.exe所在路径下。输入procdump回车即可查看帮助,想看更详细示例可以用procdump -? -e

D:\Tools\Performance\DotNet Tool\Procdump>procdump -? -e

ProcDump v8.0 - Writes process dump files
Copyright (C) 2009-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards

Monitors a process and writes a dump file when the process exceeds the
specified criteria or has an exception.

Capture Usage:
   procdump.exe [-ma | -mp | -d Callback_DLL] [-64]
                [-n Count]
                [-s Seconds]
                [-c|-cl CPU_Usage [-u]]
                [-m|-ml Commit_Usage]
                [-p|-pl Counter_Threshold]
                [-h]
                [-e [1 [-g] [-b]]]
                [-l]
                [-t]
                [-f Filter, ...]
                [-o]
                [-r [1..5] [-a]]
                {
                 {{[-w] Process_Name | Service_Name | PID} [Dump_File | Dump_Folder] }
                |
                 {-x Dump_Folder Image_File [Argument, ...]}
                }
Install Usage:
   procdump.exe -i [Dump_Folder]
                [-ma | -mp | -d Callback_DLL]
Uninstall Usage:
   procdump.exe -u

Examples:

-------------------------------------------------------------------------------
- Write a mini dump of a process named 'notepad' (only one match can exist):
    C:\>procdump notepad

-------------------------------------------------------------------------------
- Write a full dump of a process with PID '4572':
    C:\>procdump -ma 4572

-------------------------------------------------------------------------------
- Write 3 mini dumps 5 seconds apart of a process named 'notepad':
    C:\>procdump -n 3 -s 5 notepad

-------------------------------------------------------------------------------
- Write up to 3 mini dumps of a process named 'consume' when it exceeds
         20% CPU usage for five seconds:
    C:\>procdump -n 3 -s 5 -c 20 consume

-------------------------------------------------------------------------------
- Write a mini dump for a process named 'hang.exe' when one of its
         windows is unresponsive for more than 5 seconds:
    C:\>procdump -h hang.exe

-------------------------------------------------------------------------------
- Write a mini dump of a process named 'outlook' when total system CPU
         usage exceeds 20% for 10 seconds:
    C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20

- Write a full dump of a process named 'outlook' when Outlook's handle count
         exceeds 10,000:
    C:\>procdump -ma outlook -p "\Process(Outlook)\Handle Count" 10000

-------------------------------------------------------------------------------
- Writes a full dump for a 2nd chance exception:
    C:\>procdump -ma -e w3wp.exe

- Writes a full dump for a 1st or 2nd chance exception:
    C:\>procdump -ma -e 1 w3wp.exe

- Writes a full dump for a debug string message:
    C:\>procdump -ma -l w3wp.exe

- Write up to 10 full dumps of each 1st or 2nd chance exception of w3wp.exe:
    C:\>procdump -ma -n 10 -e 1 w3wp.exe

- Write up to 10 full dumps if an exception's code/name/msg contains 'NotFound':
    C:\>procdump -ma -n 10 -e 1 -f NotFound w3wp.exe

- Write up to 10 a full dump if a debug string message contains 'NotFound':
    C:\>procdump -ma -n 10 -l -f NotFound w3wp.exe

-------------------------------------------------------------------------------
- Wait for a process called 'notepad' (and monitor it for exceptions):
    C:\>procdump -e -w notepad

- Launch a process called 'notepad' (and monitor it for exceptions):
    C:\>procdump -e -x c:\dumps notepad

- Register for launch, and attempt to activate, a store 'application'.
         A new ProcDump instance will start when it is activated:
    C:\>procdump -e -x c:\dumps Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps

- Register for launch of a store 'package'.
         A new ProcDump instance will start when it is (manually) activated:
    C:\>procdump -e -x c:\dumps Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe

-------------------------------------------------------------------------------
- Windows 7/8.0; Use Reflection to reduce outage for 5 consecutive triggers:
    C:\>procdump -r -ma -n 5 -s 15 wmplayer.exe

- Windows 8.1+; Use PSS to reduce outage for 5 concurrent triggers:
    C:\>procdump -r 5 -ma -n 5 -s 15 wmplayer.exe

-------------------------------------------------------------------------------
- Install ProcDump as the (AeDebug) postmortem debugger:
    C:\>procdump -ma -i c:\dumps
    ..or..
    C:\Dumps>procdump -ma -i

- Uninstall ProcDump as the (AeDebug) postmortem debugger:
    C:\>procdump -u

-------------------------------------------------------------------------------


D:\Tools\Performance\DotNet Tool\Procdump>

(2)WER抓取

WER配置方法:
• 打开注册表编辑器(use Win+R shortcut key to launch the Run window).
• 定位到注册表:“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps”, 如果不存在,则创建该键;
• 在该键值下使用程序名创建子健“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps”, 键值名为您应用程序的名称,如您的环境中为“w3wp.exe”
• 在 “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\w3wp.exe”, 子健下创建三个项,如下表:

Value Name

Type

value

DumpFolder

REG_EXPAND_SZ

c:\dumps

DumpCount

REG_DWORD

5

DumpType

REG_DWORD

2

Note:
DumpFolder 根据实际情况,选择合适的路径即可.
配置后如下截图,注意其中的程序名称需要更改为待跟踪进程名称

 

posted on 2020-08-18 13:44  王.小辉  阅读(1226)  评论(0编辑  收藏  举报

导航