Windows get process dump

Статья обновлена: 29 июня 2022
ID: 12401

В некоторых случаях для анализа и устранения неполадок в работе программы «Лаборатории Касперского» специалист технической поддержки может запросить дамп определенного процесса.

Чтобы получить дамп процесса:

  1. Нажмите Ctrl+Alt+Delete на клавиатуре.
  2. Выберите Диспетчер задач
  3. Если у вас:
    • Windows 7, перейдите на вкладку Процессы.
    • Windows 11, вкладка Процессы будет открыта автоматически, перейдите к следующему шагу.

    • Windows 8, 8.1, 10 или серверная система нажмите Подробнее.

  4. Нажмите правой кнопкой на процесс, дамп которого необходимо получить, и в контекстном меню выберите Создать файл дампа.

Создание дампа процесса в Windows 10

Картинка с сайта: support.kaspersky.ru

  1. Дождитесь сообщения об успешном создании файла.
  2. Скопируйте путь к файлу дампа.
  1. Нажмите OK.
  2. Нажмите +E на клавиатуре.
  3. Вставьте скопированный адрес папки в адресную строку.
  4. Нажмите Enter на клавиатуре. 

Папка с созданным файлом дампа будет открыта.

Спасибо за ваш отзыв, вы помогаете нам становиться лучше!

Спасибо за ваш отзыв, вы помогаете нам становиться лучше!

Источник

Latest update: July 11, 2022
ID: 12401

In some cases, Kaspersky support engineers may request a dump file of a certain process to fix the issue.

To get the process dump file:

  1. Press Ctrl+Alt+Delete on the keyboard.
  2. Select Task Manager
  3. If you are using:
    • Windows 7, go to the Processes tab.
    • Windows 11, the Processes tab will be opened by default. Proceed to the next step.

    • Windows 8, 8.1, 10 or Windows Server 2008, click More details.

  4. Right-click the process for which you need to create a dump file. Select Create Dump File.

Getting a process dump in Microsoft Windows 10

Картинка с сайта: support.kaspersky.com

  1. Wait until you get the notification on successful creation of the file.
  2. Copy the path to the dump file.
  1. Click OK.
  2. Press +E combination on your keyboard.
  3. Paste the copied path to the folder to the address line.
  4. Press Enter on the keyboard. 

The folder with the dump file will open.

Did you find this article helpful?

Thank you for your feedback! You’re helping us improve.

Thank you for your feedback! You’re helping us improve.

Источник

Windows 10 create crash dump with ProcDump

Картинка с сайта: www.windowscentral.com

Windows 10 create crash dump with ProcDump
(Image credit: Windows Central)

On Windows 10, ProcDump is a command-line tool specifically designed to create crash dump files manually. A «dump» is a special file that contains (all or parts) of the data loaded in memory at the time dump was triggered. Usually, you would use this file for analysis to determine the root of a problem with an app or the OS.

Although Windows 10 can create crash dumps files automatically when it encounters an error that it cannot handle, sometimes you may still need to generate these files manually. For example, if you are a developer and you are testing a new application. Or when an app is not responding or constantly crashing, and you need to send the details to the software vendor support to investigate the issue.

Whatever the reason might be, the Microsoft ProcDump tool is a nifty tool you can use in Command Prompt to create a crash dump file in many different ways, including generating a minidump file using the app or process name or process ID. You can also use the tool to create multiple dumps at different intervals automatically. Or you can specify other criteria, such as when the process reaches a specific processor usage, the app is unresponsive, and more.

In this Windows 10 guide, we will walk you through the steps to use the Microsoft ProcDump tool to generate dump files manually on your device.

  • How to install ProcDump on Windows 10
  • How to use ProcDump on Windows 10  

How to install ProcDump on Windows 10

To install the ProcDump command-line tool on Windows 10, use these steps:

  1. Open ProcDump official page.
  2. Click the Download ProcDump link.

Download ProcDump

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)
  1. Save the file on the device.
  2. Open the zip folder.
  3. Click the Extract all option from the «Compressed Folder Tools» tab.

ProcDump extract folder

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)
  1. Confirm a path to extract the files.

ProcDump destination extraction

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)
  1. Check the Show extracted files when complete option.
  2. Click the Extract button.

Once you complete the steps, you can use ProcDump with Command Prompt to create dumps files on Windows 10.

How to use ProcDump on Windows 10

The ProcDump tool includes many options to record and create dump files. In the steps below, we will show you a bunch of examples to create a dump file for a specific application and different scenarios, including when a process is unresponsive, crashes, uses a significant amount of processor resources, and more.

All the latest news, reviews, and guides for Windows and Xbox diehards.

To get started with the ProcDump tool, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to navigate to the folder containing the ProcDump tool and press Enter:cd C:\PATH\TO\PROCDUMPIn the command, make sure to update the path with the folder’s location with the ProcDump tool.For example, this command opens the tool location inside the «Downloads» folder:cd C:\Users\username\Documents\Procdump
  4. Type the following command to create a minidump file of a running app and press Enter:procdump APP-NAMEIn the command, replace APP-NAME for the executable name of the app.This example creates a dump file for the File Explorer app:procdump explorer

ProcDump app name command

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)
  1. Type the following command to create a dump file using the process ID of the app and press Enter:procdump PROCESS-IDIn the command, replace PROCESS-ID with the actual ID of the process or application.This example creates a dump file for File Explorer with the process ID of 6468:procdump 6468Quick tip: You can always confirm the process ID (PID) of an app in the Details tab of Task Manager or using the tasklist command.

ProcDump process ID

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)
  1. Type the following command to create a full dump file for an application and press Enter:procdump -ma APP-OR-PIDIn the command, replace APP-OR-PID for the name or process ID of the app.This example creates a full dump file for File Explorer:procdump -ma explorerQuick note: A full dump file contains everything available in memory related to the application. In contrast, a minidump file is only several megabytes in size, and it includes basic information about the application.

ProcDump full dump command

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)
  1. Confirm the location of the .dmp file.

After you complete the steps, the dump file will be generated in the ProcDump folder.

Create multiple minidumps manually

To use ProcDump to create multiple minidump files on Windows 10, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to navigate to the folder containing the ProcDump tool and press Enter:cd C:\Users\username\Documents\Procdump
  4. Type the following command to write five minidumps 15 seconds apart from one another and press Enter:procdump -s 15 -n 5 PROCESS-NAMEIn the command, replace the PROCESS-NAME for the name of the process you want to write a dump. Also, remember to update the 15 for the number of seconds to wait before generating a new file and 5 for the number of dump files you want to create.This example writes five dump files for the Windows Explorer process:procdump -s 15 -n 5 explorer

ProcDump create multiple dump files

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)

Once you complete the steps, the tool will create (in this case) five dump files 15 seconds apart from one another.

Create minidumps based on processor usage

To write a dump file after the app system usage reaches a specific threshold, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to navigate to the folder containing the ProcDump tool and press Enter:cd C:\Users\username\Documents\Procdump
  4. Type the following command to write a minidump file when the process exceeds the 20% processor usage for 15 seconds and press Enter:procdump -c 20 -s 15 PROCESS-NAMEIn the command, replace the PROCESS-NAME for the name of the process you want to write a dump. Also, remember to replace 20 and 15 for processor usage and a wait time in seconds.This example writes a dump file of the explorer.exe process that uses over 20% of processor resources for 15 seconds:procdump -c 20 -s 15 explorer

ProcDump dump file based on CPU usage

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)
  1. (Optional) Type the following command to write an error dump file when a specific app pushes processor usage above 20% for 10 seconds and press Enter:procdump PROCESS-NAME -p "\Processor(_Total)\% Processor Time" 20This example writes a dump file of the explorer.exe process that uses over 20% of processor resources for 10 seconds:procdump explorer -p "\Processor(_Total)\% Processor Time" 20

After you complete the steps, the command will monitor the application, and when it exceeds the processor usage for the time you specified, then a dump file will be generated.

Create minidumps for unresponsive process

To create a minidump as soon as a process is unresponsive, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to navigate to the folder containing the ProcDump tool and press Enter:cd C:\Users\username\Documents\Procdump
  4. Type the following command to write a minidump file when a process becomes unresponsive for more than five seconds and press Enter:procdump -h PROCESS-NAME DUMP-NAME.dmpIn the command, replace the PROCESS-NAME for the name of the process you want to monitor and DUMP-NAME for the file’s name.This example writes a dump when the Windows Explorer process becomes unresponsive for five seconds:procdump -h explorer explorer-unresponsive-data.dmp

ProcDump dump file from unresponsive app

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)

Once you complete the steps, a dump file will be written to the ProcDump folder when the application becomes unresponsive.

Create minidump during launch of a process

To launch an app, keep monitoring it, and write a dump file when an exception occurs, use these steps:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to navigate to the folder containing the ProcDump tool and press Enter:cd C:\Users\username\Documents\Procdump
  4. Type the following command to start an app and create a dump file when it crashes, and press Enter:procdump -e 1 -f "" -x C:\PATH\TO\STORE\DUMP "C:\PATH\TO\APP.EXE"In the command, replace C:\PATH\TO\STORE\DUMP for the folder location to store the dump. Also, change C:\PATH\TO\APP.EXE for the path of the app you want to monitor and create a dump.This example creates a dump file of Google Chrome when it crashes and stores the «dump» file inside the dumps folder:procdump -e 1 -f "" -x C:\dumps "C:\Program Files\Google\Chrome\Application\chrome.exe

ProcDump launch app, monitor, create dump

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)

After you complete the steps, the tool will launch and monitor the app, and when it crashes, it will create a dump file in the folder location you specified.

Activate Postmortem Debugger to create full dump automatically

You can also register the tool as a Postmortem Debugger to allow ProcDump to monitor and automatically write a full dump when one or more processes crash. Here’s how:

  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to navigate to the folder containing the ProcDump tool and press Enter:cd C:\Users\username\Documents\Procdump
  4. Type the following command to monitor and create a full dump file when one or more processes crash and press Enter:procdump -ma -i C:\PATH\TO\STORE\DUMPIn the command, replace C:\PATH\TO\STORE\DUMP for the location to store the dump file.This examples stores the full dump file in the «dumps» folder:procdump -ma -i C:\dumps

ProcDump Postmortem Debugger Mode

Картинка с сайта: www.windowscentral.com

Source: Windows Central (Image credit: Source: Windows Central)

Once you complete the steps, the ProcDump tool will monitor the system, and it will create dump files whenever an application crashes.

We are focusing only on some basic examples. You can always run the

procdump -e

command to review all the available options.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

  • Windows 10 on Windows Central — All you need to know
  • Windows 10 help, tips, and tricks
  • Windows 10 forums on Windows Central

Mauro Huculak has been a Windows How-To Expert contributor for WindowsCentral.com for nearly a decade and has over 15 years of experience writing comprehensive guides. He also has an IT background and has achieved different professional certifications from Microsoft, Cisco, VMware, and CompTIA. He has been recognized as a Microsoft MVP for many years.

Источник

A dump is a snapshot of an application at the point in time the dump is taken. It shows what was being executed, which modules are loaded, and if saved with a heap, contains a snapshot of what was in the application’s memory at that point in time.
Beginning in Windows Vista, the Windows Task Manager has included support for creating dump files. This can be very useful and is slightly quicker and less complicated than creating a dump using ProcDump or Visual Studio.

Standart Task Manager

  1. Open Task Manager.
  2. If you are using:
    • Windows 7, go to the Processes tab.
    • Windows 11, the Processes tab will be opened by default. Proceed to the next step.
    • Windows 8, 8.1, 10 or Windows Server 2008, click More details.
  3. Right-click the process for which you need to create a dump file. Select Create memory dump file.
  4. Getting a process dump in Microsoft Windows.
  5. Wait until you get the notification on successful creation of the file.
The processes tab of the Task Manager in Windows 11

Картинка с сайта: krasoff.com

Process Explorer

  1. Download Process Explorer from Windows Sysinternals site.
  2. Unzip the archive and start Process Explorer. If you are going to dump a process running under another user (e.g. NT AUTHORITY\SYSTEM), you must run the program as an administrator.
  3. Right-click the process for which you need to create a dump file. Select Create DumpCreate Full Dump.
  4. Select a folred to keep the dump file.
  5. Wait until you get the notification on successful creation of the file.

Картинка с сайта: krasoff.com

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

ProcDump (via CLI)

ProcDump, a Windows Sysinternals tool. It allows you to create dumps of the processes in any scenario that may arise while troubleshooting issues with windows apps.

  1. Download ProcDump from Windows Sysinternals site.
  2. Create a folder where dumps will be stored (e.g. c:\dmp\).
  3. Unzip the archive and put files in to the created directory.
  4. Run a console, for example cmd. I recommend running it with administrative privileges. And go to the folder
  5. Depending on the issue (immediate process crash, hanging process, lock-up etc.)
    • Situations when processes are crashing (e.g. right upon starting, or they crash randomly) can be universally handled by the following command: 
      procdump64 -e -ma -w <process_name>

      this will execute ProcDump to monitor for the process to start (if it’s not running yet) and create a full process memory dump as soon as it encounters an unhandled exception and crashes.

    • If you need to create a dump file of the running process in its current state, use the following command: 
      procdump64 -ma -s 5 -n 3  <process_name>

      (this command will write 3 mini dumps 5 seconds apart)
      or using PID (useful if multiple processes with the same name are running):

      procdump -ma <PID>

https://learn.microsoft.com/en-us/sysinternals/downloads/procdump

Источник

Introduction

In this article, we are going to understand and learn, How we can take a process dump of a Specific Windows Process which we can later use either for Debugging or send to Microsoft for a Review.

ProcDump is a command-line and UI utility from Microsoft, part of the Sysinternals suite, designed to monitor applications for CPU spikes and generate crash dumps during these spikes. This tool is invaluable for diagnosing and troubleshooting application issues, particularly those related to performance and crashes.

Process Dump is generally taken at times when you are troubleshooting a specific application that is in a hung state and not responding. To understand the reason for the Application not responding, developers can take a dump of the process and understand where a thread is possibly stuck.

Types of Dump:

Two types of Process Dumps can be generated for a specific Process.

Mini Process Dump

  • This is the dump which generally is a small size capture of the Process.
  • They only contain basic process and stack details which can generally be useful in finding some of the already known issues.
  • Windows Error Reporting (WER) sometimes also captures these dumps in terms of any failure. 

Full Process Dump:

Collecting a “Full” process dump of the crash will provide a dump containing all process code and memory, rather than only small critical sections of process structures and memory immediately adjacent to the site of the crash. 

Ways to Capture Process Dump:

ProcDump:

Link to Download: https://docs.microsoft.com/en-us/sysinternals/downloads/procdump

  • Procdump is a command-line utility that can be used in many useful scenarios while working with Application issues.
  • ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike
  • ProcDump also includes hung window monitoring, and unhandled exception monitoring and can generate dumps based on the values of system performance counters.

Write a mini dump of a process named ‘notepad’ (only one match can exist):

C:\>procdump notepad

Write a full dump of a process with PID ‘4572’:

C:\>procdump -ma 4572

Write up to 3 minidumps of a process named ‘consume’ when it exceeds 20% CPU usage for five seconds:

C:\>procdump -c 20 -s 5 -n 3 consume

Write a mini dump for a process named ‘hang.exe’ when one of its Windows is unresponsive for more than 5 seconds:

C:\>procdump -h hang.exe hungwindow.dmp

Write a full dump of a process named ‘Outlook’ when Outlook’s handle count exceeds 10,000:

C:\>procdump -ma outlook -p "\Process(Outlook)\Handle Count" 10000

Write a MiniPlus dump of the Microsoft Exchange Information Store when it has an unhandled exception:

Process Explorer 

Link to Download: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Let’s now talk about the GUI way of doing things. Process Explorer is a useful tool that can be used to review the various processes running over a windows operating System.

Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

Understanding and Taking a Process Dump

Картинка с сайта: knowitlikepro.com

The Steps to Take Process Dump:

Right, Click on the Process which you want to take a dump of -> Select Create Dump -> Select Mini or Full Dump Based on your requirement.

Understanding and Taking a Process Dump

Картинка с сайта: knowitlikepro.com

Using Good Old Task Manager:

Once we are aware of all the other ways of taking a Process Dump we will now learn about taking a Process dump using our Task Manager. 

The Steps to Take Process Dump:

Open Task Manager: Right-click on a Process -> Create Dump File.

Understanding and Taking a Process Dump

Картинка с сайта: knowitlikepro.com

Once Clicking the Option you will see the message box asking you to wait.

Post that you can see the location under the local Temp where the Dump is being Saved.

Automatic Dump Capture:

  • In case if a Process crashes the Windows Error Reporting should automatically generate a Mini Dump of the Process which has terminated under C:\ProgramData\Microsoft\Windows\WER\” subdirectories
  • Collecting and submitting these existing mini-dumps for analysis can sometimes provide useful clues or confirmation of a previously resolved issue. 
  • To have WER write a full process dump during future crashes, the following registry key and value must be created:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpType"=dword:00000002

Note the “LocalDumps” subkey typically does not exist by default and must be created in addition to the actual “DumpType” DWORD value within that subkey.

This will cause future crashes captured by WER to have full process dumps written instead of just mini-dumps.

Источник

Понравилась статья? Поделить с друзьями:
0 0 голоса
Рейтинг статьи
Подписаться
Уведомить о
guest

0 комментариев
Старые
Новые Популярные
Межтекстовые Отзывы
Посмотреть все комментарии
  • Как выключить анимации в windows 11
  • Windows black and white wallpaper
  • Lenovo g570 драйвера на wifi windows 10
  • Как включить режим разработчика в windows 10 pro
  • Windows 7 x32 образ диска