A major release of ProcDump has been postedon the Sysinternals.com site (http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx).It is also available on the internal share (//redmond/files/SYSINTERNALS/LBI/Latest).The ProcDump v3.02 release (dated 31st Jan. 2011) contains these major changes (all are important to Exchange dump capture):"procdump -mp" now includes full address space information (i.e. !address -summary now works)"procdump -mp" now makes a more complete dump when run against a managed process"procdump -p" supports more performance counter types (in particular, all performance counter types used by Exchange are now supported)"procdump -e" now includes an exception context record (i.e. .ecxr now works)"procdump -e" now ignores breakpoints. To dump on a breakpoint, also include the new "-b" switchExample Usages for Information Store based dump collectionTake a single ‘MiniPlus’ dump:md c:/dumpsprocdump.exe -mp-accepteula store.exe c:/dumpsTake a single ‘MiniPlus’ dump when the process has a 2nd chance exception (it crashes):md c:/dumpsprocdump.exe -mp–e-accepteula store.exe c:/dumpsTake three ‘MiniPlus’ dumps 15 seconds apart (this replaces: ADPlus -hang -pn store.exe -r 3 120 ):md c:/dumpsprocdump.exe -mp–n 3 –s 15 -accepteula store.exe c:/dumpsTake up to three ‘MiniPlus’ dumps when the CPU is over 250% of the server’s capacity (-u) for 15 seconds (refer to this Mark Russinovich post for a ‘Case of…’ explaining ‘-u’):md c:/dumpsprocdump.exe -mp–n 3 –s 15 –u –c 250 -accepteula store.exe c:/dumpsTake up to three ‘MiniPlus’ dumps when ‘RPC Averaged Latency’ is over 250msec for 15 seconds (this replaces Performance Alerts scripts):md c:/dumpsprocdump.exe -mp–n 3 –s 15 –p "/MSExchangeIS/RPC Averaged Latency" 250 -accepteula store.exe c:/dumpsIncorrect UsagePlease be aware that these switches should not be used when capturing dumps of most processes:·The -t switch doesn't capture a crash; it captures the final termination of the process.oThis is after the crash, at the point that the process is about to end.oThis type of dump is usually useless.·The -64 switch is not required on an x64 OS. oThis switch is for WOW64 analysis. (No harm done if used.)
