Microsoft tool to check CPU spikes


Microsoft has a debugging tool called ProDump that allows among other things capture processes and generate a dump file

Once the dump file is created you need another tool to read; A common used tool to read the dump file is called: Windbg. The Windbg tool is part of the Debugging Tools for
Windows kit and can be downloaded from here.

A example of ProcDump command used to write dumps of a process that exceeds a certain CPU percentage is the following:

C:\>procdump -c 40 -s 5 -n 3 -o cpueater c:\mydumps\cpueater

In this example: ProcDump will write up to 3 dumps of a process named ‘cpueater’ when it exceeds 40% CPU usage for five seconds to the directory c:\mydumps\cpueater with the name cpueater.dmp:

See below the list of all ProcDump command switches:

==============================
Using ProcDump

usage: procdump [-64] [[-c CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1] [-b]] [-h] [-m commit usage] [-ma | -mp] [-o] [-p counter threshold] [-r] [-t] [-d ] [-w] < [dump file]] | [-x [arguments]>>
-64 By default ProcDump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump.
-b Treat debug breakpoints as exceptions (otherwise ignore them).
-c CPU threshold at which to create a dump of the process.
-e Write a dump when the process encounters an unhandled exception.
Include the 1 to create dump on first chance exceptions.
-h Write dump if process has a hung window (does not respond to
window messages for at least 5 seconds).
-m Memory commit threshold in MB at which to create a dump of the process.
-ma Write a dump file with all process memory. The default dump format includes thread and handle information.
-mp Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same-sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%.
-n Number of dumps to write before exiting.
-o Overwrite an existing dump file.
-p Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: “\Process(_)\counter”
-r Reflect (clone) the process for the dump to minimize the time the process is suspended (Windows 7 and higher only).
-s Consecutive seconds CPU threshold must be hit before dump is written (default is 10).
-t Write a dump when the process terminates.
-u Treat CPU usage relative to a single core.
-w Wait for the specfied process to launch if it’s not running.
-x Launch the specified image with optional arguments.

Use the -accepteula command line option to automatically accept the Sysinternals license agreement.

To just create a dump of a running process, omit the CPU threshold. If you omit the dump file name, it defaults to _.dmp.

Example: Write up to 3 dumps of a process named ‘consume’ when it exceeds 20% CPU usage for five seconds to the directory c:\dump\consume with the name consume.dmp:

C:\>procdump -c 20 -s 5 -n 3 -o consume c:\dump\consume

Example: Write a dump for a process named ‘hang.exe’ when one of its windows is unresponsive for more than 5 seconds:

C:\>procdump -h hang.exe hungwindow.dmp

Example: Write 3 dumps 5 seconds apart:

C:\>procdump -s 5 -n 3 notepad.exe notepad.dmp

Example: Launch a process and then monitor it for excessive CPU usage:

C:\>procdump -c 30 -s 10 -x consume.exe consume.dmp

Example: Write a dump of a process named ‘iexplore’ to a dump file that has the default name iexplore.dmp:

C:\>procdump iexplore

Example: Write a dump of a process named ‘outlook’ when total system CPU usage exceeds 20% for 10 seconds:

C:\>procdump outlook -p “\Processor(_Total)\% Processor Time” 20

Example: Write a dump of a process named ‘outlook’ when Outlook’s handle count exceeds 10000:

C:\>procdump outlook -p “\Process(Outlook)\Handle Count” 10000
=======================

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: