Daha önceki bir yazımda, hangi sorun türlerinde ne şekilde "dump" alınması gerektiğinden bahsetmiştim. O yazımda bahsetmediğim ancak zaman zaman rastladığımız bir senaryo da, kısa süreli CPU yükselmeleridir.
Yüksek CPU kullanımı sorunlarında, arka arkaya 2-3 defa "hang dump" alıp incelemek gerekecektir. Ancak, CPU kullanımı sadece bırkac saniye için yükselip sonra düşüyorsa - ve birkaç saniye sonra bunu tekrarlıyorsa - bu şekilde alacağımız dumplar her zaman yardımcı olmayabilir. İşte tam da bu soruna bir çözüm olarak Mark Russinovich bir araç geliştirmiş: ProcDump.
Bu araç ile, belirli bir "process", belirli bir süre, belirli bir limitin üstünde CPU tüketirse dump aldırabiliyoruz. Komut satırından çalısan bu aracın oldukça basit bir kullanımı var. Aşağıda da paylaştığım kendi "yardım"ında detaylı olarak kullanımdan behsediliyor ve oldukça güzel örnekler de verilmiş. ancak birkaç şeyin altını özellikle çizmek istiyorum:
Aşagıda procdump.exe'nin yardım bilgilerini bulabilirsiniz:
C:\>procdump.exe /? ProcDump v3.01 - Writes process dump filesCopyright (C) 2009-2010 Mark RussinovichSysinternals - www.sysinternals.com Monitors a process and writes a dump file when the process exceeds thespecified CPU usage. usage: procdump [-64] [[-c CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1]] [-h] [-m commit usage] [-ma | -mp] [-o] [-p counter threshold] [-r] [-t] < <process name or PID> [dump file]] | [-x <image file> <dump file> [arguments]> -64 By default Procdump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. -c CPU threshold at which to create a dump of the process. -e Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions. -h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds). -m Memory commit threshold in MB at which to create a dump of the process. -ma Write a dump file with all process memory. The default dump format includes thread and handle information. -mp Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%. -n Number of dumps to write before exiting. -o Overwrite an existing dump file. -p Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: "\Process(<name>_<pid>)\counter" -r Reflect (clone) the process for the dump to minimize the time the process is suspended (Windows 7 and higher only). -s Consecutive seconds CPU threshold must be hit before dump is written (default is 10). -t Write a dump when the process terminates. -u Treat CPU usage relative to a single core. -x Launch the specified image with optional arguments.Use the -accepteula command line option to automatically accept theSysinternals license agreement. To just create a dump of a running process, omit the CPU threshold. Ifyou omit the dump file name, it defaults to <processname>_<datetime>.dmp. Example: Write up to 3 dumps of a process named 'consume' when it exceeds 20% CPU usage for five seconds to the directory c:\dump\consume with the name consume.dmp: C:\>procdump -c 20 -s 5 -n 3 -o consume c:\dump\consumeExample: Write a dump for a process named 'hang.exe' when one of it's windows is unresponsive for more than 5 seconds: C:\>procdump -h hang.exe hungwindow.dmpExample: Write 3 dumps 5 seconds apart: C:\>procdump -s 5 -n 3 notepad.exe notepad.dmpExample: Launch a process and then monitor it for excessive CPU usage: C:\>procdump -c 30 -s 10 -x consume.exe consume.dmpExample: Write a dump of a process named 'iexplore' to a dump file that has the default name iexplore.dmp: C:\>procdump iexploreExample: Write a dump of a process named 'outlook' when total system CPU usage exceeds 20% for 10 seconds: C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20Example: Write a dump of a process named 'outlook' when Outlook's handle count exceeds 10000: C:\>procdump outlook -p "\Process(Outlook)\Handle Count" 10000
C:\>procdump.exe /?
ProcDump v3.01 - Writes process dump filesCopyright (C) 2009-2010 Mark RussinovichSysinternals - www.sysinternals.com
Monitors a process and writes a dump file when the process exceeds thespecified CPU usage.
usage: procdump [-64] [[-c CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1]] [-h] [-m commit usage] [-ma | -mp] [-o] [-p counter threshold] [-r] [-t] < <process name or PID> [dump file]] | [-x <image file> <dump file> [arguments]> -64 By default Procdump will capture a 32-bit dump of a 32-bit process when running on 64-bit Windows. This option overrides to create a 64-bit dump. -c CPU threshold at which to create a dump of the process. -e Write a dump when the process encounters an unhandled exception. Include the 1 to create dump on first chance exceptions. -h Write dump if process has a hung window (does not respond to window messages for at least 5 seconds). -m Memory commit threshold in MB at which to create a dump of the process. -ma Write a dump file with all process memory. The default dump format includes thread and handle information. -mp Write a dump file with thread and handle information, and all read/write process memory. To minimize dump size, memory areas larger than 512MB are searched for, and if found, the largest area is excluded. A memory area is the collection of same sized memory allocation areas. The removal of this (cache) memory reduces Exchange and SQL Server dumps by over 90%. -n Number of dumps to write before exiting. -o Overwrite an existing dump file. -p Trigger on the specified performance counter when the threshold is exceeded. Note: to specify a process counter when there are multiple instances of the process running, use the process ID with the following syntax: "\Process(<name>_<pid>)\counter" -r Reflect (clone) the process for the dump to minimize the time the process is suspended (Windows 7 and higher only). -s Consecutive seconds CPU threshold must be hit before dump is written (default is 10). -t Write a dump when the process terminates. -u Treat CPU usage relative to a single core. -x Launch the specified image with optional arguments.Use the -accepteula command line option to automatically accept theSysinternals license agreement.
To just create a dump of a running process, omit the CPU threshold. Ifyou omit the dump file name, it defaults to <processname>_<datetime>.dmp.
Example: Write up to 3 dumps of a process named 'consume' when it exceeds 20% CPU usage for five seconds to the directory c:\dump\consume with the name consume.dmp: C:\>procdump -c 20 -s 5 -n 3 -o consume c:\dump\consumeExample: Write a dump for a process named 'hang.exe' when one of it's windows is unresponsive for more than 5 seconds: C:\>procdump -h hang.exe hungwindow.dmpExample: Write 3 dumps 5 seconds apart: C:\>procdump -s 5 -n 3 notepad.exe notepad.dmpExample: Launch a process and then monitor it for excessive CPU usage: C:\>procdump -c 30 -s 10 -x consume.exe consume.dmpExample: Write a dump of a process named 'iexplore' to a dump file that has the default name iexplore.dmp: C:\>procdump iexploreExample: Write a dump of a process named 'outlook' when total system CPU usage exceeds 20% for 10 seconds: C:\>procdump outlook -p "\Processor(_Total)\% Processor Time" 20Example: Write a dump of a process named 'outlook' when Outlook's handle count exceeds 10000: C:\>procdump outlook -p "\Process(Outlook)\Handle Count" 10000
CENK