A memory dump is a snapshot of the contents of a computer's volatile memory (RAM) stored for analysis or debugging purposes. ProcDump is a command-line tool designed to monitor applications for CPU/Memory spikes and generate crash dumps when spikes occur. Administrators or developers can then use these dumps to pinpoint the cause of the spikes. This guide will walk you through collecting a memory dump using Procdump.exe for applications hosted on App Service (Windows).
- Access the Azure Portal and navigate to the desired App Service.
- Click on "Advanced Tools" and then "Go ->" to access the SCM/Kudu site.
- On the SCM site, go to Process Explorer to find the PID of the w3wp.exe process, which is the application worker process.
- Use the Debug console to open the CMD option.
- Navigate to the System Drive and access the sysinternals path:
- C:\devtools\sysinternals>
- Note: The drive letter may vary (e.g., D:\ or C:)
- Locate the procdump.exe file in the sysinternals directory, which will be used for running commands.
- To collect logs for the application worker process, use the PID obtained earlier.
- Use the following command to collect a full memory dump.
- Procdump.exe -accepteula -ma [PID] [Path]
- Path: Specifies the directory where the collected memory dump file will be stored.
 
- Example: procdump.exe -accepteula -ma 5100 C:\dumps\
- Initiate the dump collection and reproduce the issue the application is facing.
- After the memory dump collection is complete, access the specific path on the SCM site to download the collected memory dump.
You can consult the following article for further details on Procdump commands and various parameters to utilize depending on your specific needs and troubleshooting scenario.
https://learn.microsoft.com/en-us/sysinternals/downloads/procdump
It's advisable to gather multiple sets of memory dumps because analyzing several dumps can reveal patterns and facilitate the development of an action plan to resolve issues effectively.