Procdump is a light weight Sysinternal's command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during such spikes which an administrator or developer can use to determine the cause or to share the dump with PSS for further analysis. It also can serve as a general process dump utility that you can embed in other scripts.
It completely eliminates the need to maintain different utilities like Debug Daig 1.1 for 32 bit processes and adplus for 64 bit processes on the same server.
Looking at task manager we can see w3wp.exe process is spiking CPU between 49%-60% intermittently and then immediately it goes down.
In order to troubleshoot we need to capture 2 sets of dump for w3wp.exe when process reaches 50% CPU and stays there for 3 consecutive seconds or so.This, using Debug Diag 1.1 or Adplus could be a tricky task as it would require great deal of accuracy to manually generate dumps when the actual CPU spike happens or we may end up taking dumps without capturing real activity responsible for the spike.
ProcDump.execomes in handy in such situation to speed up the course of action and help in getting the right set of data. It would monitor the target process for CPU spike within specified time limit and take snapshot at that point.
procdump -ma -c 50 -s 3 -n 2 5844(Process Name or PID)
-ma Write a dump file with all process memory. The default dump format includes thread and handle information.
-c CPU threshold at which to create a dump of the process.
-s Consecutive seconds CPU threshold must be hit before dump written (default is 10).
-n Number of dumps to write before exiting.
The above command would monitor the w3wp.exe till CPU spikes 50% for 3 seconds and it would take full dump at least for two iterations.
ProcDump v1.1 - Writes process dump files Copyright (C) 2009 Mark Russinovich Sysinternals - www.sysinternals.com
Process: w3wp.exe (5844) CPU threshold: 50% of system Duration threshold: 3s Number of dumps: 2 Hung window check: Disabled Exception monitor: Disabled Dump file: C:\Users\jaskis\Downloads\procdump\w3wp.dmp
Time CPU Duration [23:48.35] 59% 1s [23:48.36] CPU usage below threshold. [23:48.37] 54% 1s [23:48.38] 55% 2s [23:48.39] 61% 3s Process has hit spike threshold. Writing dump file C:\Users\jaskis\Downloads\procdump\w3wp_080309_114839PM.dmp... Dump written.
[23:48.44] 61% 1s [23:48.45] 59% 2s [23:48.46] 57% 3s Process has hit spike threshold. Writing dump file C:\Users\jaskis\Downloads\procdump\w3wp_080309_114846PM.dmp... Dump written.
Few of other interesting switches
-64 By default Procdump will capture a 32-bit dump of a 32-bit when running on 64-bit Windows. This option overrides to 64-bit dump.
-o Overwrite an existing dump file.
Another area worth investing time would be to write a batch file and run it as window service to take dump on CPU spike even when the user logoff from the server.