Running ProcDump commands - Security Center 5.7 - 5.12

Working with logs and traces for Security Center
Applies to
Security Center 5.7 - 5.12
Last updated
2023-08-25
Content type
Troubleshooting
Language
English
ContentOps
ContentSoltution
Product
Security Center
Version
5.12
5.11
5.10
5.9
5.8
5.7

ProcDump is a command-line utility used to capture unhandled exceptions and unexpected crashes or failures. Based on the conditions you specify, ProcDump generates a dump file for a process, which our Technical Support team can use to identify the cause of an issue on your system.

Procedure

  1. Download ProcDump.
  2. Extract the ProcDump.exe file and save it to your computer.
    NOTE: If the folder exists on your system, it is a best practice to save the file to C:\Program Files (x86)\Windows Debugging Tools.
  3. Ensure that the process you want to dump is running.
  4. If the process is running multiple times, do the following:
    1. Open Windows Task Manager click More details, and select the Details tab.
    2. Note the process ID (PID) of each repeated instance of the process.
      A screenshot of the Details tab of Windows Task Manager.
  5. Run Command Prompt as an administrator and use the cd command to navigate to where you saved ProcDumpe.exe.
  6. Generate a dump by modifying the following command line as needed: 
    ProcDump.exe -ma [Process Name] [Destination Folder]
    NOTE: To make sure you get a full memory dump, always include -ma in your ProcDump command.
    • To generate a dump immediately, enter the command as is. For example: 
      ProcDump.exe -ma GenetecDirectory.exe C:\Dumps
    • To generate a dump for multiple instances of a process, replace [ProcessName] with one of the PIDs you noted, and repeat for each instance. For example:
      ProcDump.exe -ma 9192 C:\Dumps
    • To generate a dump for a process that has a hung (unresponsive) window, add -h to your command line. For example:
      ProcDump.exe -ma -h GenetecDirectory.exe C:\Dumps
    • To queue a dump to be generated when the process crashes or fails, add -e to your command line. For example:
      ProcDump.exe -ma -e GenetecDirectory.exe C:\Dumps
    IMPORTANT: While the process is still running, do not close Command Prompt. Only close Command Prompt once the dump has been generated.
  7. When the dump is finished, retrieve copies of the following 32-bit files from C:\Windows\Microsoft.NET\Framework\v4.0.XXX on the target machine:
    • sos.dll
    • clr.dll
    • mscordackws.dll
    • Mscordbi.dll
  8. Retrieve the 64-bit versions of the same files from step 8 from C:\Windows\Microsoft.NET\Framework64\v4.0.XXX.
  9. Collect the dump files, the 32-bit .dll files, and the 64-bit .dll files, and send them to Technical Support.