Using ProcDump itself to debug programs

ProcDump is an excellent tool for capturing memory dumps.

It actually attaches to processes as a debugger and it can also be used to debug certain problems without using other tools.

 

This can be useful when debugging problems on systems that are currently in use.

(Maybe policies prevent installing and attaching a traditional debugger or live debugging will simply cause too much disruption)

 

ProcDump can be used to output exceptions and debug messages from a process with:

procdump.exe -f "" -l -e 1 Process_name_or_id

The options used are:

-f “” Exception filter with empty filter makes ProcDump output exception messages without creating memory dumps.
-l Shows debug messages from process.
-e 1 Monitors both handled and unhandled exceptions.

 

Of course ProcDump can be used normally to generate memory dumps, which can be examined on another system with a debugger.

Be aware that processes are paused when ProcDump takes a memory dump and also be aware of the disk usage, especially when taking full memory dumps.

 

Recently using this technique helped me debug a problem on a fresh installation of SQL Server Reporting Services 2012.

All reports were returning blank results and no error messages were shown or logged.

 

I started monitoring the ReportingServicesService.exe process with:

procdump.exe -f "" -l -e 1 ReportingServicesService.exe

 

After refreshing the report the output from ProcDump was:

ProcDump v8.0 - Writes process dump files
Copyright (C) 2009-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards

Process:               ReportingServicesService.exe (11180)
CPU threshold:         n/a
Performance counter:   n/a
Commit threshold:      n/a
Threshold seconds:     n/a
Hung window check:     Disabled
Log debug strings:     Enabled
Exception monitor:     First Chance+Unhandled
Exception filter:      Display Only
Terminate monitor:     Disabled
Cloning type:          Disabled
Concurrent limit:      n/a
Avoid outage:          n/a
Number of dumps:       1
Dump folder:           C:\bin\Procdump\
Dump filename/mask:    PROCESSNAME_YYMMDD_HHMMSS


Press Ctrl-C to end monitoring without terminating the process.

CLR Version: v2.0.50727

[18:22:24] Exception: E0434F4D.System.IndexOutOfRangeException ("QC")
[18:22:26] Exception: E0434F4D.System.Net.Sockets.SocketException ("No such host is known")
[18:22:26] Exception: E0434F4D.System.Net.WebException ("The remote name could not be resolved: 'reportingutility'")
[18:22:26] Exception: E0434F4D.System.Net.WebException ("The remote name could not be resolved: 'reportingutility'")
[18:22:26] Exception: E0434F4D.System.Net.WebException ("The remote name could not be resolved: 'reportingutility'")
[18:22:26] Exception: E0434F4D.System.Net.WebException ("The remote name could not be resolved: 'reportingutility'")

 

The report was trying to call a web service from VB code, however the host name was unknown.

The problem was resolved by specifying the host name in the system hosts file.

Conclusion

ProcDump can also be used on its own to debug programs.