Running procdump in the background

Or how I got procdump to stay running when I log off.

Microsoft has a tool called procdump which will watch a process and write a dump file when certain conditions are met. The tool is thoroughly configurable, with details and examples at the Sysinternals page for the tool.

The one feature it is missing is the ability to run in the background. This is a problem, if you get kicked off a server, the process will exit and you will not get the dump of the elusive process. The solution is another Sysinternals tool: psexec.

I have a funny relationship with psexec. In most cases I feel it is absolutely the wrong tool for the job. Most Windows tools let you run a command against a remote machine, as long as you have credentials which will allow it. In this case though, it’s the ability to specify a console session and detach that I needed. The command is:

psexec -u USERNAME -p PASSWORD -i 0 -d c:\dump\procdump.exe -ma -c 80 wspsrv.exe

I’m telling psexec to run in session 0, which on Windows Server 2008 is reserved for services. Now I can log off the server and have my process keep running. The -d parameter tells psexec to detach (or not wait for the process to finish). A quick explanation of my procdump parameters, I’m going to write a full dump if the CPU usage of wspsrv.exe passes 80%.

ProcDump from psexec

Using psexec to run prodump in session 0

When PXExec completes, you see procdump running as part of services.

When PXExec completes, you see procdump running as part of services.

Session 0 is an interesting thing. In server 2003 session 0 is the console session, so anyone who logs on the “physical” machine will be in that console. With server 2008 and up, the console session is session 1, and session 0 is reserved for services. This reduces the likelihood that someone will kill the process you needed to keep running.

Remote desktop sessions. Notice services runs in ID 0.

Remote desktop sessions. Notice services runs in ID 0.

Advertisements

About robertlabrie
DevOps Engineer at The Network Inc in metro Atlanta. Too many interests to list here, check out my posts, or look me up on LinkedIn

5 Responses to Running procdump in the background

  1. Gary Walvin says:

    Exactly what I was looking for. Thanks.

  2. Anand says:

    Hello Robert,

    I was able to run procdump, and it runs even at session logoff, but can you provide an option to be enabled at server startup.

    Thank you, Anand

    • robertlabrie says:

      Hi Anand,

      There really isn’t a good way. You can configure procdump to run as a service, or use a GPO to apply a startup script to the computer. Local policies will let you do that without using a GPO.

  3. joondez@gmail.com says:

    Your screenshot doesn’t show how to pass along parameters to procdump.exe. Do you just put quotations and pass it along as normal?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: