Using ProcDump to obtain the dump of a service?

Question

Does anybody know if its possible/ how to use ProcDump to obtain the dump of a windows service? The command I want to run is like this:

ProcDump -e -mp -x myservice.exe mydump.dmp

However I get the Cannot Start Service from command line or debugger message. Does anybody know if there is a way around this?

OK After I bit of playing around I found out how to do this, the command I needed was: Procdump -e -mp 14312 mydump.dmp where 14312 is the process id of the service, you can find this in task manager in the services tab. — DukeOfMarmalade, Jan 26 '12 at 10:20

Jack Casey · Answer 1 · 2020-05-22T19:59:53.193

4

In case anyone is running into this, my usual is to run:

procdump.exe -ma -i C:\Dumps

This will register procdump as the Just-in-Time (AeDebug) debugger, and should create a dump for any crashing process on the system.

I've found "casting a wide net" yields a better result, compared with configuring a dump for the specific process name or PID.

edited May 22 '20 at 19:59

answered May 22 '20 at 19:49

Jack Casey

1,628
11
18

Thanks, this catch-all solution works great. The command `procdump.exe -ma -i` is what finally helped me capture stack overflow crashes. All other commands resulted in a "Dump count not reached" message and it wouldn't dump the crash for my .NET Core 3.1 Windows Service. I was then able to load the dump in Visual Studio and when I ran the dump it immediately breakpointed on the line of code that caused the stack overflow. – Randy Burden Nov 03 '21 at 19:06

score 2 · Accepted Answer · edited Apr 27 '23 at 00:29

2

OK After I bit of playing around I found out how to do this, the command I needed was: Procdump -e -mp 14312 mydump.dmp where 14312 is the process id of the service, you can find this in task manager in the services tab.

edited Apr 27 '23 at 00:29

Akira Yamamoto

4,685
4
42
43

answered Jan 27 '12 at 11:09

DukeOfMarmalade

2,680
10
41
70

I wanted to ask the same question, but unfortunately the answer doesn't help me. The service crashes right after it starts, and calling `Procdump -e -mp 14312 mydump.dmp` is too late at this stage. Any alternatives? – Paul Oct 12 '14 at 18:32
You could write sleep in code and make the executable wait until you can attach procdump. – Mahadeva Feb 03 '15 at 05:58

score 0 · Answer 3 · answered Nov 12 '20 at 17:21

There is another option that allows you to dump exceptions even on windows service startup. With help of "Image File Execution Options" you can configure procdump as you service debugger.

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{your service executable name. f.e. notepad.exe}" /v "Debugger" /t REG_SZ /d "{procdump path}\procdump -ma -accepteula -e 1 -t -n 10 -x {dumps output folder}" /f

Don't forget to replace curly brackets with your values. Please check the meaning of the procdump command line parameters, -ma, -e 1, -t, -n 10 here

To uninstall procdump:

reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{your service executable name. f.e. notepad.exe}" /va /f

this will start procdump itself as service process, and SCM will error on timeout — OwnageIsMagic, Dec 14 '21 at 08:44

Using ProcDump to obtain the dump of a service?

3 Answers3