Overview
This article explains how to collect a memory/process dump for a specific application or service running on a Windows system. This is particularly helpful for troubleshooting issues such as:
High memory or CPU usage by a process
Application hang or crash
Unresponsive services
The primary audience for this article includes Technical Support Engineers, System Administrators, and Developers who require detailed diagnostics for running processes on Windows systems.
Error Scenarios and Causes
Symptom: Application is not responding, or consuming high memory/CPU
Cause:
Memory leak or unhandled exception
Infinite loop or deadlock
External resource bottleneck (e.g., disk, network)
Procedures Covered in This Article
Capture Process Dump using Task Manager
Capture Process Dump using Procdump Utility (Sysinternals)
A. Capture Process Dump using Task Manager
Prerequisites
Administrator rights on the Windows system
Target process must be running
Procedure
1. Press Ctrl + Shift + Esc to open the Task Manager.
2. Go to the Details tab.
3. Locate the target process (e.g., java.exe, app.exe, etc.).
4. Right-click on the process and choose Create dump file.
5. A prompt will confirm dump creation and show the location (typically: %LocalAppData%\Temp\processname.DMP).
6. Navigate to the path and copy the file to a secure location for further analysis.
B. Capture Process Dump using Procdump Utility (Sysinternals)
Prerequisites
Administrator rights
Download and extract Procdump
Procedure
Open Command Prompt as Administrator.
Navigate to the folder containing procdump.exe.
Use one of the following commands based on your requirement:
To capture a full memory dump:
procdump -ma <ProcessName or PID> C:\Dumps\process.dmp
-ma: Full memory dump
No trigger condition, runs immediately
To capture on high CPU usage (>80%) sustained for 10 seconds:
procdump -ma -c 80 -s 10 <ProcessName> C:\Dumps\highcpu.dmp
-ma: Full dump
-c 80: Trigger if CPU usage > 80%
-s 10: For at least 10 seconds continuously
·To capture when process crashes:
procdump -e -ma <ProcessName> C:\Dumps\crashdump.dmp
-e: Monitor for unhandled exceptions (crashes)
-ma: Full dump when a crash is detected
Tip: You can find the process ID using:
tasklist | findstr <process-name>
Shows running processes and their PIDs so you can use them with procdump.