You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > 120: Getting Started with PolicyPak (Misc) > Knowledge Base > 04: Troubleshooting (General) > 06: How do I submit a process dump (PROCDUMP) and Process Monitor (PROCMON) capture of a hanging process?
06: How do I submit a process dump (PROCDUMP) and Process Monitor (PROCMON) capture of a hanging process?
print icon

Get the following tools handy:

Tip: You can pre-watch this video on PROCMON here: https://kb.policypak.com/kb/article/507-03-process-monitor-101/

  1. Start Procmon. Let it run. It will start to generate a file.
  2. Perform the problem / make the process hang. Make sure it hangs… then…
  3. Then, while it’s hung..

    1. Run Process explorer to find the process. You want to find the PID of the process with a problem. An example of a hung process can be seen here, with PID 1072.

      Processes should be easy to find if they are hanging.

      NOTE that processes in RED doesn’t mean BAD: It just means processes are EXITING successfully.

    2. Note the process name and/or PID.
    3. Next get a procDUMP.. : procdump -ma 1072 ought to do it (recommended). OR.. procdump “PPGPCR auditor.exe” for a process by name.

      WARNING: If you use the process name for the dump .. Just make sure in Process Explorer, that there are NO OTHER SAME NAMED tasks or Procdump will not dump them all. And be sure to dump the RIGHT process.. hence.. also making sure you got the PID.) The PID is a better bet.

  4. When the DUMP is done.. Now you can Stop procMON. (File | uncheck CAPTURE EVENTS.)
  5. Save the PROCMON file as the PML file with all details.
  6. ZIP the PROCdump and PROCmon outputs as SRX12345-DUMPS.ZIP (your SRX number, not 12345).
  7. Upload via SHAREFILE.. do NOT attach to your ticket. This will continue our analysis.
Feedback
0 out of 0 found this helpful

scroll to top icon