Does anybody know if its possible/ how to use ProcDump to obtain the dump of a windows service? The command I want to run is like this:
ProcDump -e -mp -x myservice.exe mydump.dmp
However I get the Cannot Start Service from command line or debugger message. Does anybody know if there is a way around this?
On
In case anyone is running into this, my usual is to run:
procdump.exe -ma -i C:\Dumps
This will register procdump as the Just-in-Time (AeDebug) debugger, and should create a dump for any crashing process on the system.
I've found "casting a wide net" yields a better result, compared with configuring a dump for the specific process name or PID.
On
There is another option that allows you to dump exceptions even on windows service startup. With help of "Image File Execution Options" you can configure procdump as you service debugger.
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{your service executable name. f.e. notepad.exe}" /v "Debugger" /t REG_SZ /d "{procdump path}\procdump -ma -accepteula -e 1 -t -n 10 -x {dumps output folder}" /f
Don't forget to replace curly brackets with your values. Please check the meaning of the procdump command line parameters, -ma, -e 1, -t, -n 10 here
To uninstall procdump:
reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{your service executable name. f.e. notepad.exe}" /va /f
OK After I bit of playing around I found out how to do this, the command I needed was:
Procdump -e -mp 14312 mydump.dmpwhere14312is the process id of the service, you can find this in task manager in the services tab.