{"id":13865307,"url":"https://github.com/microsoft/ProcDump-for-Linux","last_synced_at":"2025-07-15T00:32:32.071Z","repository":{"id":38331673,"uuid":"110297133","full_name":"Sysinternals/ProcDump-for-Linux","owner":"Sysinternals","description":"A Linux version of the ProcDump Sysinternals tool","archived":false,"fork":false,"pushed_at":"2024-05-31T11:00:40.000Z","size":7427,"stargazers_count":2943,"open_issues_count":22,"forks_count":304,"subscribers_count":107,"default_branch":"master","last_synced_at":"2024-10-29T15:34:13.258Z","etag":null,"topics":["cli","debugging-tool","sysinternals"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sysinternals.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-10T22:07:20.000Z","updated_at":"2024-10-29T03:02:25.000Z","dependencies_parsed_at":"2023-02-15T18:16:02.631Z","dependency_job_id":"f924224d-086b-41df-adf6-c584df2ee7c9","html_url":"https://github.com/Sysinternals/ProcDump-for-Linux","commit_stats":{"total_commits":119,"total_committers":24,"mean_commits":4.958333333333333,"dds":"0.46218487394957986","last_synced_commit":"544a4bcc200251a6801122614a51eb0e4323fb0b"},"previous_names":["microsoft/procdump-for-linux"],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sysinternals%2FProcDump-for-Linux","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sysinternals%2FProcDump-for-Linux/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sysinternals%2FProcDump-for-Linux/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sysinternals%2FProcDump-for-Linux/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sysinternals","download_url":"https://codeload.github.com/Sysinternals/ProcDump-for-Linux/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226007410,"owners_count":17558835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","debugging-tool","sysinternals"],"created_at":"2024-08-05T11:00:38.586Z","updated_at":"2025-07-15T00:32:32.062Z","avatar_url":"https://github.com/Sysinternals.png","language":"C","readme":"# ProcDump [![Build Status](https://dev.azure.com/sysinternals/Tools/_apis/build/status/Sysinternals.ProcDump-for-Linux?branchName=master)](https://dev.azure.com/sysinternals/Tools/_build/latest?definitionId=341\u0026branchName=master)\nProcDump is a Linux and Mac reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows.  ProcDump provides a convenient way for Linux and Mac developers to create core dumps of their application based on performance triggers. ProcDump for Linux and Mac is part of [Sysinternals](https://sysinternals.com).\n\n![ProcDump in use](procdump.gif \"Procdump in use\")\n\n# Installation \u0026 Usage\n\n## Requirements\n* Minimum Linux OS:\n  * Red Hat Enterprise Linux / CentOS 7\n  * Fedora 29\n  * Ubuntu 16.04 LTS\n  * `gdb` \u003e= 7.6.1\n* Minimum Mac OS: Sierra\n \n## Install ProcDump\nPlease see installation instructions [here](INSTALL.md).\n\n## Build\nPlease see build instructions [here](BUILD.md).\n\n## Usage\n**BREAKING CHANGE** With the release of ProcDump 1.3 the switches are now aligned with the Windows ProcDump version.\nPlease note that the [Mac](https://github.com/microsoft/ProcDump-for-Mac) version currently has a limited set of triggers.\n```\nCapture Usage:\n   procdump [-n Count]\n            [-s Seconds]\n            [-c|-cl CPU_Usage]\n            [-m|-ml Commit_Usage1[,Commit_Usage2...]]\n            [-gcm [\u003cGCGeneration\u003e: | LOH: | POH:]Memory_Usage1[,Memory_Usage2...]]\n            [-gcgen Generation]\n            [-restrack [nodump]]\n            [-sr Sample_Rate]\n            [-tc Thread_Threshold]\n            [-fc FileDescriptor_Threshold]\n            [-sig Signal_Number1[,Signal_Number2...]]\n            [-e]\n            [-f Include_Filter,...]\n            [-fx Exclude_Filter]\n            [-mc Custom_Dump_Mask]\n            [-pf Polling_Frequency]\n            [-o]\n            [-log syslog|stdout]\n            {\n             {{[-w] Process_Name | [-pgid] PID} [Dump_File | Dump_Folder]}\n            }\n\nOptions:\n   -n      Number of dumps to write before exiting.\n   -s      Consecutive seconds before dump is written (default is 10).\n   -c      CPU threshold above which to create a dump of the process.\n   -cl     CPU threshold below which to create a dump of the process.\n   -m      Memory commit threshold(s) (MB) above which to create dumps.\n   -ml     Memory commit threshold(s) (MB) below which to create dumps.\n   -gcm    [.NET] GC memory threshold(s) (MB) above which to create dumps for the specified generation or heap (default is total .NET memory usage).\n   -gcgen  [.NET] Create dump when the garbage collection of the specified generation starts and finishes.\n   -restrack Enable memory leak tracking (malloc family of APIs). Use the nodump option to prevent dump generation and only produce restrack report(s).\n   -sr     Sample rate when using -restrack.\n   -tc     Thread count threshold above which to create a dump of the process.\n   -fc     File descriptor count threshold above which to create a dump of the process.\n   -sig    Comma separated list of signal number(s) during which any signal results in a dump of the process.\n   -e      [.NET] Create dump when the process encounters an exception.\n   -f      Filter (include) on the content of .NET exceptions (comma separated). Wildcards (*) are supported.\n   -fx     Filter (exclude) on the content of -restrack call stacks. Wildcards (*) are supported.\n   -mc     Custom core dump mask (in hex) indicating what memory should be included in the core dump. Please see 'man core' (/proc/[pid]/coredump_filter) for available options.\n   -pf     Polling frequency.\n   -o      Overwrite existing dump file.\n   -log    Writes extended ProcDump tracing to the specified output stream (syslog or stdout).\n   -w      Wait for the specified process to launch if it's not running.\n   -pgid   Process ID specified refers to a process group ID.\n```\n### Resource Tracking\nThe -restrack switch activates resource tracking, allowing for the monitoring and reporting of any resource allocations that have not been freed at the time of generating the core dump. The results are saved to a file with a '.restrack' extension. Currently, the following resource allocation/deallocation functions are tracked:\n\nAllocation:\n* malloc\n* calloc\n* realloc\n* reallocarray\n* mmap\n\nDeallocation:\n* free\n* munmap\n\nThe Mac version does not currently implement resource tracking.\n\n### Examples\n\u003e The following examples all target a process with pid == 1234\n\nThe following will create a core dump immediately.\n```\nsudo procdump 1234\n```\nThe following will create 3 core dumps 10 seconds apart.\n```\nsudo procdump -n 3 1234\n```\nThe following will create 3 core dumps 5 seconds apart.\n```\nsudo procdump -n 3 -s 5 1234\n```\nThe following will create a core dump each time the process has CPU usage \u003e= 65%, up to 3 times, with at least 10 seconds between each dump.\n```\nsudo procdump -c 65 -n 3 1234\n```\nThe following will create a core dump each time the process has CPU usage \u003e= 65%, up to 3 times, with at least 5 seconds between each dump.\n```\nsudo procdump -c 65 -n 3 -s 5 1234\n```\nThe following will create a core dump when CPU usage is outside the range [10,65].\n```\nsudo procdump -cl 10 -c 65 1234\n```\nThe following will create a core dump when CPU usage is \u003e= 65% or memory usage is \u003e= 100 MB.\n```\nsudo procdump -c 65 -m 100 1234\n```\nThe following will create a core dump when memory usage is \u003e= 100 MB followed by another dump when memory usage is \u003e= 200MB.\n```\nsudo procdump -m 100,200 1234\n```\nThe following will create a core dump and a memory leak report when memory usage is \u003e= 100 MB\n```\nsudo procdump -m 100 -restrack 1234\n```\nThe following will create a memory leak report (no dumps) when memory usage is \u003e= 100 MB\n```\nsudo procdump -m 100 -restrack nodump 1234\n```\nThe following will create a core dump and a memory leak report when memory usage is \u003e= 100 MB by sampling every 10th memory allocation.\n```\nsudo procdump -m 100 -restrack -sr 10 1234\n```\nThe following will create a core dump and a memory leak report when memory usage is \u003e= 100 MB and exclude any call stacks that contain frames with the string \"cache\" in them\n```\nsudo procdump -m 100 -restrack -fx *cache* 1234\n```\nThe following will create a core dump when the total .NET memory usage is \u003e= 100 MB followed by another dump when memory usage is \u003e= 200MB.\n```\nsudo procdump -gcm 100,200 1234\n```\nThe following will create a core dump when .NET memory usage for generation 1 is \u003e= 1 MB followed by another dump when memory usage is \u003e= 2MB.\n```\nsudo procdump -gcm 1:1,2 1234\n```\nThe following will create a core dump when .NET Large Object Heap memory usage is \u003e= 100 MB followed by another dump when memory usage is \u003e= 200MB.\n```\nsudo procdump -gcm LOH:100,200 1234\n```\nThe following will create a core dump at the start and end of a .NET generation 1 garbage collection.\n```\nsudo procdump -gcgen 1\n```\nThe following will create a core dump in the `/tmp` directory immediately.\n```\nsudo procdump 1234 /tmp\n```\nThe following will create a core dump in the current directory with the name dump_0.1234. If -n is used, the files will be named dump_0.1234, dump_1.1234 and so on.\n```\nsudo procdump 1234 dump\n```\nThe following will create a core dump when a SIGSEGV occurs.\n```\nsudo procdump -sig 11 1234\n```\nThe following will create a core dump when a SIGSEGV occures where the core dump contains only anonymous private mappings.\n```\nsudo procdump -mc 1 -sig 11 1234\n```\nThe following will create a core dump when the target .NET application throws a System.InvalidOperationException\n```\nsudo procdump -e -f System.InvalidOperationException 1234\n```\nThe include filter supports partial and wildcard matching, so the following will create a core dump too for a System.InvalidOperationException\n```\nsudo procdump -e -f InvalidOperation 1234\n```\nor\n```\nsudo procdump -e -f \"*Invali*Operation*\" 1234\n```\n\u003e All options can also be used with `-w`, to wait for any process with the given name.\n\nThe following waits for a process named `my_application` and creates a core dump immediately when it is found.\n```\nsudo procdump -w my_application\n```\n\n## Current Limitations\n* Currently will only run on Linux Kernels version 3.5+ or macOS Sierra+. \n* Does not have full feature parity with Windows version of ProcDump, specifically, stay alive functionality, and custom performance counters\n\n# Feedback\n* Ask a question on StackOverflow (tag with ProcDumpForLinux)\n* Request a new feature on GitHub\n* Vote for popular feature requests\n* File a bug in GitHub Issues\n\n# Contributing\nIf you are interested in fixing issues and contributing directly to the code base, please see the [document How to Contribute](CONTRIBUTING.md), which covers the following:\n* How to build and run from source\n* The development workflow, including debugging and running tests\n* Coding Guidelines\n* Submitting pull requests\n\nPlease see also our [Code of Conduct](CODE_OF_CONDUCT.md).\n\n\n# License\nCopyright (c) Microsoft Corporation. All rights reserved.\n\nLicensed under the MIT License.\n\nProcDump for Linux:\n\n* Clones, compiles and statically links against libbpf (https://github.com/libbpf/libbpf)\n* Copies symbol resolution source code from BCC (https://github.com/iovisor/bcc).\n* Uses eBPF\n","funding_links":[],"categories":["C","Mobile"],"sub_categories":["Linux/ *Nix"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2FProcDump-for-Linux","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicrosoft%2FProcDump-for-Linux","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2FProcDump-for-Linux/lists"}