Top Related Projects
LXC - Linux Containers
The systemd System and Service Manager
A Linux version of the ProcDump Sysinternals tool
Analyzes resource usage and performance characteristics of running containers.
Linux kernel source tree
Quick Overview
ProcDump-for-Linux is a command-line utility that captures process dumps of running Linux processes. It is a port of the popular Windows-based ProcDump tool from the Sysinternals suite, providing similar functionality for Linux systems. The tool is designed to help developers and system administrators diagnose and troubleshoot issues with running processes on Linux.
Pros
- Cross-Platform Compatibility: ProcDump-for-Linux provides a consistent interface and functionality across different Linux distributions, making it a versatile tool for system administrators and developers.
- Comprehensive Process Monitoring: The tool can capture process dumps based on various triggers, such as CPU usage, memory usage, and hangs, allowing for in-depth analysis of process behavior.
- Efficient Resource Utilization: ProcDump-for-Linux is designed to have a minimal impact on the running system, ensuring that the process dump capture does not significantly affect the performance of the target process or the overall system.
- Ease of Use: The command-line interface of ProcDump-for-Linux is intuitive and well-documented, making it accessible to both experienced and novice users.
Cons
- Limited Availability: As a port of a Windows-based tool, ProcDump-for-Linux may not have the same level of community support and adoption as native Linux tools.
- Dependency on Kernel Modules: The tool requires the use of kernel modules to capture process dumps, which may not be available or easily installable on all Linux distributions.
- Potential Compatibility Issues: Since the tool is a port of a Windows-based tool, there may be some compatibility issues or differences in functionality compared to the original Windows version.
- Lack of Graphical User Interface: ProcDump-for-Linux is a command-line tool, which may not be as user-friendly for some users who prefer a graphical interface.
Code Examples
N/A (This is not a code library)
Getting Started
N/A (This is not a code library)
Competitor Comparisons
LXC - Linux Containers
Pros of lxc
- lxc provides a comprehensive set of tools and libraries for managing Linux containers, making it a powerful and flexible solution for containerization.
- The project has a large and active community, with regular updates and a wealth of documentation and resources available.
- lxc supports a wide range of Linux distributions, allowing for greater flexibility in deployment.
Cons of lxc
- The learning curve for lxc can be steeper than some other container solutions, especially for users new to containerization.
- The project's focus on Linux-specific features may limit its appeal to users working in a mixed operating system environment.
- Compared to ProcDump-for-Linux, lxc does not provide the same level of low-level system monitoring and debugging capabilities.
Code Comparison
ProcDump-for-Linux:
int main(int argc, char *argv[]) {
if (argc < 2) {
fprintf(stderr, "Usage: %s <process name or PID>\n", argv[0]);
return 1;
}
int pid = atoi(argv[1]);
if (pid == 0) {
pid = get_pid_by_name(argv[1]);
}
if (pid == 0) {
fprintf(stderr, "Failed to find process: %s\n", argv[1]);
return 1;
}
// ...
}
lxc:
import lxc
# Create a new container
container = lxc.Container("mycontainer")
# Start the container
if not container.start():
print("Failed to start the container")
exit(1)
# Execute a command inside the container
exit_code, output = container.run_command(["echo", "Hello, world!"])
print(output)
# Stop the container
if not container.stop():
print("Failed to stop the container")
exit(1)
The systemd System and Service Manager
Pros of systemd
- Provides a unified and consistent system management framework, simplifying the management of complex systems.
- Offers advanced features like cgroups, socket activation, and service dependencies, improving system reliability and performance.
- Supports a wide range of hardware and software configurations, making it a versatile choice for various environments.
Cons of systemd
- Increased complexity and potential for issues, especially for users who prefer a more traditional system management approach.
- Concerns about the project's scope and the potential for vendor lock-in, as systemd becomes a central component of many Linux distributions.
- Potential compatibility issues with legacy software and scripts that may not be designed to work with the systemd ecosystem.
Code Comparison
systemd (C):
int main(int argc, char *argv[]) {
int r;
if (argc != 2) {
fprintf(stderr, "Usage: %s COMMAND\n", program_invocation_short_name);
return 1;
}
r = run_command(argv[1]);
return r;
}
ProcDump-for-Linux (C++):
int main(int argc, char* argv[]) {
if (argc < 2) {
printf("Usage: %s <process_name>\n", argv[0]);
return 1;
}
const char* processName = argv[1];
ProcDump pd;
pd.DumpProcess(processName);
return 0;
}
A Linux version of the ProcDump Sysinternals tool
Pros of ProcDump-for-Linux
- Provides a comprehensive set of features for capturing process dumps on Linux systems, similar to the Windows version.
- Supports a wide range of Linux distributions, including Ubuntu, CentOS, and RHEL.
- Offers a user-friendly command-line interface for easy integration into scripts and automation workflows.
Cons of ProcDump-for-Linux
- May have limited support for newer Linux kernel versions or distributions, as it is a relatively older project.
- Lacks some of the advanced features and customization options available in the Windows version of ProcDump.
- Documentation and community support may be less extensive compared to more popular Linux tools.
Code Comparison
ProcDump-for-Linux:
int main(int argc, char *argv[]) {
if (argc < 2) {
fprintf(stderr, "Usage: %s <pid>\n", argv[0]);
return 1;
}
int pid = atoi(argv[1]);
if (pid <= 0) {
fprintf(stderr, "Invalid PID: %s\n", argv[1]);
return 1;
}
// Capture process dump
if (capture_process_dump(pid) != 0) {
fprintf(stderr, "Failed to capture process dump\n");
return 1;
}
return 0;
}
ProcDump-for-Linux:
int capture_process_dump(int pid) {
// Open the process
FILE *proc = fopen(string_format("/proc/%d/mem", pid), "rb");
if (proc == NULL) {
fprintf(stderr, "Failed to open process %d\n", pid);
return 1;
}
// Write the process memory to a file
FILE *dump = fopen(string_format("dump_%d.dmp", pid), "wb");
if (dump == NULL) {
fprintf(stderr, "Failed to create dump file\n");
fclose(proc);
return 1;
}
// Copy the process memory
char buffer[4096];
size_t bytes_read;
while ((bytes_read = fread(buffer, 1, sizeof(buffer), proc)) > 0) {
fwrite(buffer, 1, bytes_read, dump);
}
fclose(proc);
fclose(dump);
return 0;
}
Analyzes resource usage and performance characteristics of running containers.
Pros of cadvisor
- cadvisor provides detailed container resource usage and performance metrics, which can be useful for monitoring and optimizing container-based applications.
- cadvisor is designed to be lightweight and efficient, making it suitable for deployment in production environments.
- cadvisor supports a wide range of container runtimes, including Docker, rkt, and LXC.
Cons of cadvisor
- cadvisor may not provide the same level of detailed process-level information as ProcDump-for-Linux, which is focused on process-level debugging and analysis.
- cadvisor may require additional setup and configuration to integrate with other monitoring and observability tools.
- cadvisor's focus on container-level metrics may not be as useful for troubleshooting issues at the individual process level.
Code Comparison
ProcDump-for-Linux (simplified):
int main(int argc, char *argv[]) {
if (argc < 2) {
printf("Usage: %s <process_id>\n", argv[0]);
return 1;
}
int pid = atoi(argv[1]);
// Dump process memory and other information
dump_process(pid);
return 0;
}
cadvisor (simplified):
func main() {
flag.Parse()
http.Handle("/metrics", prometheus.Handler())
http.Handle("/", http.HandlerFunc(serveRoot))
glog.Infof("Starting cAdvisor version %s on port %d", version.Info["version"], *port)
glog.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", *port), nil))
}
Linux kernel source tree
Pros of Linux
- Extensive community support and contributions, leading to a robust and feature-rich operating system.
- Highly customizable and flexible, allowing users to tailor the system to their specific needs.
- Strong focus on security and stability, making it a reliable choice for mission-critical applications.
Cons of Linux
- Steeper learning curve compared to some other operating systems, especially for new users.
- Limited support for certain proprietary software and hardware, which may be a concern for some users.
- Potential compatibility issues with some legacy applications or devices.
Code Comparison
Linux (torvalds/linux):
int main(int argc, char *argv[])
{
printf("Hello, World!\n");
return 0;
}
ProcDump-for-Linux (Sysinternals/ProcDump-for-Linux):
int main(int argc, char *argv[])
{
printf("ProcDump for Linux\n");
return 0;
}
The main difference between the two code snippets is the output message. The Linux code snippet simply prints "Hello, World!", while the ProcDump-for-Linux code snippet prints "ProcDump for Linux". Both are basic C programs that serve as entry points for their respective projects.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
ProcDump 
ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. ProcDump for Linux is part of Sysinternals.
Installation & Usage
Requirements
- Minimum OS:
- Red Hat Enterprise Linux / CentOS 7
- Fedora 29
- Ubuntu 16.04 LTS
gdb>= 7.6.1
Install ProcDump
Please see installation instructions here.
Build
Please see build instructions here.
Usage
BREAKING CHANGE With the release of ProcDump 1.3 the switches are now aligned with the Windows ProcDump version.
Capture Usage:
procdump [-n Count]
[-s Seconds]
[-c|-cl CPU_Usage]
[-m|-ml Commit_Usage1[,Commit_Usage2...]]
[-gcm [<GCGeneration>: | LOH: | POH:]Memory_Usage1[,Memory_Usage2...]]
[-gcgen Generation]
[-restrack [nodump]]
[-sr Sample_Rate]
[-tc Thread_Threshold]
[-fc FileDescriptor_Threshold]
[-sig Signal_Number1[,Signal_Number2...]]
[-e]
[-f Include_Filter,...]
[-fx Exclude_Filter]
[-mc Custom_Dump_Mask]
[-pf Polling_Frequency]
[-o]
[-log syslog|stdout]
{
{{[-w] Process_Name | [-pgid] PID} [Dump_File | Dump_Folder]}
}
Options:
-n Number of dumps to write before exiting.
-s Consecutive seconds before dump is written (default is 10).
-c CPU threshold above which to create a dump of the process.
-cl CPU threshold below which to create a dump of the process.
-m Memory commit threshold(s) (MB) above which to create dumps.
-ml Memory commit threshold(s) (MB) below which to create dumps.
-gcm [.NET] GC memory threshold(s) (MB) above which to create dumps for the specified generation or heap (default is total .NET memory usage).
-gcgen [.NET] Create dump when the garbage collection of the specified generation starts and finishes.
-restrack Enable memory leak tracking (malloc family of APIs). Use the nodump option to prevent dump generation and only produce restrack report(s).
-sr Sample rate when using -restrack.
-tc Thread count threshold above which to create a dump of the process.
-fc File descriptor count threshold above which to create a dump of the process.
-sig Comma separated list of signal number(s) during which any signal results in a dump of the process.
-e [.NET] Create dump when the process encounters an exception.
-f Filter (include) on the content of .NET exceptions (comma separated). Wildcards (*) are supported.
-fx Filter (exclude) on the content of -restrack call stacks. Wildcards (*) are supported.
-mc Custom core dump mask (in hex) indicating what memory should be included in the core dump. Please see 'man core' (/proc/[pid]/coredump_filter) for available options.
-pf Polling frequency.
-o Overwrite existing dump file.
-log Writes extended ProcDump tracing to the specified output stream (syslog or stdout).
-w Wait for the specified process to launch if it's not running.
-pgid Process ID specified refers to a process group ID.
Resource Tracking
The -restrack switch activates resource tracking, allowing for the monitoring and reporting of any resource allocations that have not been freed at the time of generating the core dump. The results are saved to a file with a '.restrack' extension. Currently, the following resource allocation/deallocation functions are tracked:
Allocation:
- malloc
- calloc
- realloc
- reallocarray
- mmap
Deallocation:
- free
- munmap
Examples
The following examples all target a process with pid == 1234
The following will create a core dump immediately.
sudo procdump 1234
The following will create 3 core dumps 10 seconds apart.
sudo procdump -n 3 1234
The following will create 3 core dumps 5 seconds apart.
sudo procdump -n 3 -s 5 1234
The following will create a core dump each time the process has CPU usage >= 65%, up to 3 times, with at least 10 seconds between each dump.
sudo procdump -c 65 -n 3 1234
The following will create a core dump each time the process has CPU usage >= 65%, up to 3 times, with at least 5 seconds between each dump.
sudo procdump -c 65 -n 3 -s 5 1234
The following will create a core dump when CPU usage is outside the range [10,65].
sudo procdump -cl 10 -c 65 1234
The following will create a core dump when CPU usage is >= 65% or memory usage is >= 100 MB.
sudo procdump -c 65 -m 100 1234
The following will create a core dump when memory usage is >= 100 MB followed by another dump when memory usage is >= 200MB.
sudo procdump -m 100,200 1234
The following will create a core dump and a memory leak report when memory usage is >= 100 MB
sudo procdump -m 100 -restrack 1234
The following will create a memory leak report (no dumps) when memory usage is >= 100 MB
sudo procdump -m 100 -restrack nodump 1234
The following will create a core dump and a memory leak report when memory usage is >= 100 MB by sampling every 10th memory allocation.
sudo procdump -m 100 -restrack -sr 10 1234
The following will create a core dump and a memory leak report when memory usage is >= 100 MB and exclude any call stacks that contain frames with the string "cache" in them
sudo procdump -m 100 -restrack -fx *cache* 1234
The following will create a core dump when the total .NET memory usage is >= 100 MB followed by another dump when memory usage is >= 200MB.
sudo procdump -gcm 100,200 1234
The following will create a core dump when .NET memory usage for generation 1 is >= 1 MB followed by another dump when memory usage is >= 2MB.
sudo procdump -gcm 1:1,2 1234
The following will create a core dump when .NET Large Object Heap memory usage is >= 100 MB followed by another dump when memory usage is >= 200MB.
sudo procdump -gcm LOH:100,200 1234
The following will create a core dump at the start and end of a .NET generation 1 garbage collection.
sudo procdump -gcgen 1
The following will create a core dump in the /tmp directory immediately.
sudo procdump 1234 /tmp
The following will create a core dump in the current directory with the name dump_0.1234. If -n is used, the files will be named dump_0.1234, dump_1.1234 and so on.
sudo procdump 1234 dump
The following will create a core dump when a SIGSEGV occurs.
sudo procdump -sig 11 1234
The following will create a core dump when a SIGSEGV occures where the core dump contains only anonymous private mappings.
sudo procdump -mc 1 -sig 11 1234
The following will create a core dump when the target .NET application throws a System.InvalidOperationException
sudo procdump -e -f System.InvalidOperationException 1234
The include filter supports partial and wildcard matching, so the following will create a core dump too for a System.InvalidOperationException
sudo procdump -e -f InvalidOperation 1234
or
sudo procdump -e -f "*Invali*Operation*" 1234
All options can also be used with
-w, to wait for any process with the given name.
The following waits for a process named my_application and creates a core dump immediately when it is found.
sudo procdump -w my_application
Current Limitations
- Currently will only run on Linux Kernels version 3.5+
- Does not have full feature parity with Windows version of ProcDump, specifically, stay alive functionality, and custom performance counters
Feedback
- Ask a question on StackOverflow (tag with ProcDumpForLinux)
- Request a new feature on GitHub
- Vote for popular feature requests
- File a bug in GitHub Issues
Contributing
If you are interested in fixing issues and contributing directly to the code base, please see the document How to Contribute, which covers the following:
- How to build and run from source
- The development workflow, including debugging and running tests
- Coding Guidelines
- Submitting pull requests
Please see also our Code of Conduct.
License
Copyright (c) Microsoft Corporation. All rights reserved.
Licensed under the MIT License.
ProcDump for Linux:
- Clones, compiles and statically links against libbpf (https://github.com/libbpf/libbpf)
- Copies symbol resolution source code from BCC (https://github.com/iovisor/bcc).
- Uses eBPF
Top Related Projects
LXC - Linux Containers
The systemd System and Service Manager
A Linux version of the ProcDump Sysinternals tool
Analyzes resource usage and performance characteristics of running containers.
Linux kernel source tree
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot