Article ID: 250509 - View products that this article applies to.
This article was previously published under Q250509
This article provides a brief description of how to use the Userdump.exe utility to capture the state of a process that is associated with Exchange Server. This utility can be very useful when you troubleshoot servers that have stopped responding and unresponsive processes, or when you gather thread information for a particular process. Detailed documentation (the Userdocs.doc file) accompanies the utility.
Although this article focuses primarily on how to dump the state of the information store (Store.exe), it also applies to the directory (Dsamain.exe) as well as any other user mode process.
You can install the Userdump.exe utility as part of the Microsoft Platform Software Development Kit (SDK), the Microsoft Windows Debuggers, or as a stand-alone application. You can download the Userdump.exe utility as part of the OEM Support Tools package from the following Microsoft Web site:
http://download.microsoft.com/download/win2000srv/Utility/3.0/NT45/EN-US/Oem3sr2.zipYou can install the Userdump utility by using Setup.exe, or you can also extract and manually invoke the executable file (Userdump.exe) by using the command line.
If you run Setup to install the Userdump utility, some additional features (described in detail in the Userdocs.doc that accompanies the Userdump utility) are enabled, such as the following:
Command-Line Process SnapshotIf you invoke the Userdump utility with no arguments, usage is displayed:
C:\>userdump User Mode Process Dumper (Version 1.0) Copyright (c) 1999 Microsoft Corp. All rights reserved. Usage: userdump [-p | [ProcessSpec [TargetDumpFile]] -p displays a list of running processes and their process IDs. ProcessSpec - can be a decimal or 0x-prefixed hex process ID, or the base name and extension (no path) of the image file used to create the process. TargetDumpFile - is any legal Win32 path specification. If not specified, the dump file is generated in the current directory using a name based on the image file name.
Displaying a Process List with the "userdump -p" CommandIf you specify the -p command-line parameter, as shown in the following example, a list of processes and process IDs that are currently running is displayed. If you specify -p is as the first argument, any other arguments are ignored.
In Microsoft Windows NT Server version 4.0 and Microsoft Windows 2000 Server systems, you can also display process IDs by using the Processes tab in Task Manager, which you can activate by pressing CTRL+SHIFT+ESC.
C:\>userdump -p User Mode Process Dumper (Version 1.0) Copyright (c) 1999 Microsoft Corp. All rights reserved. 0 System Idle Process 8 System 172 smss.exe 200 csrss.exe 224 winlogon.exe 252 services.exe 264 lsass.exe 452 svchost.exe 476 spoolsv.exe 712 llssrv.exe 776 locator.exe 992 MAD.EXE 1008 DSAMAIN.EXE 1188 STORE.EXE 1796 EMSMTA.EXE 2236 userdump.exe
Dumping Running ProcessesInvoke Userdump.exe at the command line with a process identifier (in decimal or 0x-prefixed hexadecimal notation) or application name and the file name of the dump file that you want to create. The application name is the name of the binary, including the base and extension but no path specification. If the process argument is a valid decimal or 0x-prefixed hexadecimal number, it is interpreted as a process ID. When you specify the process ID 1188, which is the process ID for the information store Store.exe, as shown in the example above, only that process is dumped:
If the process argument is not a valid decimal or 0x-prefixed hexadecimal number, it is interpreted as the name of an image binary. The image binary name should be the base name with no path specifiers, for example:
C:\>userdump 1188 c:\store.dmp User Mode Process Dumper (Version 1.0) Copyright (c) 1999 Microsoft Corp. All rights reserved. Dumping process 1188 (STORE.EXE) to C:\store.dmp... The process was dumped successfully.
store.exeIf you do not specify a dump file name, the dump file is placed in the current folder by using a name based on the image binary file name, as shown in the following example:
The target process is unaffected, although the process threads are frozen while the process is read by the Userdump.exe utility, and the target process continues to run unaltered after the dump is finished.
C:\MySample>userdump 1188 User Mode Process Dumper (Version 1.0) Copyright (c) 1999 Microsoft Corp. All rights reserved. Dumping process 1188 (STORE.EXE) to C:\MySample\store.dmp... The process was dumped successfully. C:\MySample>userdump store.exe User Mode Process Dumper (Version 1.0) Copyright (c) 1999 Microsoft Corp. All rights reserved. Dumping process 1188 (STORE.EXE) to C:\MySample\store.dmp... The process was dumped successfully.