ProcDump : A Linux Version of the ProcDump Sysinternals Tool

It is a Linux re-imagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows.

It provides a convenient way for Linux developers to create core dumps of their application based on performance triggers.

Also Read : LOLBAS – Living Off The Land Binaries And Scripts

Installation & Usage

Requirements

  • Minimum OS:
    • Red Hat Enterprise Linux / CentOS 7
    • Fedora 26
    • Mageia 6
    • Ubuntu 14.04 LTS
    • We are actively testing against other Linux distributions. If you have requests for specific distros, please let us know (or create a pull request with the necessary changes).
  • gdb >= 7.6.1
  • zlib (build-time only)

Install ProcDump

Via Package Manager [prefered method]

  • Add the Microsoft Product feed

curl https://packages.microsoft.com/keys/microsoft.asc | gpg –dearmor > microsoft.gpg
sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg

Register the Microsoft Product feed

Ubuntu 16.04

sudo sh -c ‘echo “deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod xenial main” > /etc/apt/sources.list.d/microsoft.list’

Ubuntu 14.04

sudo sh -c ‘echo “deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod trusty main” > /etc/apt/sources.list.d/microsoft.list’

  • Install Procdump

sudo apt-get update
sudo apt-get install procdump
Via .deb Package
Pre-Depends: dpkg(>=1.17.5)

Download .deb Package

Ubuntu 16.04

wget https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod/pool/main/p/procdump/procdump_1.0.1_amd64.deb

Ubuntu 14.04

wget https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod/pool/main/p/procdump/procdump_1.0.1_amd64.deb

Install Procdump

sudo dpkg -i procdump_1.0.1_amd64.deb
sudo apt-get -f install

Uninstall

Ubuntu 14.04+

sudo apt-get purge procdump

Usage

Usage: procdump [OPTIONS…] TARGET
OPTIONS
-C CPU threshold at which to create a dump of the process from 0 to 100 * nCPU
-c CPU threshold below which to create a dump of the process from 0 to 100 * nCPU
-M Memory commit threshold in MB at which to create a dump
-m Trigger when memory commit drops below specified MB value.
-n Number of dumps to write before exiting
-s Consecutive seconds before dump is written (default is 10)
TARGET must be exactly one of these:
-p pid of the process
-w Name of the process executable

Download


R K

Share
Published by
R K
Tags: linuxProcDumpSysinternals
6 years ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

14 hours ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

14 hours ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

14 hours ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

14 hours ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago