In one of my older posts, I have explained on how we can generate memory dumps on first chance exceptions using Debug Diag. In certain scenarios where the users do not have permissions to install tools, users have to look for alternate options. For example, in Azure App Service, the users do not have permissions to install anything on the VM.

However, Azure App Service provides the KUDU console, using which the users can use a command line utility like procdump.exe to generate memory dumps. We can also use procdump to generate memory dumps on first chance exception using the below command:

</table>

procdump.exe -accepteula -ma -e 1 -f</font> </p> </td> </tr>

where,
        -ma               Write a dump file with all process memory. The default dump format only includes
                             thread and handle information
        -accepteula   Use this switch to automatically accept the Sysinternals license agreement.

        -e                  Write a dump when the process encounters an unhandled exception. Include the 
                             1 to create dump on first chance exceptions.

       -f                  Filter the first chance exceptions. Wildcards (*) are supported. To just display
                             the names without dumping, use a blank (“”) filter

Azure App Service instances include the sysinternals suite in the default image. They can be located here via the KUDU console: D:\devtools\sysinternals The users may also download ProcDump from

here and upload it a specific location such as D:\home\Dumps and use it.

You would need to determine the process ID of the process against which procdump would be executed. You can determine that by navigating to the Process explorer in the KUDU console as shown below: (Note the PID of the w3wp process without the SCM tag)

image

Here is an example:

D:\home\Dumps>procdump.exe -accepteula -ma -e 1 -f “System.UnauthorizedAccessException” 7808

ProcDump v8.2 – Sysinternals process dump utility
Copyright (C) 2009-2016 Mark Russinovich and Andrew Richards
Sysinternals –
www.sysinternals.com

Process:               w3wp.exe (7808)
Process image:         D:\Windows\SysWOW64\inetsrv\w3wp.exe
CPU threshold:         n/a
Performance counter:   n/a
Commit threshold:      n/a
Threshold seconds:     n/a
Hung window check:     Disabled
Log debug strings:     Disabled
Exception monitor:     First Chance+Unhandled
Exception filter:      [Includes]
                       *System.UnauthorizedAccessException*
                       [Excludes]
Terminate monitor:     Disabled
Cloning type:          Disabled
Concurrent limit:      n/a
Avoid outage:          n/a
Number of dumps:       1
Dump folder:           D:\home\Dumps\
Dump filename/mask:    PROCESSNAME_YYMMDD_HHMMSS
Queue to WER:          Disabled
Kill after dump:       Disabled

Press Ctrl-C to end monitoring without terminating the process.
CLR Version: v4.0.30319
[10:02:46] Exception: E0434F4D.System.Exception (“There was a problem processing this request”)
[10:02:47] Exception: E0434F4D.System.UnauthorizedAccessException (“Access is denied.”)
[10:02:47] Dump 1 initiated: D:\home\Dumps\w3wp.exe_170426_100247.dmp
[10:02:52] Dump 1 writing: Estimated dump file size is 306 MB.
[10:03:16] Dump 1 complete: 306 MB written in 29.8 seconds
[10:03:17] Dump count reached

HTH!Smile